Fake Antivirus Pop-Ups,Browser Redirected [Archive]

View Full Version : Fake Antivirus Pop-Ups,Browser Redirected

ru4real

2011-01-16, 03:07

When searching in Google, I get redirected to sites I don't want to go to and keep getting pop-ups telling me I have a virus. Here are my logs......

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Johnson at 19:55:31.99 on Sat 01/15/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6109.4354 [GMT -6:00]

AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\qZone Games Player\GPlayer.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtblfs.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Oberon Media\Parts\1.0.0.14\OberonParts.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Johnson\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Users\Johnson\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.12.6.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: GamesBarBHO Class: {cb0d163c-e9f4-4236-9496-0597e24b23a5} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: GamesBar: {6f282b65-56bf-4bd1-a8b2-a4449a05863d} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Exetender] "C:\Program Files (x86)\qZone Games Player\GPlayer.exe" /runonstartup
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
dRun: [Exetender] "C:\Program Files (x86)\qZone Games Player\GPlayer.exe" /runonstartup
uPolicies-explorer: DisallowRun = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.12.6.dll/206
IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/tumblebugs/sis/axhost.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll, C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
IFEO: image file execution options - svchost.exe
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll,C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll
IFEO-X64: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\c1gyfajt.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://start.pogo.iplay.com/?o=shp
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - component: C:\Users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\c1gyfajt.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\c1gyfajt.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: iWinGames Plugin: {98e34367-8df7-42b4-837b-20b892ff0849} - C:\ProgramData\iWin Games\firefox
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Tab Progress Bar: tabprogressbar@studio17.wordpress.com - %profile%\extensions\tabprogressbar@studio17.wordpress.com
FF - Ext: Favicon Picker 3: {446c03e0-2c35-11db-a98b-0800200c9a67} - %profile%\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Zoom Page: zoompage@DW-dev - %profile%\extensions\zoompage@DW-dev
FF - Ext: Oberon Game Host: OberonGameHost@OberonGames.com - %profile%\extensions\OberonGameHost@OberonGames.com
FF - Ext: Oberon Game Host: OberonGameHost@OberonGames.com - %profile%\extensions\OberonGameHost@OberonGames.com
FF - Ext: Oberon GamesBar: gamesbar@oberon-media.com - %profile%\extensions\gamesbar@oberon-media.com
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: NCH EN Community Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - %profile%\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

============= SERVICES / DRIVERS ===============

R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-7-1 352976]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 X5XSEx_Pr179;X5XSEx_Pr179;C:\Program Files (x86)\qZone Games Player\X5XSEx.sys [2011-1-8 55328]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2009-8-27 287960]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-8-27 138752]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HPHNDUSVC;HP Home Network Diagnostic Support Service;C:\Windows\system32\svchost.exe -k HPHNDUService [2009-7-13 27136]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr28ux.sys [2009-5-25 966144]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-30 1255736]
S4 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-20 135664]
S4 iWinTrusted;iWinTrusted;C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2010-9-27 176408]
S4 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]
S4 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-27 240160]

=============== Created Last 30 ================

2011-01-14 08:19:05 -------- d-----w- C:\Users\Johnson\AppData\Roaming\Malwarebytes
2011-01-14 08:18:57 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-14 08:18:57 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-14 08:18:53 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-01-14 08:18:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-13 07:10:17 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-01-13 07:10:17 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-01-13 07:10:17 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-01-13 07:10:17 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-01-13 07:10:17 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-01-13 07:10:12 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-01-13 07:10:11 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-01-10 07:17:40 -------- d-----w- C:\Users\Johnson\AppData\Roaming\Bitstream
2011-01-08 10:35:34 -------- d-----w- C:\PROGRA~3\qZone Games Player
2011-01-08 10:35:27 -------- d-----w- C:\Remote Programs
2011-01-08 10:35:27 -------- d-----w- C:\Program Files (x86)\qZone Games (Purchase)
2011-01-08 10:35:23 -------- d-----w- C:\Program Files (x86)\qZone Games Player
2011-01-08 01:04:01 109240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
2011-01-08 01:03:57 150200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-01-08 01:02:57 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2011-01-07 21:56:57 -------- d-----w- C:\PROGRA~3\Kaspersky Lab
2011-01-07 21:34:54 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files
2011-01-07 10:27:05 -------- d-sh--w- C:\PROGRA~3\PIDFITS
2011-01-07 10:26:23 -------- d-sh--w- C:\PROGRA~3\da3680
2011-01-05 00:36:37 -------- d-----w- C:\PROGRA~3\Corel
2011-01-05 00:26:40 -------- d-----w- C:\Windows\pss
2011-01-04 08:31:42 -------- d-----w- C:\Program Files (x86)\Common Files\Corel
2011-01-04 07:47:34 -------- d-----w- C:\Program Files\Web Publish
2011-01-04 07:19:33 -------- d-----w- C:\Program Files (x86)\Corel
2010-12-28 02:03:25 -------- d-----w- C:\Users\Johnson\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}
2010-12-28 02:02:56 -------- d-----w- C:\PROGRA~3\Virtualized Applications
2010-12-26 06:49:50 -------- d-----w- C:\Downloads
2010-12-26 06:49:39 -------- d-----w- C:\Users\Johnson\AppData\Roaming\BitComet
2010-12-26 06:49:38 -------- d-----w- C:\Program Files (x86)\BitComet
2010-12-26 06:46:41 -------- d-----w- C:\Users\Johnson\AppData\Roaming\BitTorrent
2010-12-24 09:07:11 -------- d-----w- C:\Users\Johnson\AppData\Roaming\Pogo Games
2010-12-24 02:20:41 -------- d-----w- C:\Users\Johnson\AppData\Roaming\Arkadium
2010-12-24 02:18:17 -------- d-----w- C:\Program Files (x86)\GamesBar
2010-12-24 02:18:16 -------- d-----w- C:\Program Files (x86)\Common Files\Oberon Media
2010-12-20 06:52:29 -------- d-----w- C:\PROGRA~3\magicJack
2010-12-19 10:48:23 -------- d-----w- C:\Program Files\iTunes
2010-12-19 10:48:23 -------- d-----w- C:\Program Files\iPod
2010-12-19 10:28:46 -------- d-----w- C:\Program Files\Bonjour
2010-12-19 10:04:36 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2010-12-18 17:55:29 -------- d-----w- C:\Program Files (x86)\PopCap Games
2010-12-18 17:55:29 -------- d-----w- C:\PROGRA~3\PopCap Games
2010-12-17 09:50:57 -------- d-----w- C:\PROGRA~3\regid.1986-12.com.adobe
2010-12-17 09:49:05 -------- d-----w- C:\PROGRA~3\ALM
2010-12-17 09:36:49 -------- d-----w- C:\set up ill

==================== Find3M ====================

2010-11-29 23:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:21:51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2010-11-02 05:18:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2010-11-02 05:18:59 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
2010-11-02 05:18:58 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:12:53 1133568 ----a-w- C:\Windows\System32\FntCache.dll
2010-11-02 05:12:25 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2010-11-02 05:12:08 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2010-11-02 05:12:07 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2010-11-02 05:12:06 902656 ----a-w- C:\Windows\System32\d2d1.dll
2010-11-02 05:12:06 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:59:08 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-11-02 04:41:36 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:35:51 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-11-02 02:50:58 258048 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll

============= FINISH: 19:57:59.88 ===============

ken545

2011-01-18, 00:00

:snwelcome:

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

ru4real

2011-01-18, 02:48

Here are the logs you requested --

OTL logfile created on: 1/17/2011 7:30:28 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Johnson\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 34.00% Memory free
12.00 Gb Paging File | 8.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 803.16 Gb Free Space | 87.64% Space Free | Partition Type: NTFS

Computer Name: JOHNSON-PC | User Name: Johnson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Johnson\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Common Files\Oberon Media\Parts\1.0.0.14\OberonParts.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\qZone Games Player\GPlayer.exe (Exent Technologies Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe (Hewlett-Packard Development Co. L.P.)

========== Modules (SafeList) ==========

MOD - C:\Users\Johnson\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (iWinTrusted) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)

========== Driver Services (SafeList) ==========

DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (X5XSEx_Pr179) -- C:\Program Files (x86)\qZone Games Player\X5XSEx.sys (Exent Technologies Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://start.pogo.iplay.com/?o=shp"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: tabprogressbar@studio17.wordpress.com:0.6
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: zoompage@DW-dev:1.9
FF - prefs.js..extensions.enabledItems: OberonGameHost@OberonGames.com:1.0.5.1462
FF - prefs.js..extensions.enabledItems: gamesbar@oberon-media.com:1.1.0.66
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {37483b40-c254-4a72-bda4-22ee90182c1e}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.25
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/12 01:39:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2010/11/12 21:57:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/26 00:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/26 00:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2011/01/07 19:03:19 | 000,000,000 | ---D | M]

[2010/11/08 18:59:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Extensions
[2010/04/03 23:45:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/01/16 21:40:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions
[2010/12/13 01:55:54 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/12/26 00:49:40 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/12/11 21:16:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\engine@conduit.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\foxmarks@kei.com
[2010/12/13 01:55:54 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\gamesbar@oberon-media.com
[2010/12/16 22:09:20 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\LogMeInClient@logmein.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Oberon Game Host) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\OberonGameHost@OberonGames.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\personas@christopher.beard
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\tabprogressbar@studio17.wordpress.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Zoom Page) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\zoompage@DW-dev
[2010/11/23 12:16:00 | 000,000,915 | ---- | M] () -- C:\Users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\c1gyfajt.default\searchplugins\conduit.xml
[2011/01/07 19:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/10 18:17:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/07 19:04:01 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011/01/07 19:03:58 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/11/12 01:39:12 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/11/12 21:57:25 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAMDATA\IWIN GAMES\FIREFOX
[2010/08/24 03:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/23 20:18:33 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober67310016.xml
[2010/12/09 20:51:07 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober79931215.xml
[2010/12/24 03:04:53 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober91690461.xml

O1 HOSTS File: ([2011/01/07 05:34:28 | 000,002,795 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 93.174.89.10 www.google.com
O1 - Hosts: 93.174.89.10 google.com
O1 - Hosts: 93.174.89.10 google.com.au
O1 - Hosts: 93.174.89.10 www.google.com.au
O1 - Hosts: 93.174.89.10 google.be
O1 - Hosts: 93.174.89.10 www.google.be
O1 - Hosts: 93.174.89.10 google.com.br
O1 - Hosts: 93.174.89.10 www.google.com.br
O1 - Hosts: 93.174.89.10 google.ca
O1 - Hosts: 93.174.89.10 www.google.ca
O1 - Hosts: 37 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [Exetender] C:\Program Files (x86)\qZone Games Player\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://www.shockwave.com/content/tumblebugs/sis/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\J\Shell\phone\command - "" = J:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/17 19:28:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTL.exe
[2011/01/15 07:24:19 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/01/15 07:24:18 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/01/15 07:24:18 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/01/15 07:24:18 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/01/15 07:24:18 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/01/15 07:24:18 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/01/15 07:24:18 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/01/15 07:24:18 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/01/15 07:24:18 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/01/15 07:24:18 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/01/15 07:24:17 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/01/15 07:24:17 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/01/15 07:24:17 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/01/15 07:24:17 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/01/15 07:24:17 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/01/15 07:24:17 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/01/15 07:24:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/01/15 07:24:17 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/01/15 07:24:17 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/01/15 07:24:17 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/01/15 07:24:06 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/15 07:24:06 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/15 07:11:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Johnson\Desktop\TFC.exe
[2011/01/14 02:19:05 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Malwarebytes
[2011/01/14 02:18:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/14 02:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/14 02:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/14 02:18:53 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/01/14 02:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/14 02:17:42 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Johnson\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/14 01:41:08 | 000,287,240 | ---- | C] (Oberon Media, Inc.) -- C:\Users\Johnson\Desktop\bejeweled_3_89819902-setup.exe
[2011/01/13 01:09:54 | 004,134,056 | ---- | C] (Kraft Foods) -- C:\Users\Johnson\Desktop\nwmj.exe
[2011/01/10 01:17:40 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Bitstream
[2011/01/10 00:52:28 | 000,000,000 | ---D | C] -- C:\Users\Johnson\Documents\Corel User Files
[2011/01/08 04:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\qZone Games Player
[2011/01/08 04:35:27 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2011/01/08 04:35:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\qZone Games (Purchase)
[2011/01/08 04:35:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\qZone Games Player
[2011/01/07 19:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2011
[2011/01/07 19:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011/01/07 19:02:43 | 000,556,120 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/01/07 15:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/01/07 15:56:09 | 087,931,976 | ---- | C] ( ) -- C:\Users\Johnson\Desktop\setup_9.0.0.722_07.01.2011_22-36.exe
[2011/01/07 15:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/01/07 15:34:47 | 111,998,120 | ---- | C] (Kaspersky Lab) -- C:\Users\Johnson\Desktop\kis11.0.1.400_en_us.exe
[2011/01/07 04:27:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\PIDFITS
[2011/01/07 04:26:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\da3680
[2011/01/04 18:39:17 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Corel
[2011/01/04 18:37:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
[2011/01/04 18:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2011/01/04 18:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X4
[2011/01/04 18:26:40 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/01/04 02:31:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2011/01/04 01:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Web Publish
[2011/01/04 01:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2010/12/29 17:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2010/12/29 17:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010/12/29 08:49:33 | 008,582,536 | ---- | C] (Mozilla) -- C:\Users\Johnson\Desktop\Firefox Setup 3.6.13.exe
[2010/12/27 20:03:25 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}
[2010/12/27 20:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications
[2010/12/26 00:49:50 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/12/26 00:49:39 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\BitComet
[2010/12/26 00:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet
[2010/12/26 00:49:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitComet
[2010/12/26 00:46:41 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\BitTorrent
[2010/12/24 03:07:11 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Pogo Games
[2010/12/24 00:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2010/12/23 20:20:41 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Arkadium
[2010/12/23 20:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
[2010/12/23 20:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar
[2010/12/23 20:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamesBar
[2010/12/23 20:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oberon Media
[2010/12/20 00:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\magicJack
[2010/12/19 04:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2010/12/19 04:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/19 04:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/19 04:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/12/19 04:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2010/12/19 04:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/12/19 04:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2010/12/19 04:04:36 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/17 19:28:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTL.exe
[2011/01/17 18:42:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/17 18:09:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/17 18:09:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/17 12:42:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/15 19:59:51 | 000,003,942 | ---- | M] () -- C:\Users\Johnson\Desktop\Attach (2).zip
[2011/01/15 19:59:26 | 000,003,942 | ---- | M] () -- C:\Users\Johnson\Desktop\Attach.zip
[2011/01/15 19:55:12 | 000,624,128 | ---- | M] () -- C:\Users\Johnson\Desktop\dds.scr
[2011/01/15 07:33:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/15 07:33:31 | 509,456,383 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/15 07:11:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Johnson\Desktop\TFC.exe
[2011/01/14 02:18:58 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 02:18:20 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Johnson\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/14 01:41:09 | 000,287,240 | ---- | M] (Oberon Media, Inc.) -- C:\Users\Johnson\Desktop\bejeweled_3_89819902-setup.exe
[2011/01/13 21:08:06 | 000,033,280 | ---- | M] () -- C:\Users\Johnson\Desktop\PrePaidphoneservice2007.DOC
[2011/01/13 20:45:15 | 005,845,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/01/13 20:17:50 | 000,081,408 | ---- | M] () -- C:\Users\Johnson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/13 01:10:03 | 004,134,056 | ---- | M] (Kraft Foods) -- C:\Users\Johnson\Desktop\nwmj.exe
[2011/01/11 19:09:14 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\Alices Magical Mahjong.lnk
[2011/01/11 19:03:02 | 000,002,199 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.lnk
[2011/01/08 04:35:34 | 000,000,065 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2011/01/07 19:36:32 | 000,556,120 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/01/07 19:36:30 | 000,150,083 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/01/07 19:36:30 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/01/07 15:56:14 | 087,931,976 | ---- | M] ( ) -- C:\Users\Johnson\Desktop\setup_9.0.0.722_07.01.2011_22-36.exe
[2011/01/07 15:34:54 | 111,998,120 | ---- | M] (Kaspersky Lab) -- C:\Users\Johnson\Desktop\kis11.0.1.400_en_us.exe
[2011/01/07 05:34:28 | 000,002,795 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/01/02 20:55:17 | 000,037,376 | ---- | M] () -- C:\Users\Johnson\Documents\Book11 (Autosaved).xls
[2011/01/02 20:46:19 | 000,008,529 | ---- | M] () -- C:\Users\Johnson\Documents\MetLife.eps.zip
[2011/01/02 20:45:50 | 000,010,581 | ---- | M] () -- C:\Users\Johnson\Documents\New_York_Life.eps.zip
[2011/01/02 20:45:24 | 000,016,711 | ---- | M] () -- C:\Users\Johnson\Documents\State_Farm_Insurance.eps.zip
[2011/01/02 16:53:20 | 001,143,181 | ---- | M] () -- C:\Users\Johnson\Documents\Dakota Poster.ai
[2011/01/01 05:42:55 | 000,210,603 | ---- | M] () -- C:\Windows\hpoins21.dat
[2011/01/01 05:34:17 | 002,740,320 | ---- | M] () -- C:\Users\Johnson\Desktop\HPHNDU.exe
[2010/12/31 17:18:59 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2010/12/29 08:51:07 | 008,582,536 | ---- | M] (Mozilla) -- C:\Users\Johnson\Desktop\Firefox Setup 3.6.13.exe
[2010/12/27 19:56:56 | 327,118,416 | ---- | M] () -- C:\Users\Johnson\Desktop\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2010/12/26 00:49:40 | 000,001,018 | ---- | M] () -- C:\Users\Public\Desktop\BitComet.lnk
[2010/12/25 21:55:32 | 000,164,741 | ---- | M] () -- C:\Users\Johnson\Documents\dakota.ai
[2010/12/24 03:06:26 | 000,002,212 | ---- | M] () -- C:\Users\Johnson\Desktop\Mahjong Garden Deluxe.lnk
[2010/12/23 19:42:37 | 000,164,359 | ---- | M] () -- C:\Users\Johnson\Documents\dakota Child.ai
[2010/12/22 15:35:34 | 014,297,472 | ---- | M] () -- C:\Users\Johnson\Documents\c01102249.pdf
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/19 04:48:47 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/19 04:04:36 | 000,001,275 | ---- | M] () -- C:\Users\Johnson\Desktop\Revo Uninstaller.lnk
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/15 19:59:51 | 000,003,942 | ---- | C] () -- C:\Users\Johnson\Desktop\Attach (2).zip
[2011/01/15 19:59:26 | 000,003,942 | ---- | C] () -- C:\Users\Johnson\Desktop\Attach.zip
[2011/01/15 19:55:12 | 000,624,128 | ---- | C] () -- C:\Users\Johnson\Desktop\dds.scr
[2011/01/14 02:18:58 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 21:03:33 | 000,033,280 | ---- | C] () -- C:\Users\Johnson\Desktop\PrePaidphoneservice2007.DOC
[2011/01/11 19:09:14 | 000,002,119 | ---- | C] () -- C:\Users\Public\Desktop\Alices Magical Mahjong.lnk
[2011/01/11 19:03:02 | 000,002,199 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.lnk
[2011/01/08 04:35:34 | 000,007,542 | ---- | C] () -- C:\Windows\Qwest.ico
[2011/01/08 04:35:34 | 000,000,065 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/01/07 19:03:52 | 000,150,083 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/01/07 19:03:52 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/01/02 20:46:19 | 000,008,529 | ---- | C] () -- C:\Users\Johnson\Documents\MetLife.eps.zip
[2011/01/02 20:45:50 | 000,010,581 | ---- | C] () -- C:\Users\Johnson\Documents\New_York_Life.eps.zip
[2011/01/02 20:45:23 | 000,016,711 | ---- | C] () -- C:\Users\Johnson\Documents\State_Farm_Insurance.eps.zip
[2011/01/02 16:53:16 | 001,143,181 | ---- | C] () -- C:\Users\Johnson\Documents\Dakota Poster.ai
[2011/01/01 05:39:06 | 000,210,586 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2011/01/01 05:39:06 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2011/01/01 05:34:09 | 002,740,320 | ---- | C] () -- C:\Users\Johnson\Desktop\HPHNDU.exe
[2010/12/27 19:22:28 | 327,118,416 | ---- | C] () -- C:\Users\Johnson\Desktop\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2010/12/26 00:49:40 | 000,001,018 | ---- | C] () -- C:\Users\Public\Desktop\BitComet.lnk
[2010/12/24 03:06:26 | 000,002,212 | ---- | C] () -- C:\Users\Johnson\Desktop\Mahjong Garden Deluxe.lnk
[2010/12/23 18:56:30 | 000,164,359 | ---- | C] () -- C:\Users\Johnson\Documents\dakota Child.ai
[2010/12/23 18:04:33 | 000,074,240 | ---- | C] () -- C:\Users\Johnson\Desktop\keygen.exe
[2010/12/22 15:34:07 | 014,297,472 | ---- | C] () -- C:\Users\Johnson\Documents\c01102249.pdf
[2010/12/21 18:29:11 | 000,164,741 | ---- | C] () -- C:\Users\Johnson\Documents\dakota.ai
[2010/12/19 04:48:46 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/19 04:04:36 | 000,001,275 | ---- | C] () -- C:\Users\Johnson\Desktop\Revo Uninstaller.lnk
[2010/12/03 10:26:26 | 000,229,370 | ---- | C] () -- C:\Users\Johnson\AppData\Local\clear.log
[2010/11/26 03:01:12 | 000,005,108 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/12 00:01:50 | 000,003,891 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/11/10 01:14:54 | 000,000,000 | ---- | C] () -- C:\Users\Johnson\AppData\Roaming\wklnhst.dat
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/25 11:08:19 | 000,081,408 | ---- | C] () -- C:\Users\Johnson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/14 19:20:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/03/09 18:28:54 | 000,000,160 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/08/25 02:31:13 | 000,001,361 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI

========== LOP Check ==========

[2010/11/27 14:17:29 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
[2010/12/23 20:20:41 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\Arkadium
[2011/01/14 02:42:07 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\BitComet
[2011/01/10 01:17:40 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\Bitstream
[2010/12/26 00:46:41 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\BitTorrent
[2010/11/29 22:00:28 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\Boomzap
[2010/05/31 22:51:20 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\FinalMediaPlayer
[2010/11/27 18:17:43 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\MumboJumbo
[2010/12/11 21:15:27 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\NCH Swift Sound
[2010/12/23 20:18:21 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\Oberon Media
[2010/08/23 17:00:42 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\Packard Bell
[2010/12/02 20:19:42 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\PandoraRecovery
[2010/12/24 03:07:11 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\Pogo Games
[2011/01/15 07:12:02 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\SoftGrid Client
[2010/12/04 03:06:22 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\Template
[2010/05/24 11:24:44 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\Tific
[2010/11/12 23:51:49 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\TP
[2010/12/13 02:03:58 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\WildTangent
[2010/12/27 20:03:25 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}
[2010/12/31 17:18:59 | 000,000,404 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2010/04/21 23:04:14 | 000,000,294 | ---- | M] () -- C:\Windows\Tasks\Regwork.job
[2010/04/18 21:49:14 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(43).TXT
[2010/04/18 21:49:14 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(45).TXT
[2010/11/10 18:07:11 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(47).TXT
[2010/11/10 18:07:11 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(49).TXT
[2010/11/10 18:07:11 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(50).TXT
[2010/11/10 18:07:11 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(55).TXT
[2010/04/18 21:49:14 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(57).TXT
[2010/11/10 18:07:11 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:958399A2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:FF3DA68B
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5F132B4F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C5CE2DF6
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:029E021F
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:7ACDD583
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:290A724C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4EFDF5FB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D6255023
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5095D8B1
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:972E051C

< End of report >

ru4real

2011-01-18, 02:48

OTL Extras logfile created on: 1/17/2011 7:30:28 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Johnson\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 34.00% Memory free
12.00 Gb Paging File | 8.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 803.16 Gb Free Space | 87.64% Space Free | Partition Type: NTFS

Computer Name: JOHNSON-PC | User Name: Johnson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}" = CorelDRAW(R) Graphics Suite X4 - Extra Content
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11F7808F-76AD-40E0-A8D9-6445DAEA3F5D}" = The Print Shop 23
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40a87585-3dea-47d0-8aac-c7c19689b431}" = Nero 9 Essentials
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5BA1D11C-B981-4CAA-B2B5-B8ADF413EBA5}" = Pure Networks Platform
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}" = CorelDRAW Graphics Suite X4 - Extra Content
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113269180}" = Mahjong Garden Deluxe
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{860D8515-58EE-4404-9C22-56B4EC1199A1}" = hp_pbk_knb_babygirl_playful01
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CAE7CB3-B7C0-41A2-B2E3-9BD16124A091}" = EasyInfo
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A914B055-D334-43D3-A8B7-E7519E10ACDE}" = qZone Games Player
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B314244C-753A-413B-B0F1-30972D6B58A0}" = HyperLoad - Mah Jongg
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alice's Magical Mahjong" = Alice's Magical Mahjong (remove only)
"Bejeweled 2" = Bejeweled 2 (remove only)
"BitComet" = BitComet 1.25
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ExpressBurn" = Express Burn Disc Burning Software
"FinalMediaPlayer_is1" = Final Media Player 2010
"GamesBar" = GamesBar 2.0.1.73
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Photo Frame" = Gateway Photo Frame 4.2.3.10
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Gateway MyBackup
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"iWinArcade" = iWin Games (remove only)
"Jewel Quest II" = Jewel Quest II (remove only)
"Jewel Quest Mysteries 2 Trail of the Midnight Heart" = Jewel Quest Mysteries 2 Trail of the Midnight Heart (remove only)
"Jewel Quest Online Party" = Jewel Quest Online Party (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PandoraRecovery" = PandoraRecovery (Remove Only)
"Prism" = Prism Video Converter
"Revo Uninstaller" = Revo Uninstaller 1.90
"Rhapsody" = Rhapsody
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wordscape Online Party" = Wordscape Online Party (remove only)
"WT079623" = Zuma's Revenge
"WTA-00fad799-fe5e-44c6-94aa-468b3dec61ff" = Fishdom: Seasons Under the Sea
"WTA-034f4c36-09af-4489-be9d-f3a340505817" = Deer Drive
"WTA-0b176bba-62ec-4c98-89a7-16d71544dedb" = Polar Golfer Pineapple Cup
"WTA-16e8f3b8-90fd-408a-b350-69d7e2ce2ac8" = Bejeweled Twist
"WTA-1fb4af23-eb6e-4ae8-84a4-fc179861ed14" = Hoyle Enchanted Puzzles
"WTA-202049bf-d539-4da5-98d1-99746df50170" = 4 Elements
"WTA-393a93b8-5bc1-4bba-9924-a5f6b9a29af3" = A Gypsy's Tale: Tower of Secrets
"WTA-45e2a7c2-19a5-4fe1-9678-44bc7d4cfdb7" = World Mosaics 2
"WTA-4b186740-4ef2-4f43-ba55-ffde0a85dd5e" = Fishdom - Spooky Splash
"WTA-5ac90212-336e-44c2-8b0d-a6d916e74d4f" = LUXOR 5th Passage
"WTA-5fafbe07-d370-44b8-b885-39b08e85ffee" = Hunting Unlimited 2010
"WTA-79853c38-1b7a-40ab-a46c-84af6146dd80" = Hazen (R)
"WTA-9d24b586-7d2c-4747-a71d-500558737621" = Exorcist
"WTA-ae928fe4-3af6-49ba-8845-673228462388" = Dark Parables - Curse of Briar Rose
"WTA-bb1a6b26-365e-49a7-9e8e-ed3f6f17966f" = Chuzzle Deluxe
"WTA-cca5907f-c533-41e2-b0d6-da5ade39017f" = Hunting Unlimited 2008
"WTA-f396a328-3f2f-486e-a574-509ce58273ff" = Escape Whisper Valley (TM)
"WTA-f5ec34cc-2bb4-4887-b343-aaf6885af2de" = Hunting Unlimited 2011

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Liong The Lost Amulets" = Liong The Lost Amulets

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/11/2010 3:37:05 AM | Computer Name = Johnson-PC | Source = Google Update | ID = 20
Description =

Error - 10/11/2010 4:23:41 AM | Computer Name = Johnson-PC | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is not formatted
correctly. The malformed string is . The first DWORD in the Data section contains
the index value to the malformed string while the second and third DWORDs in the
Data section contain the last valid index values.

Error - 10/11/2010 4:37:05 AM | Computer Name = Johnson-PC | Source = Google Update | ID = 20
Description =

Error - 10/11/2010 4:54:36 AM | Computer Name = Johnson-PC | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is not formatted
correctly. The malformed string is . The first DWORD in the Data section contains
the index value to the malformed string while the second and third DWORDs in the
Data section contain the last valid index values.

Error - 10/11/2010 5:37:05 AM | Computer Name = Johnson-PC | Source = Google Update | ID = 20
Description =

Error - 10/11/2010 6:17:57 AM | Computer Name = Johnson-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 10/11/2010 6:37:05 AM | Computer Name = Johnson-PC | Source = Google Update | ID = 20
Description =

Error - 10/11/2010 6:32:38 PM | Computer Name = Johnson-PC | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is not formatted
correctly. The malformed string is . The first DWORD in the Data section contains
the index value to the malformed string while the second and third DWORDs in the
Data section contain the last valid index values.

Error - 10/11/2010 6:37:05 PM | Computer Name = Johnson-PC | Source = Google Update | ID = 20
Description =

Error - 10/11/2010 7:37:08 PM | Computer Name = Johnson-PC | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is not formatted
correctly. The malformed string is . The first DWORD in the Data section contains
the index value to the malformed string while the second and third DWORDs in the
Data section contain the last valid index values.

[ Media Center Events ]
Error - 5/19/2010 6:48:06 AM | Computer Name = Johnson-PC | Source = MCUpdate | ID = 0
Description = 5:48:05 AM - Error connecting to the internet. 5:48:05 AM - Unable
to contact server..

Error - 5/19/2010 3:06:39 PM | Computer Name = Johnson-PC | Source = MCUpdate | ID = 0
Description = 2:06:39 PM - Error connecting to the internet. 2:06:39 PM - Unable
to contact server..

Error - 5/19/2010 3:06:48 PM | Computer Name = Johnson-PC | Source = MCUpdate | ID = 0
Description = 2:06:44 PM - Error connecting to the internet. 2:06:44 PM - Unable
to contact server..

Error - 11/10/2010 3:45:57 PM | Computer Name = Johnson-PC | Source = MCUpdate | ID = 0
Description = 1:45:56 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 12/9/2010 3:12:30 PM | Computer Name = Johnson-PC | Source = MCUpdate | ID = 0
Description = 1:12:20 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 1/6/2011 3:44:19 PM | Computer Name = Johnson-PC | Source = MCUpdate | ID = 0
Description = 1:44:18 PM - Error connecting to the internet. 1:44:18 PM - Unable
to contact server..

Error - 1/6/2011 4:44:29 PM | Computer Name = Johnson-PC | Source = MCUpdate | ID = 0
Description = 2:44:28 PM - Error connecting to the internet. 2:44:28 PM - Unable
to contact server..

Error - 1/6/2011 5:44:41 PM | Computer Name = Johnson-PC | Source = MCUpdate | ID = 0
Description = 3:44:41 PM - Error connecting to the internet. 3:44:41 PM - Unable
to contact server..

Error - 1/6/2011 6:46:42 PM | Computer Name = Johnson-PC | Source = MCUpdate | ID = 0
Description = 4:46:41 PM - Error connecting to the internet. 4:46:41 PM - Unable
to contact server..

Error - 1/14/2011 5:39:11 PM | Computer Name = Johnson-PC | Source = MCUpdate | ID = 0
Description = 3:39:11 PM - Failed to retrieve Directory (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

[ System Events ]
Error - 1/14/2011 4:50:02 AM | Computer Name = Johnson-PC | Source = Service Control Manager | ID = 7023
Description = The HP Home Network Diagnostic Support Service service terminated
with the following error: %%126

Error - 1/14/2011 5:33:53 PM | Computer Name = Johnson-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SymIM

Error - 1/14/2011 5:35:54 PM | Computer Name = Johnson-PC | Source = Service Control Manager | ID = 7023
Description = The HP Home Network Diagnostic Support Service service terminated
with the following error: %%126

Error - 1/15/2011 9:16:30 AM | Computer Name = Johnson-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SymIM

Error - 1/15/2011 9:18:31 AM | Computer Name = Johnson-PC | Source = Service Control Manager | ID = 7023
Description = The HP Home Network Diagnostic Support Service service terminated
with the following error: %%126

Error - 1/15/2011 9:25:36 AM | Computer Name = Johnson-PC | Source = DCOM | ID = 10010
Description =

Error - 1/15/2011 9:25:41 AM | Computer Name = Johnson-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80080005: Security Update for Windows 7 for x64-based Systems (KB2419640).

Error - 1/15/2011 9:29:54 AM | Computer Name = Johnson-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SymIM

Error - 1/15/2011 9:34:02 AM | Computer Name = Johnson-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SymIM

Error - 1/15/2011 9:36:04 AM | Computer Name = Johnson-PC | Source = Service Control Manager | ID = 7023
Description = The HP Home Network Diagnostic Support Service service terminated
with the following error: %%126

< End of report >

ken545

2011-01-18, 10:37

Good Morning,

BitComet
BitTorrent
Using File Sharing programs like this is very dangerous, your downloading that file from an unknown source and a lot of those files are infected, its most likely how you infected your computer. I am going to ask you to uninstall them via Programs and Features in the Control Panel because basically if you do not you will become infected again and again and you will be wasting my time and the time of other helpers that may respond to your post.

Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, click the None button near the top (it may looked greyed out)

In the window under Custom Scans/Fixes copy and paste the following

:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.

ru4real

2011-01-19, 00:59

Hello....

This scan ran very quickly. I no sooner clicked the run scan button and the log immediately popped up. Anyway, this is what it showed:

OTL logfile created on: 1/18/2011 5:55:04 PM - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Johnson\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 32.00% Memory free
12.00 Gb Paging File | 8.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 803.17 Gb Free Space | 87.64% Space Free | Partition Type: NTFS

Computer Name: JOHNSON-PC | User Name: Johnson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< :Commands >

< [purity] >

< [emptytemp] >

< [RESETHOSTS] >

< [start explorer] >

< [Reboot] >

< End of report >

ken545

2011-01-19, 01:37

Go ahead and run a new scan with OTL and post the log please

ru4real

2011-01-19, 03:57

I am sorry but did you want me to run the custom scan again or the first scan I did? Thanks so much!!

ken545

2011-01-19, 10:25

My bad, we need to run the fix again, do it this way and click on RUN FIX, not RUN SCAN

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:Services
:Commands
[resethosts]
[purity]
[emptytemp]
[createrestorepoint]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
[/list]

ru4real

2011-01-19, 21:46

Here are my logs...

All processes killed
Error: Unable to interpret <[resethosts]> in the current context!
Error: Unable to interpret <[purity]> in the current context!
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[createrestorepoint]> in the current context!

OTL by OldTimer - Version 3.2.20.2 log created on 01192011_143512

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

And the second log.....

OTL logfile created on: 1/19/2011 2:39:26 PM - Run 3
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Johnson\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 77.00% Memory free
12.00 Gb Paging File | 11.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 802.52 Gb Free Space | 87.57% Space Free | Partition Type: NTFS

Computer Name: JOHNSON-PC | User Name: Johnson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Johnson\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\qZone Games Player\GPlayer.exe (Exent Technologies Ltd.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe (Hewlett-Packard Development Co. L.P.)

========== Modules (SafeList) ==========

MOD - C:\Users\Johnson\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (iWinTrusted) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)

========== Driver Services (SafeList) ==========

DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (X5XSEx_Pr179) -- C:\Program Files (x86)\qZone Games Player\X5XSEx.sys (Exent Technologies Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://start.pogo.iplay.com/?o=shp"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: tabprogressbar@studio17.wordpress.com:0.6
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: zoompage@DW-dev:1.9
FF - prefs.js..extensions.enabledItems: OberonGameHost@OberonGames.com:1.0.5.1462
FF - prefs.js..extensions.enabledItems: gamesbar@oberon-media.com:1.1.0.66
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {37483b40-c254-4a72-bda4-22ee90182c1e}:3.2.5.2
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/12 01:39:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2010/11/12 21:57:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/26 00:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/26 00:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2011/01/07 19:03:19 | 000,000,000 | ---D | M]

[2010/11/08 18:59:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Extensions
[2010/04/03 23:45:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/01/18 18:05:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions
[2010/12/13 01:55:54 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/01/18 17:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010/12/11 21:16:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\engine@conduit.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\foxmarks@kei.com
[2010/12/13 01:55:54 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\gamesbar@oberon-media.com
[2010/12/16 22:09:20 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\LogMeInClient@logmein.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Oberon Game Host) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\OberonGameHost@OberonGames.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\personas@christopher.beard
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\tabprogressbar@studio17.wordpress.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Zoom Page) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\zoompage@DW-dev
[2010/11/23 12:16:00 | 000,000,915 | ---- | M] () -- C:\Users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\c1gyfajt.default\searchplugins\conduit.xml
[2011/01/07 19:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/10 18:17:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/07 19:04:01 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011/01/07 19:03:58 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/11/12 01:39:12 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/11/12 21:57:25 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAMDATA\IWIN GAMES\FIREFOX
[2010/08/24 03:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/23 20:18:33 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober67310016.xml
[2010/12/09 20:51:07 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober79931215.xml
[2010/12/24 03:04:53 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober91690461.xml

O1 HOSTS File: ([2011/01/07 05:34:28 | 000,002,795 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 93.174.89.10 www.google.com
O1 - Hosts: 93.174.89.10 google.com
O1 - Hosts: 93.174.89.10 google.com.au
O1 - Hosts: 93.174.89.10 www.google.com.au
O1 - Hosts: 93.174.89.10 google.be
O1 - Hosts: 93.174.89.10 www.google.be
O1 - Hosts: 93.174.89.10 google.com.br
O1 - Hosts: 93.174.89.10 www.google.com.br
O1 - Hosts: 93.174.89.10 google.ca
O1 - Hosts: 93.174.89.10 www.google.ca
O1 - Hosts: 37 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [Exetender] C:\Program Files (x86)\qZone Games Player\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://www.shockwave.com/content/tumblebugs/sis/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\J\Shell\phone\command - "" = J:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/19 14:34:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/19 01:42:48 | 082,812,200 | ---- | C] (Apple Inc.) -- C:\Users\Johnson\Desktop\iTunes64Setup.exe
[2011/01/17 19:28:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTL.exe
[2011/01/15 07:24:19 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/01/15 07:24:18 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/01/15 07:24:18 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/01/15 07:24:18 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/01/15 07:24:18 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/01/15 07:24:18 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/01/15 07:24:18 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/01/15 07:24:18 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/01/15 07:24:18 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/01/15 07:24:18 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/01/15 07:24:17 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/01/15 07:24:17 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/01/15 07:24:17 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/01/15 07:24:17 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/01/15 07:24:17 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/01/15 07:24:17 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/01/15 07:24:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/01/15 07:24:17 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/01/15 07:24:17 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/01/15 07:24:17 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/01/15 07:24:06 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/15 07:24:06 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/15 07:11:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Johnson\Desktop\TFC.exe
[2011/01/14 02:19:05 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Malwarebytes
[2011/01/14 02:18:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/14 02:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/14 02:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/14 02:18:53 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/01/14 02:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/14 02:17:42 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Johnson\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/14 01:41:08 | 000,287,240 | ---- | C] (Oberon Media, Inc.) -- C:\Users\Johnson\Desktop\bejeweled_3_89819902-setup.exe
[2011/01/13 01:09:54 | 004,134,056 | ---- | C] (Kraft Foods) -- C:\Users\Johnson\Desktop\nwmj.exe
[2011/01/10 01:17:40 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Bitstream
[2011/01/10 00:52:28 | 000,000,000 | ---D | C] -- C:\Users\Johnson\Documents\Corel User Files
[2011/01/08 04:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\qZone Games Player
[2011/01/08 04:35:27 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2011/01/08 04:35:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\qZone Games (Purchase)
[2011/01/08 04:35:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\qZone Games Player
[2011/01/07 19:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2011
[2011/01/07 19:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011/01/07 19:02:43 | 000,556,120 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/01/07 15:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/01/07 15:56:09 | 087,931,976 | ---- | C] ( ) -- C:\Users\Johnson\Desktop\setup_9.0.0.722_07.01.2011_22-36.exe
[2011/01/07 15:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/01/07 15:34:47 | 111,998,120 | ---- | C] (Kaspersky Lab) -- C:\Users\Johnson\Desktop\kis11.0.1.400_en_us.exe
[2011/01/07 04:27:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\PIDFITS
[2011/01/07 04:26:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\da3680
[2011/01/04 18:39:17 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Corel
[2011/01/04 18:37:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
[2011/01/04 18:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2011/01/04 18:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X4
[2011/01/04 18:26:40 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/01/04 02:31:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2011/01/04 01:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Web Publish
[2011/01/04 01:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2010/12/29 17:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2010/12/29 17:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010/12/29 08:49:33 | 008,582,536 | ---- | C] (Mozilla) -- C:\Users\Johnson\Desktop\Firefox Setup 3.6.13.exe
[2010/12/27 20:03:25 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}
[2010/12/27 20:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications
[2010/12/26 00:49:50 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/12/26 00:49:39 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\BitComet
[2010/12/26 00:49:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitComet
[2010/12/26 00:46:41 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\BitTorrent
[2010/12/24 03:07:11 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Pogo Games
[2010/12/24 00:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2010/12/23 20:20:41 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Arkadium
[2010/12/23 20:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
[2010/12/23 20:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar
[2010/12/23 20:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamesBar
[2010/12/23 20:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oberon Media
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/19 14:43:46 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/19 14:43:46 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/19 14:43:10 | 000,005,108 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/19 14:42:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/19 14:36:13 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/19 14:36:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/19 14:36:00 | 509,456,383 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/19 01:52:22 | 082,812,200 | ---- | M] (Apple Inc.) -- C:\Users\Johnson\Desktop\iTunes64Setup.exe
[2011/01/17 19:28:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTL.exe
[2011/01/15 19:55:12 | 000,624,128 | ---- | M] () -- C:\Users\Johnson\Desktop\dds.scr
[2011/01/15 07:11:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Johnson\Desktop\TFC.exe
[2011/01/14 02:18:58 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 02:18:20 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Johnson\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/14 01:41:09 | 000,287,240 | ---- | M] (Oberon Media, Inc.) -- C:\Users\Johnson\Desktop\bejeweled_3_89819902-setup.exe
[2011/01/13 21:08:06 | 000,033,280 | ---- | M] () -- C:\Users\Johnson\Desktop\PrePaidphoneservice2007.DOC
[2011/01/13 20:45:15 | 005,845,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/01/13 20:17:50 | 000,081,408 | ---- | M] () -- C:\Users\Johnson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/13 01:10:03 | 004,134,056 | ---- | M] (Kraft Foods) -- C:\Users\Johnson\Desktop\nwmj.exe
[2011/01/11 19:09:14 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\Alices Magical Mahjong.lnk
[2011/01/11 19:03:02 | 000,002,199 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.lnk
[2011/01/08 04:35:34 | 000,000,065 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2011/01/07 19:36:32 | 000,556,120 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/01/07 19:36:30 | 000,150,083 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/01/07 19:36:30 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/01/07 15:56:14 | 087,931,976 | ---- | M] ( ) -- C:\Users\Johnson\Desktop\setup_9.0.0.722_07.01.2011_22-36.exe
[2011/01/07 15:34:54 | 111,998,120 | ---- | M] (Kaspersky Lab) -- C:\Users\Johnson\Desktop\kis11.0.1.400_en_us.exe
[2011/01/07 05:34:28 | 000,002,795 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/01/02 20:55:17 | 000,037,376 | ---- | M] () -- C:\Users\Johnson\Documents\Book11 (Autosaved).xls
[2011/01/02 20:46:19 | 000,008,529 | ---- | M] () -- C:\Users\Johnson\Documents\MetLife.eps.zip
[2011/01/02 20:45:50 | 000,010,581 | ---- | M] () -- C:\Users\Johnson\Documents\New_York_Life.eps.zip
[2011/01/02 20:45:24 | 000,016,711 | ---- | M] () -- C:\Users\Johnson\Documents\State_Farm_Insurance.eps.zip
[2011/01/02 16:53:20 | 001,143,181 | ---- | M] () -- C:\Users\Johnson\Documents\Dakota Poster.ai
[2011/01/01 05:42:55 | 000,210,603 | ---- | M] () -- C:\Windows\hpoins21.dat
[2011/01/01 05:34:17 | 002,740,320 | ---- | M] () -- C:\Users\Johnson\Desktop\HPHNDU.exe
[2010/12/31 17:18:59 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2010/12/29 08:51:07 | 008,582,536 | ---- | M] (Mozilla) -- C:\Users\Johnson\Desktop\Firefox Setup 3.6.13.exe
[2010/12/27 19:56:56 | 327,118,416 | ---- | M] () -- C:\Users\Johnson\Desktop\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2010/12/25 21:55:32 | 000,164,741 | ---- | M] () -- C:\Users\Johnson\Documents\dakota.ai
[2010/12/24 03:06:26 | 000,002,212 | ---- | M] () -- C:\Users\Johnson\Desktop\Mahjong Garden Deluxe.lnk
[2010/12/23 19:42:37 | 000,164,359 | ---- | M] () -- C:\Users\Johnson\Documents\dakota Child.ai
[2010/12/22 15:35:34 | 014,297,472 | ---- | M] () -- C:\Users\Johnson\Documents\c01102249.pdf
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/15 19:55:12 | 000,624,128 | ---- | C] () -- C:\Users\Johnson\Desktop\dds.scr
[2011/01/14 02:18:58 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 21:03:33 | 000,033,280 | ---- | C] () -- C:\Users\Johnson\Desktop\PrePaidphoneservice2007.DOC
[2011/01/11 19:09:14 | 000,002,119 | ---- | C] () -- C:\Users\Public\Desktop\Alices Magical Mahjong.lnk
[2011/01/11 19:03:02 | 000,002,199 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.lnk
[2011/01/08 04:35:34 | 000,007,542 | ---- | C] () -- C:\Windows\Qwest.ico
[2011/01/08 04:35:34 | 000,000,065 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/01/07 19:03:52 | 000,150,083 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/01/07 19:03:52 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/01/02 20:46:19 | 000,008,529 | ---- | C] () -- C:\Users\Johnson\Documents\MetLife.eps.zip
[2011/01/02 20:45:50 | 000,010,581 | ---- | C] () -- C:\Users\Johnson\Documents\New_York_Life.eps.zip
[2011/01/02 20:45:23 | 000,016,711 | ---- | C] () -- C:\Users\Johnson\Documents\State_Farm_Insurance.eps.zip
[2011/01/02 16:53:16 | 001,143,181 | ---- | C] () -- C:\Users\Johnson\Documents\Dakota Poster.ai
[2011/01/01 05:39:06 | 000,210,586 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2011/01/01 05:39:06 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2011/01/01 05:34:09 | 002,740,320 | ---- | C] () -- C:\Users\Johnson\Desktop\HPHNDU.exe
[2010/12/27 19:22:28 | 327,118,416 | ---- | C] () -- C:\Users\Johnson\Desktop\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2010/12/24 03:06:26 | 000,002,212 | ---- | C] () -- C:\Users\Johnson\Desktop\Mahjong Garden Deluxe.lnk
[2010/12/23 18:56:30 | 000,164,359 | ---- | C] () -- C:\Users\Johnson\Documents\dakota Child.ai
[2010/12/23 18:04:33 | 000,074,240 | ---- | C] () -- C:\Users\Johnson\Desktop\keygen.exe
[2010/12/22 15:34:07 | 014,297,472 | ---- | C] () -- C:\Users\Johnson\Documents\c01102249.pdf
[2010/12/21 18:29:11 | 000,164,741 | ---- | C] () -- C:\Users\Johnson\Documents\dakota.ai
[2010/12/03 10:26:26 | 000,229,370 | ---- | C] () -- C:\Users\Johnson\AppData\Local\clear.log
[2010/11/26 03:01:12 | 000,005,108 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/12 00:01:50 | 000,003,891 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/11/10 01:14:54 | 000,000,000 | ---- | C] () -- C:\Users\Johnson\AppData\Roaming\wklnhst.dat
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/25 11:08:19 | 000,081,408 | ---- | C] () -- C:\Users\Johnson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/14 19:20:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/03/09 18:28:54 | 000,000,160 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/08/25 02:31:13 | 000,001,361 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:958399A2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:FF3DA68B
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5F132B4F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C5CE2DF6
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:029E021F
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:7ACDD583
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:290A724C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4EFDF5FB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D6255023
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5095D8B1
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:972E051C

< End of report >

ken545

2011-01-19, 22:05

It didn't take, this way will

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_01)

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

ru4real

2011-01-20, 01:34

I ran the fix in OTL and after about a minute a window popped up saying "cannot create file c:/windows/system32/drivers/etc/Hosts". I clicked OK and nothing happened. At the bottom of OTL, under the green progress bar, it says "resetting HOSTS file. do not interrupt....." but nothing is happening. It has been that way for about 10 min.

ken545

2011-01-20, 02:17

Your hosts file is infected, has OTL fixed it yet ?

ru4real

2011-01-20, 03:08

No, it doesn't look like it. OTL stills says file is being fixed, but nothing has happened for at least an hour.

ken545

2011-01-20, 09:53

If OTL is still running than press Ctrl. Alt. Del and go to Task Manager and look for OTL and End Task

Then try this program to reset the hosts file

Download the HostsXpert 4.3 - Hosts File Manager (http://www.funkytoad.com/download/HostsXpert.zip).

Unzip HostsXpert 4.2.0.0 - Hosts File Manager to a convenient folder such as C:\HostsXpert
Click HostsXpert.exe to Run HostsXpert - Hosts File Manager from its new home
Click "Make Hosts Writable?" in the upper left corner.
Click Restore Microsoft's Hosts file and then click OK.
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

ken545

2011-01-21, 02:36

How are you coming along ?

ru4real

2011-01-21, 04:55

I downloaded the new file and tried to run it but got an error message which said "error: cannot create file c:/windows/system32/drivers/etc/hosts". I clicked the OK button and the program completely closed down.

ken545

2011-01-21, 11:46

OK, lets do this, make sure you still have HostXpert on your desktop.

Please download OTM by OldTimer (http://oldtimer.geekstogo.com/OTM.exe) and save it to your desktop.
Double click the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/OTMdesktopicon.png icon on your desktop.
Paste the following code under the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/pasteline.png area.
Do not include the word "Code".

:Processes
explorer.exe

:Services

:Reg

:Files
c:\windows\system32\drivers\etc\hosts

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Push the large http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/btnmoveit.png button.
OTM may ask to reboot the machine. Please do so if asked.
Copy/Paste the contents under the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/results.png line here in your next reply.
If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Now run HostsXpert

Restore Microsoft's Hosts file <-- You will get a message stating that there is no hosts file available do you want to create one SAY YES

ru4real

2011-01-21, 22:12

Yeah!!! Looks liked it worked. Here is the log:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File move failed. c:\windows\system32\drivers\etc\hosts scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest.Johnson-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Janice Child
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Johnson
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5760252 bytes
->Java cache emptied: 14639772 bytes
->FireFox cache emptied: 137121685 bytes
->Flash cache emptied: 1746 bytes

User: Public

User: Riley

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 146012 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2119 bytes

Total Files Cleaned = 150.00 mb

OTM by OldTimer - Version 3.1.17.2 log created on 01212011_150653

Files moved on Reboot...
File move failed. c:\windows\system32\drivers\etc\hosts scheduled to be moved on reboot.
File C:\Windows\temp\klsE127.tmp not found!

Registry entries deleted on Reboot...

ru4real

2011-01-21, 22:19

When I ran hostsXpert I got the same error as I did before...."error: cannot create file c:/windows/system32/drivers/etc/hosts".

ken545

2011-01-21, 22:53

Did you reboot your system ?

ru4real

2011-01-22, 00:21

no I don't think so.....

ru4real

2011-01-22, 00:28

I should not of answered so quickly. OTM asked for a reboot and I rebooted....but that was the only time.

ken545

2011-01-22, 01:05

Go ahead and run a new scan with OTL and post the log please

ru4real

2011-01-22, 04:25

Here is the new log.....

OTL logfile created on: 1/21/2011 9:16:10 PM - Run 5
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Johnson\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 35.00% Memory free
12.00 Gb Paging File | 8.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 802.47 Gb Free Space | 87.57% Space Free | Partition Type: NTFS

Computer Name: JOHNSON-PC | User Name: Johnson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Johnson\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Oberon Media\Parts\1.0.0.14\OberonParts.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\qZone Games Player\GPlayer.exe (Exent Technologies Ltd.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe (Hewlett-Packard Development Co. L.P.)

========== Modules (SafeList) ==========

MOD - C:\Users\Johnson\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (iWinTrusted) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)

========== Driver Services (SafeList) ==========

DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (X5XSEx_Pr179) -- C:\Program Files (x86)\qZone Games Player\X5XSEx.sys (Exent Technologies Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://start.pogo.iplay.com/?o=shp"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: tabprogressbar@studio17.wordpress.com:0.6
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: zoompage@DW-dev:1.9
FF - prefs.js..extensions.enabledItems: OberonGameHost@OberonGames.com:1.0.5.1462
FF - prefs.js..extensions.enabledItems: gamesbar@oberon-media.com:1.1.0.66
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {37483b40-c254-4a72-bda4-22ee90182c1e}:3.2.5.2
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/12 01:39:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2010/11/12 21:57:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/26 00:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/26 00:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2011/01/07 19:03:19 | 000,000,000 | ---D | M]

[2010/11/08 18:59:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Extensions
[2010/04/03 23:45:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/01/21 18:44:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions
[2010/12/13 01:55:54 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/01/18 17:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010/12/11 21:16:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\engine@conduit.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\foxmarks@kei.com
[2010/12/13 01:55:54 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\gamesbar@oberon-media.com
[2010/12/16 22:09:20 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\LogMeInClient@logmein.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Oberon Game Host) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\OberonGameHost@OberonGames.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\personas@christopher.beard
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\tabprogressbar@studio17.wordpress.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Zoom Page) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\zoompage@DW-dev
[2010/11/23 12:16:00 | 000,000,915 | ---- | M] () -- C:\Users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\c1gyfajt.default\searchplugins\conduit.xml
[2011/01/07 19:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/10 18:17:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/07 19:04:01 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011/01/07 19:03:58 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/11/12 01:39:12 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/11/12 21:57:25 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAMDATA\IWIN GAMES\FIREFOX
[2010/08/24 03:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/23 20:18:33 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober67310016.xml
[2010/12/09 20:51:07 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober79931215.xml
[2010/12/24 03:04:53 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober91690461.xml

O1 HOSTS File: ([2011/01/07 05:34:28 | 000,002,795 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 93.174.89.10 www.google.com
O1 - Hosts: 93.174.89.10 google.com
O1 - Hosts: 93.174.89.10 google.com.au
O1 - Hosts: 93.174.89.10 www.google.com.au
O1 - Hosts: 93.174.89.10 google.be
O1 - Hosts: 93.174.89.10 www.google.be
O1 - Hosts: 93.174.89.10 google.com.br
O1 - Hosts: 93.174.89.10 www.google.com.br
O1 - Hosts: 93.174.89.10 google.ca
O1 - Hosts: 93.174.89.10 www.google.ca
O1 - Hosts: 37 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [Exetender] C:\Program Files (x86)\qZone Games Player\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://www.shockwave.com/content/tumblebugs/sis/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\J\Shell\phone\command - "" = J:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/21 15:06:53 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/01/21 15:05:07 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTM.exe
[2011/01/20 21:48:32 | 000,000,000 | ---D | C] -- C:\Users\Johnson\Desktop\HostsXpert
[2011/01/20 21:44:09 | 000,000,000 | ---D | C] -- C:\HOST
[2011/01/19 14:34:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/19 01:42:48 | 082,812,200 | ---- | C] (Apple Inc.) -- C:\Users\Johnson\Desktop\iTunes64Setup.exe
[2011/01/17 19:28:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTL.exe
[2011/01/15 07:24:19 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/01/15 07:24:18 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/01/15 07:24:18 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/01/15 07:24:18 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/01/15 07:24:18 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/01/15 07:24:18 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/01/15 07:24:18 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/01/15 07:24:18 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/01/15 07:24:18 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/01/15 07:24:18 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/01/15 07:24:17 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/01/15 07:24:17 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/01/15 07:24:17 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/01/15 07:24:17 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/01/15 07:24:17 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/01/15 07:24:17 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/01/15 07:24:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/01/15 07:24:17 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/01/15 07:24:17 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/01/15 07:24:17 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/01/15 07:24:06 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/15 07:24:06 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/15 07:11:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Johnson\Desktop\TFC.exe
[2011/01/14 02:19:05 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Malwarebytes
[2011/01/14 02:18:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/14 02:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/14 02:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/14 02:18:53 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/01/14 02:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/14 02:17:42 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Johnson\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/14 01:41:08 | 000,287,240 | ---- | C] (Oberon Media, Inc.) -- C:\Users\Johnson\Desktop\bejeweled_3_89819902-setup.exe
[2011/01/13 01:09:54 | 004,134,056 | ---- | C] (Kraft Foods) -- C:\Users\Johnson\Desktop\nwmj.exe
[2011/01/10 01:17:40 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Bitstream
[2011/01/10 00:52:28 | 000,000,000 | ---D | C] -- C:\Users\Johnson\Documents\Corel User Files
[2011/01/08 04:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\qZone Games Player
[2011/01/08 04:35:27 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2011/01/08 04:35:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\qZone Games (Purchase)
[2011/01/08 04:35:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\qZone Games Player
[2011/01/07 19:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2011
[2011/01/07 19:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011/01/07 19:02:43 | 000,556,120 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/01/07 15:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/01/07 15:56:09 | 087,931,976 | ---- | C] ( ) -- C:\Users\Johnson\Desktop\setup_9.0.0.722_07.01.2011_22-36.exe
[2011/01/07 15:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/01/07 15:34:47 | 111,998,120 | ---- | C] (Kaspersky Lab) -- C:\Users\Johnson\Desktop\kis11.0.1.400_en_us.exe
[2011/01/07 04:27:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\PIDFITS
[2011/01/07 04:26:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\da3680
[2011/01/04 18:39:17 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Corel
[2011/01/04 18:37:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
[2011/01/04 18:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2011/01/04 18:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X4
[2011/01/04 18:26:40 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/01/04 02:31:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2011/01/04 01:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Web Publish
[2011/01/04 01:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2010/12/29 17:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2010/12/29 17:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010/12/29 08:49:33 | 008,582,536 | ---- | C] (Mozilla) -- C:\Users\Johnson\Desktop\Firefox Setup 3.6.13.exe
[2010/12/27 20:03:25 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}
[2010/12/27 20:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications
[2010/12/26 00:49:50 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/12/26 00:49:39 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\BitComet
[2010/12/26 00:49:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitComet
[2010/12/26 00:46:41 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\BitTorrent
[2010/12/24 03:07:11 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Pogo Games
[2010/12/24 00:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2010/12/23 20:20:41 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Arkadium
[2010/12/23 20:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
[2010/12/23 20:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar
[2010/12/23 20:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamesBar
[2010/12/23 20:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oberon Media
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/21 20:42:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/21 17:31:13 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/21 17:31:13 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/21 17:24:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/21 17:23:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/21 17:23:46 | 509,456,383 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/21 15:05:07 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTM.exe
[2011/01/20 21:48:31 | 019,973,448 | ---- | M] () -- C:\Users\Johnson\Desktop\winzip150.exe
[2011/01/20 21:43:38 | 000,353,485 | ---- | M] () -- C:\Users\Johnson\Desktop\HostsXpert.zip
[2011/01/19 23:29:22 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/19 14:43:10 | 000,005,108 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/19 01:52:22 | 082,812,200 | ---- | M] (Apple Inc.) -- C:\Users\Johnson\Desktop\iTunes64Setup.exe
[2011/01/17 19:28:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTL.exe
[2011/01/15 19:55:12 | 000,624,128 | ---- | M] () -- C:\Users\Johnson\Desktop\dds.scr
[2011/01/15 07:11:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Johnson\Desktop\TFC.exe
[2011/01/14 02:18:58 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 02:18:20 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Johnson\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/14 01:41:09 | 000,287,240 | ---- | M] (Oberon Media, Inc.) -- C:\Users\Johnson\Desktop\bejeweled_3_89819902-setup.exe
[2011/01/13 21:08:06 | 000,033,280 | ---- | M] () -- C:\Users\Johnson\Desktop\PrePaidphoneservice2007.DOC
[2011/01/13 20:45:15 | 005,845,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/01/13 20:17:50 | 000,081,408 | ---- | M] () -- C:\Users\Johnson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/13 01:10:03 | 004,134,056 | ---- | M] (Kraft Foods) -- C:\Users\Johnson\Desktop\nwmj.exe
[2011/01/11 19:03:02 | 000,002,199 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.lnk
[2011/01/08 04:35:34 | 000,000,065 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2011/01/07 19:36:32 | 000,556,120 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/01/07 19:36:30 | 000,150,083 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/01/07 19:36:30 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/01/07 15:56:14 | 087,931,976 | ---- | M] ( ) -- C:\Users\Johnson\Desktop\setup_9.0.0.722_07.01.2011_22-36.exe
[2011/01/07 15:34:54 | 111,998,120 | ---- | M] (Kaspersky Lab) -- C:\Users\Johnson\Desktop\kis11.0.1.400_en_us.exe
[2011/01/07 05:34:28 | 000,002,795 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/01/02 20:55:17 | 000,037,376 | ---- | M] () -- C:\Users\Johnson\Documents\Book11 (Autosaved).xls
[2011/01/02 20:46:19 | 000,008,529 | ---- | M] () -- C:\Users\Johnson\Documents\MetLife.eps.zip
[2011/01/02 20:45:50 | 000,010,581 | ---- | M] () -- C:\Users\Johnson\Documents\New_York_Life.eps.zip
[2011/01/02 20:45:24 | 000,016,711 | ---- | M] () -- C:\Users\Johnson\Documents\State_Farm_Insurance.eps.zip
[2011/01/02 16:53:20 | 001,143,181 | ---- | M] () -- C:\Users\Johnson\Documents\Dakota Poster.ai
[2011/01/01 05:42:55 | 000,210,603 | ---- | M] () -- C:\Windows\hpoins21.dat
[2011/01/01 05:34:17 | 002,740,320 | ---- | M] () -- C:\Users\Johnson\Desktop\HPHNDU.exe
[2010/12/31 17:18:59 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2010/12/29 08:51:07 | 008,582,536 | ---- | M] (Mozilla) -- C:\Users\Johnson\Desktop\Firefox Setup 3.6.13.exe
[2010/12/27 19:56:56 | 327,118,416 | ---- | M] () -- C:\Users\Johnson\Desktop\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2010/12/25 21:55:32 | 000,164,741 | ---- | M] () -- C:\Users\Johnson\Documents\dakota.ai
[2010/12/24 03:06:26 | 000,002,212 | ---- | M] () -- C:\Users\Johnson\Desktop\Mahjong Garden Deluxe.lnk
[2010/12/23 19:42:37 | 000,164,359 | ---- | M] () -- C:\Users\Johnson\Documents\dakota Child.ai
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/20 21:46:25 | 019,973,448 | ---- | C] () -- C:\Users\Johnson\Desktop\winzip150.exe
[2011/01/20 21:43:36 | 000,353,485 | ---- | C] () -- C:\Users\Johnson\Desktop\HostsXpert.zip
[2011/01/15 19:55:12 | 000,624,128 | ---- | C] () -- C:\Users\Johnson\Desktop\dds.scr
[2011/01/14 02:18:58 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 21:03:33 | 000,033,280 | ---- | C] () -- C:\Users\Johnson\Desktop\PrePaidphoneservice2007.DOC
[2011/01/11 19:03:02 | 000,002,199 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.lnk
[2011/01/08 04:35:34 | 000,007,542 | ---- | C] () -- C:\Windows\Qwest.ico
[2011/01/08 04:35:34 | 000,000,065 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/01/07 19:03:52 | 000,150,083 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/01/07 19:03:52 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/01/02 20:46:19 | 000,008,529 | ---- | C] () -- C:\Users\Johnson\Documents\MetLife.eps.zip
[2011/01/02 20:45:50 | 000,010,581 | ---- | C] () -- C:\Users\Johnson\Documents\New_York_Life.eps.zip
[2011/01/02 20:45:23 | 000,016,711 | ---- | C] () -- C:\Users\Johnson\Documents\State_Farm_Insurance.eps.zip
[2011/01/02 16:53:16 | 001,143,181 | ---- | C] () -- C:\Users\Johnson\Documents\Dakota Poster.ai
[2011/01/01 05:39:06 | 000,210,586 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2011/01/01 05:39:06 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2011/01/01 05:34:09 | 002,740,320 | ---- | C] () -- C:\Users\Johnson\Desktop\HPHNDU.exe
[2010/12/27 19:22:28 | 327,118,416 | ---- | C] () -- C:\Users\Johnson\Desktop\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2010/12/24 03:06:26 | 000,002,212 | ---- | C] () -- C:\Users\Johnson\Desktop\Mahjong Garden Deluxe.lnk
[2010/12/23 18:56:30 | 000,164,359 | ---- | C] () -- C:\Users\Johnson\Documents\dakota Child.ai
[2010/12/23 18:04:33 | 000,074,240 | ---- | C] () -- C:\Users\Johnson\Desktop\keygen.exe
[2010/12/03 10:26:26 | 000,229,370 | ---- | C] () -- C:\Users\Johnson\AppData\Local\clear.log
[2010/11/26 03:01:12 | 000,005,108 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/12 00:01:50 | 000,003,891 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/11/10 01:14:54 | 000,000,000 | ---- | C] () -- C:\Users\Johnson\AppData\Roaming\wklnhst.dat
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/25 11:08:19 | 000,081,408 | ---- | C] () -- C:\Users\Johnson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/14 19:20:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/03/09 18:28:54 | 000,000,160 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/08/25 02:31:13 | 000,001,361 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:958399A2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:FF3DA68B
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5F132B4F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C5CE2DF6
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:029E021F
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:7ACDD583
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:290A724C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4EFDF5FB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D6255023
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5095D8B1
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:972E051C

< End of report >

ken545

2011-01-22, 12:47

Hi, Your hosts file is still infected , what where going to remove may be just the tip of the iceburg, something on your system is preventing it from being reset, so try this. Its important that I see the log it produces so before you reboot post the log please

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:processes
killallprocesses

:OTL
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 93.174.89.10 www.google.com
O1 - Hosts: 93.174.89.10 google.com
O1 - Hosts: 93.174.89.10 google.com.au
O1 - Hosts: 93.174.89.10 www.google.com.au
O1 - Hosts: 93.174.89.10 google.be
O1 - Hosts: 93.174.89.10 www.google.be
O1 - Hosts: 93.174.89.10 google.com.br
O1 - Hosts: 93.174.89.10 www.google.com.br
O1 - Hosts: 93.174.89.10 google.ca
O1 - Hosts: 93.174.89.10 www.google.ca

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

ru4real

2011-01-22, 18:34

Again I got the error message cannot create host file. The fix ran about 2 seconds before the message popped up. I don't know if this will help you but at the bottom of OTL, below the progress bar, it says
"Processing 01-Hosts:74.125.45.100 4-open-davinci.com..."

ken545

2011-01-22, 18:59

Lets try running the fix in Safemode

To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)

ru4real

2011-01-22, 21:24

The fix ran in safemode. Here is the log....

All processes killed
========== PROCESSES ==========
========== OTL ==========
74.125.45.100 4-open-davinci.com removed from HOSTS file successfully
74.125.45.100 securitysoftwarepayments.com removed from HOSTS file successfully
74.125.45.100 privatesecuredpayments.com removed from HOSTS file successfully
74.125.45.100 getantivirusplusnow.com removed from HOSTS file successfully
74.125.45.100 secure-plus-payments.com removed from HOSTS file successfully
74.125.45.100 www.getavplusnow.com removed from HOSTS file successfully
74.125.45.100 safebrowsing-cache.google.com removed from HOSTS file successfully
74.125.45.100 urs.microsoft.com removed from HOSTS file successfully
74.125.45.100 www.securesoftwarebill.com removed from HOSTS file successfully
74.125.45.100 secure.paysecuresystem.com removed from HOSTS file successfully
74.125.45.100 paysoftbillsolution.com removed from HOSTS file successfully
74.125.45.100 protected.maxisoftwaremart.com removed from HOSTS file successfully
93.174.89.10 www.google.com removed from HOSTS file successfully
93.174.89.10 google.com removed from HOSTS file successfully
93.174.89.10 google.be removed from HOSTS file successfully
93.174.89.10 google.ca removed from HOSTS file successfully
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest.Johnson-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Janice Child
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Johnson
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 397561 bytes
->Java cache emptied: 5616700 bytes
->FireFox cache emptied: 41103454 bytes
->Flash cache emptied: 3335 bytes

User: Public

User: Riley

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 73046 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 45.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.20.2 log created on 01222011_140324

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Here is the log when I ran OTL again......

OTL logfile created on: 1/22/2011 2:16:32 PM - Run 6
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Johnson\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 38.00% Memory free
12.00 Gb Paging File | 8.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 802.60 Gb Free Space | 87.58% Space Free | Partition Type: NTFS

Computer Name: JOHNSON-PC | User Name: Johnson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Johnson\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Oberon Media\Parts\1.0.0.14\OberonParts.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\qZone Games Player\GPlayer.exe (Exent Technologies Ltd.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe (Hewlett-Packard Development Co. L.P.)

========== Modules (SafeList) ==========

MOD - C:\Users\Johnson\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (iWinTrusted) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)

========== Driver Services (SafeList) ==========

DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (X5XSEx_Pr179) -- C:\Program Files (x86)\qZone Games Player\X5XSEx.sys (Exent Technologies Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://start.pogo.iplay.com/?o=shp"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: tabprogressbar@studio17.wordpress.com:0.6
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: zoompage@DW-dev:1.9
FF - prefs.js..extensions.enabledItems: OberonGameHost@OberonGames.com:1.0.5.1462
FF - prefs.js..extensions.enabledItems: gamesbar@oberon-media.com:1.1.0.66
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {37483b40-c254-4a72-bda4-22ee90182c1e}:3.2.5.2
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/12 01:39:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2010/11/12 21:57:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/26 00:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/26 00:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2011/01/07 19:03:19 | 000,000,000 | ---D | M]

[2010/11/08 18:59:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Extensions
[2010/04/03 23:45:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/01/21 18:44:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions
[2010/12/13 01:55:54 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/01/18 17:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010/12/11 21:16:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\engine@conduit.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\foxmarks@kei.com
[2010/12/13 01:55:54 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\gamesbar@oberon-media.com
[2010/12/16 22:09:20 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\LogMeInClient@logmein.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Oberon Game Host) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\OberonGameHost@OberonGames.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\personas@christopher.beard
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\tabprogressbar@studio17.wordpress.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Zoom Page) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\zoompage@DW-dev
[2010/11/23 12:16:00 | 000,000,915 | ---- | M] () -- C:\Users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\c1gyfajt.default\searchplugins\conduit.xml
[2011/01/07 19:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/10 18:17:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/07 19:04:01 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011/01/07 19:03:58 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/11/12 01:39:12 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/11/12 21:57:25 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAMDATA\IWIN GAMES\FIREFOX
[2010/08/24 03:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/23 20:18:33 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober67310016.xml
[2010/12/09 20:51:07 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober79931215.xml
[2010/12/24 03:04:53 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober91690461.xml

O1 HOSTS File: ([2011/01/22 14:03:32 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [Exetender] C:\Program Files (x86)\qZone Games Player\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://www.shockwave.com/content/tumblebugs/sis/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\J\Shell\phone\command - "" = J:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/21 15:06:53 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/01/21 15:05:07 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTM.exe
[2011/01/20 21:48:32 | 000,000,000 | ---D | C] -- C:\Users\Johnson\Desktop\HostsXpert
[2011/01/20 21:44:09 | 000,000,000 | ---D | C] -- C:\HOST
[2011/01/19 14:34:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/19 01:42:48 | 082,812,200 | ---- | C] (Apple Inc.) -- C:\Users\Johnson\Desktop\iTunes64Setup.exe
[2011/01/17 19:28:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTL.exe
[2011/01/15 07:24:19 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/01/15 07:24:18 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/01/15 07:24:18 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/01/15 07:24:18 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/01/15 07:24:18 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/01/15 07:24:18 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/01/15 07:24:18 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/01/15 07:24:18 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/01/15 07:24:18 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/01/15 07:24:18 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/01/15 07:24:17 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/01/15 07:24:17 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/01/15 07:24:17 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/01/15 07:24:17 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/01/15 07:24:17 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/01/15 07:24:17 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/01/15 07:24:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/01/15 07:24:17 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/01/15 07:24:17 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/01/15 07:24:17 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/01/15 07:24:06 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/15 07:24:06 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/15 07:11:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Johnson\Desktop\TFC.exe
[2011/01/14 02:19:05 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Malwarebytes
[2011/01/14 02:18:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/14 02:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/14 02:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/14 02:18:53 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/01/14 02:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/14 02:17:42 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Johnson\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/14 01:41:08 | 000,287,240 | ---- | C] (Oberon Media, Inc.) -- C:\Users\Johnson\Desktop\bejeweled_3_89819902-setup.exe
[2011/01/13 01:09:54 | 004,134,056 | ---- | C] (Kraft Foods) -- C:\Users\Johnson\Desktop\nwmj.exe
[2011/01/10 01:17:40 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Bitstream
[2011/01/10 00:52:28 | 000,000,000 | ---D | C] -- C:\Users\Johnson\Documents\Corel User Files
[2011/01/08 04:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\qZone Games Player
[2011/01/08 04:35:27 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2011/01/08 04:35:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\qZone Games (Purchase)
[2011/01/08 04:35:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\qZone Games Player
[2011/01/07 19:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2011
[2011/01/07 19:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011/01/07 19:02:43 | 000,556,120 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/01/07 15:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/01/07 15:56:09 | 087,931,976 | ---- | C] ( ) -- C:\Users\Johnson\Desktop\setup_9.0.0.722_07.01.2011_22-36.exe
[2011/01/07 15:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/01/07 15:34:47 | 111,998,120 | ---- | C] (Kaspersky Lab) -- C:\Users\Johnson\Desktop\kis11.0.1.400_en_us.exe
[2011/01/07 04:27:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\PIDFITS
[2011/01/07 04:26:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\da3680
[2011/01/04 18:39:17 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Corel
[2011/01/04 18:37:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
[2011/01/04 18:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2011/01/04 18:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X4
[2011/01/04 18:26:40 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/01/04 02:31:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2011/01/04 01:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Web Publish
[2011/01/04 01:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2010/12/29 17:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2010/12/29 17:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010/12/29 08:49:33 | 008,582,536 | ---- | C] (Mozilla) -- C:\Users\Johnson\Desktop\Firefox Setup 3.6.13.exe
[2010/12/27 20:03:25 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}
[2010/12/27 20:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications
[2010/12/26 00:49:50 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/12/26 00:49:39 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\BitComet
[2010/12/26 00:49:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitComet
[2010/12/26 00:46:41 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\BitTorrent
[2010/12/24 03:07:11 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Pogo Games
[2010/12/24 00:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2010/12/23 20:20:41 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Arkadium
[2010/12/23 20:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
[2010/12/23 20:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar
[2010/12/23 20:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamesBar
[2010/12/23 20:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oberon Media
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/22 14:14:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/22 14:14:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/22 14:07:44 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/22 14:06:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/22 14:06:52 | 509,456,383 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/22 14:03:32 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/01/22 13:42:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/21 15:05:07 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTM.exe
[2011/01/20 21:48:31 | 019,973,448 | ---- | M] () -- C:\Users\Johnson\Desktop\winzip150.exe
[2011/01/20 21:43:38 | 000,353,485 | ---- | M] () -- C:\Users\Johnson\Desktop\HostsXpert.zip
[2011/01/19 23:29:22 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/19 14:43:10 | 000,005,108 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/19 01:52:22 | 082,812,200 | ---- | M] (Apple Inc.) -- C:\Users\Johnson\Desktop\iTunes64Setup.exe
[2011/01/17 19:28:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTL.exe
[2011/01/15 19:55:12 | 000,624,128 | ---- | M] () -- C:\Users\Johnson\Desktop\dds.scr
[2011/01/15 07:11:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Johnson\Desktop\TFC.exe
[2011/01/14 02:18:58 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 02:18:20 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Johnson\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/14 01:41:09 | 000,287,240 | ---- | M] (Oberon Media, Inc.) -- C:\Users\Johnson\Desktop\bejeweled_3_89819902-setup.exe
[2011/01/13 21:08:06 | 000,033,280 | ---- | M] () -- C:\Users\Johnson\Desktop\PrePaidphoneservice2007.DOC
[2011/01/13 20:45:15 | 005,845,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/01/13 20:17:50 | 000,081,408 | ---- | M] () -- C:\Users\Johnson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/13 01:10:03 | 004,134,056 | ---- | M] (Kraft Foods) -- C:\Users\Johnson\Desktop\nwmj.exe
[2011/01/11 19:03:02 | 000,002,199 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.lnk
[2011/01/08 04:35:34 | 000,000,065 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2011/01/07 19:36:32 | 000,556,120 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/01/07 19:36:30 | 000,150,083 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/01/07 19:36:30 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/01/07 15:56:14 | 087,931,976 | ---- | M] ( ) -- C:\Users\Johnson\Desktop\setup_9.0.0.722_07.01.2011_22-36.exe
[2011/01/07 15:34:54 | 111,998,120 | ---- | M] (Kaspersky Lab) -- C:\Users\Johnson\Desktop\kis11.0.1.400_en_us.exe
[2011/01/02 20:55:17 | 000,037,376 | ---- | M] () -- C:\Users\Johnson\Documents\Book11 (Autosaved).xls
[2011/01/02 20:46:19 | 000,008,529 | ---- | M] () -- C:\Users\Johnson\Documents\MetLife.eps.zip
[2011/01/02 20:45:50 | 000,010,581 | ---- | M] () -- C:\Users\Johnson\Documents\New_York_Life.eps.zip
[2011/01/02 20:45:24 | 000,016,711 | ---- | M] () -- C:\Users\Johnson\Documents\State_Farm_Insurance.eps.zip
[2011/01/02 16:53:20 | 001,143,181 | ---- | M] () -- C:\Users\Johnson\Documents\Dakota Poster.ai
[2011/01/01 05:42:55 | 000,210,603 | ---- | M] () -- C:\Windows\hpoins21.dat
[2011/01/01 05:34:17 | 002,740,320 | ---- | M] () -- C:\Users\Johnson\Desktop\HPHNDU.exe
[2010/12/31 17:18:59 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2010/12/29 08:51:07 | 008,582,536 | ---- | M] (Mozilla) -- C:\Users\Johnson\Desktop\Firefox Setup 3.6.13.exe
[2010/12/27 19:56:56 | 327,118,416 | ---- | M] () -- C:\Users\Johnson\Desktop\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2010/12/25 21:55:32 | 000,164,741 | ---- | M] () -- C:\Users\Johnson\Documents\dakota.ai
[2010/12/24 03:06:26 | 000,002,212 | ---- | M] () -- C:\Users\Johnson\Desktop\Mahjong Garden Deluxe.lnk
[2010/12/23 19:42:37 | 000,164,359 | ---- | M] () -- C:\Users\Johnson\Documents\dakota Child.ai
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/20 21:46:25 | 019,973,448 | ---- | C] () -- C:\Users\Johnson\Desktop\winzip150.exe
[2011/01/20 21:43:36 | 000,353,485 | ---- | C] () -- C:\Users\Johnson\Desktop\HostsXpert.zip
[2011/01/15 19:55:12 | 000,624,128 | ---- | C] () -- C:\Users\Johnson\Desktop\dds.scr
[2011/01/14 02:18:58 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 21:03:33 | 000,033,280 | ---- | C] () -- C:\Users\Johnson\Desktop\PrePaidphoneservice2007.DOC
[2011/01/11 19:03:02 | 000,002,199 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.lnk
[2011/01/08 04:35:34 | 000,007,542 | ---- | C] () -- C:\Windows\Qwest.ico
[2011/01/08 04:35:34 | 000,000,065 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/01/07 19:03:52 | 000,150,083 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/01/07 19:03:52 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/01/02 20:46:19 | 000,008,529 | ---- | C] () -- C:\Users\Johnson\Documents\MetLife.eps.zip
[2011/01/02 20:45:50 | 000,010,581 | ---- | C] () -- C:\Users\Johnson\Documents\New_York_Life.eps.zip
[2011/01/02 20:45:23 | 000,016,711 | ---- | C] () -- C:\Users\Johnson\Documents\State_Farm_Insurance.eps.zip
[2011/01/02 16:53:16 | 001,143,181 | ---- | C] () -- C:\Users\Johnson\Documents\Dakota Poster.ai
[2011/01/01 05:39:06 | 000,210,586 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2011/01/01 05:39:06 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2011/01/01 05:34:09 | 002,740,320 | ---- | C] () -- C:\Users\Johnson\Desktop\HPHNDU.exe
[2010/12/27 19:22:28 | 327,118,416 | ---- | C] () -- C:\Users\Johnson\Desktop\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2010/12/24 03:06:26 | 000,002,212 | ---- | C] () -- C:\Users\Johnson\Desktop\Mahjong Garden Deluxe.lnk
[2010/12/23 18:56:30 | 000,164,359 | ---- | C] () -- C:\Users\Johnson\Documents\dakota Child.ai
[2010/12/23 18:04:33 | 000,074,240 | ---- | C] () -- C:\Users\Johnson\Desktop\keygen.exe
[2010/12/03 10:26:26 | 000,229,370 | ---- | C] () -- C:\Users\Johnson\AppData\Local\clear.log
[2010/11/26 03:01:12 | 000,005,108 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/12 00:01:50 | 000,003,891 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/11/10 01:14:54 | 000,000,000 | ---- | C] () -- C:\Users\Johnson\AppData\Roaming\wklnhst.dat
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/25 11:08:19 | 000,081,408 | ---- | C] () -- C:\Users\Johnson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/14 19:20:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/03/09 18:28:54 | 000,000,160 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/08/25 02:31:13 | 000,001,361 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:958399A2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:FF3DA68B
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5F132B4F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C5CE2DF6
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:029E021F
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:7ACDD583
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:290A724C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4EFDF5FB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D6255023
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5095D8B1
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:972E051C

< End of report >

ken545

2011-01-22, 22:41

:bigthumb:

I suspect the Kaspersky Internet Security was blocking that program from running. Your hosts file was infected and the older infected copies where removed and it was reset back to Microsoft defaults. Do you understand what the hosts file does ?

BitComet
BitTorrent
If you continue to use programs like these I can guarantee 100 % that you will become reinfected. It may be how you got infected in the first place. Your downloading that file from an unknown source, malware writers are in tune to this and using File Sharing as one of the latest ways to infect your system. Doing what I do and knowing what I know I would never allow any form of P2P programs on any of my systems. You can remove them via Programs and Features in the Control Panel.

Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic and let me know how your system is running now.

ru4real

2011-01-23, 06:05

My computer is running so much better. Thanks! Here is the log file:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=317140a51722d543955950d3df7d444a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-23 01:37:59
# local_time=2011-01-22 07:37:59 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1280 16777215 100 0 376628 376628 0 0
# compatibility_mode=5893 16776574 100 94 23074631 47286655 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=246171
# found=0
# cleaned=0
# scan_time=3475

ken545

2011-01-23, 12:47

:bigthumb:

You need to update your Java, it will make your system more secure

Please download JavaRa (http://raproducts.org/click/click.php?id=1) to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)

Safe Surfn
Ken

ru4real

2011-01-24, 05:40

Thank you so much for all your help. You guys are all wonderful!!!

ken545

2011-01-24, 10:04

Your very welcome

Take care,
Ken :)

ken545

2011-01-31, 10:28

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.