Sorry for the previous thread and the wrong log type posted. Here is a DDS log.

Previous thread: http://forums.spybot.info/showthread.php?t=64487

Thanks again for any help.



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by Cuda at 21:04:02 on 2011-11-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6058.3947 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Cuda\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://iknowsearch.net
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D3382E0-DBD8-46D4-A614-67C593A25B99} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D9E27C6B-587B-40A8-845B-760F11C1DBCE} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D9E27C6B-587B-40A8-845B-760F11C1DBCE}\2456C6B696E6E233346353 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D9E27C6B-587B-40A8-845B-760F11C1DBCE}\3343836445 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D9E27C6B-587B-40A8-845B-760F11C1DBCE}\7394535303 : DhcpNameServer = 192.168.1.1 68.238.112.12
TCP: Interfaces\{D9E27C6B-587B-40A8-845B-760F11C1DBCE}\844534023556E637164796F6E6024374 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D9E27C6B-587B-40A8-845B-760F11C1DBCE}\E4331414E4 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cuda\AppData\Roaming\Mozilla\Firefox\Profiles\ldkaumgk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.iknowsearch.net/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Cuda\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-3-28 98208]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-14 366152]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-3-28 2253120]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-28 689472]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-27 2656280]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Cuda\Downloads\ThrottleStop_330\ThrottleStop_330\WinRing0x64.sys [2011-8-20 14544]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-26 01:57:56 111408 ----a-w- C:\Windows\System32\drivers\54886717.sys
2011-11-26 01:21:59 78848 ----a-w- C:\Windows\KMSEmulator.exe
2011-11-26 01:10:16 111616 ----a-w- C:\Windows\SysWow64\g0Qol0.com
2011-11-26 01:05:34 -------- d-----w- C:\Program Files (x86)\NET Traffic Meter
2011-11-25 17:45:04 -------- d-----w- C:\Users\Cuda\AppData\Roaming\PhotoScape
2011-11-25 17:44:53 -------- d-----w- C:\Program Files (x86)\PhotoScape
2011-11-24 17:34:33 -------- d-----w- C:\Users\Cuda\AppData\Local\Microsoft Games
2011-11-24 00:32:51 -------- d-----w- C:\Program Files (x86)\LP
2011-11-23 23:49:36 -------- d-----we C:\Windows\system64
2011-11-17 01:58:15 -------- d-----w- C:\Program Files (x86)\Trident Web Solutions, Inc
2011-11-16 01:23:56 -------- d-----w- C:\Windows\pss
2011-11-11 17:19:47 -------- d-----w- C:\Users\Cuda\AppData\Local\Skyrim
2011-11-11 17:03:01 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
2011-11-11 17:03:01 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2011-11-11 17:03:01 530776 ----a-w- C:\Windows\System32\XAudio2_6.dll
2011-11-11 17:03:01 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2011-11-11 17:03:01 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
2011-11-11 17:03:01 176984 ----a-w- C:\Windows\System32\xactengine3_6.dll
2011-11-11 17:03:00 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll
2011-11-11 17:03:00 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2011-11-11 17:01:55 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2011-11-11 17:00:51 4991496 ----a-w- C:\Windows\System32\D3DX9_38.dll
2011-11-11 16:54:56 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim
2011-11-11 16:40:58 502256 ----a-w- C:\Windows\System32\drivers\sptd.sys
2011-11-10 00:01:54 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-10 00:01:54 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-10 00:01:27 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-10 00:00:58 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-11-06 17:46:28 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-05 01:54:25 -------- d-----w- C:\Users\Cuda\AppData\Local\Adobe
2011-11-05 01:27:56 98816 ----a-w- C:\Windows\sed.exe
2011-11-05 01:27:56 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-05 01:27:56 256000 ----a-w- C:\Windows\PEV.exe
2011-11-05 01:27:56 208896 ----a-w- C:\Windows\MBR.exe
2011-11-04 01:42:23 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-30 23:33:03 -------- d-----w- C:\Program Files\SAMSUNG
2011-10-30 23:31:07 -------- d-----w- C:\ProgramData\Samsung
.
==================== Find3M ====================
.
2011-10-18 06:43:46 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2011-10-18 06:43:44 95928 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 21:05:04.01 ===============

:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.



Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-26 14:28:36
-----------------------------
14:28:36.425 OS Version: Windows x64 6.1.7600
14:28:36.440 Number of processors: 8 586 0x2A07
14:28:36.440 ComputerName: CUDA-PC UserName: Cuda
14:28:38.437 Initialize success
14:28:43.523 AVAST engine defs: 11112601
14:28:46.222 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:28:46.222 Disk 0 Vendor: TOSHIBA_ MC00 Size: 610480MB BusType: 3
14:28:46.237 Disk 0 MBR read successfully
14:28:46.237 Disk 0 MBR scan
14:28:46.237 Disk 0 Windows VISTA default MBR code
14:28:46.237 Service scanning
14:28:48.889 Modules scanning
14:28:48.889 Disk 0 trace - called modules:
14:28:48.905 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
14:28:48.905 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006619060]
14:28:48.905 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8006482c80]
14:28:48.905 5 stdcfltn.sys[fffff8800184bc52] -> nt!IofCallDriver -> [0xfffffa8005f52e40]
14:28:48.920 7 ACPI.sys[fffff8800100b781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f54050]
14:28:50.496 AVAST engine scan C:\Windows
14:28:55.394 AVAST engine scan C:\Windows\system32
14:29:02.836 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Malware-gen
14:30:25.018 AVAST engine scan C:\Windows\system32\drivers
14:30:40.384 AVAST engine scan C:\Users\Cuda
14:33:17.006 File: C:\Users\Cuda\AppData\Local\Temp\akslsunobi **INFECTED** Win32:FakeAlert-BLY [Trj]
14:33:19.496 File: C:\Users\Cuda\AppData\Local\Temp\mgr.dll **INFECTED** Win32:FakeAlert-BLY [Trj]
14:33:29.730 File: C:\Users\Cuda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\54a13990-49a30161 **INFECTED** Win32:FakeAlert-BLY [Trj]
14:36:46.418 AVAST engine scan C:\ProgramData
14:46:15.405 Scan finished successfully
14:46:50.238 Disk 0 MBR has been saved successfully to "C:\Users\Cuda\Desktop\MBR.dat"
14:46:50.244 The log file has been saved successfully to "C:\Users\Cuda\Desktop\aswMBR.txt"

Yep, you have a few things going on, lets do this.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1 (http://jpshortstuff.247fixes.com/GooredFix.exe)
Download Mirror #2 (http://downloads.securitycadets.com/GooredFix.exe)
Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).






Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

ComboFix 11-11-26.04 - Cuda 11/26/2011 16:47:25.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6058.3099 [GMT -5:00]
Running from: c:\users\Cuda\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-26 21:51 . 2011-11-26 21:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-26 21:51 . 2011-11-26 21:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-26 01:21 . 2011-11-26 19:28 78848 ----a-w- c:\windows\KMSEmulator.exe
2011-11-26 01:10 . 2011-11-25 22:13 111616 ----a-w- c:\windows\SysWow64\g0Qol0.com
2011-11-26 01:05 . 2011-11-26 01:32 -------- d-----w- c:\program files (x86)\NET Traffic Meter
2011-11-25 17:45 . 2011-11-26 01:32 -------- d-----w- c:\users\Cuda\AppData\Roaming\PhotoScape
2011-11-25 17:44 . 2011-11-26 01:32 -------- d-----w- c:\program files (x86)\PhotoScape
2011-11-24 17:34 . 2011-11-24 17:35 -------- d-----w- c:\users\Cuda\AppData\Local\Microsoft Games
2011-11-17 01:58 . 2011-11-17 01:58 -------- d-----w- c:\program files (x86)\Trident Web Solutions, Inc
2011-11-11 17:19 . 2011-11-11 17:19 -------- d-----w- c:\users\Cuda\AppData\Local\Skyrim
2011-11-11 17:03 . 2010-02-04 15:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-11-11 17:03 . 2010-02-04 15:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2011-11-11 17:03 . 2010-02-04 15:01 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-11-11 17:03 . 2010-02-04 15:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2011-11-11 17:03 . 2010-02-04 15:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2011-11-11 17:03 . 2010-02-04 15:01 176984 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-11-11 17:03 . 2010-02-04 15:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-11-11 17:03 . 2010-02-04 15:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2011-11-11 17:01 . 2008-10-15 11:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-11-11 17:00 . 2008-05-30 19:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll
2011-11-11 16:54 . 2011-11-11 17:19 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
2011-11-10 00:01 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-10 00:01 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-10 00:01 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-10 00:00 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 01:54 . 2011-11-25 16:28 -------- d-----w- c:\users\Cuda\AppData\Local\Adobe
2011-11-04 01:42 . 2011-11-04 01:42 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-30 23:33 . 2011-10-30 23:33 -------- d-----w- c:\program files\SAMSUNG
2011-10-30 23:31 . 2011-10-30 23:31 -------- d-----w- c:\programdata\Samsung
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-18 06:43 . 2011-10-18 06:43 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2011-10-18 06:43 . 2011-10-18 06:43 95928 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2011-10-15 08:53 . 2011-03-28 07:24 860992 ----a-w- c:\windows\system32\nvumdshimx.dll
2011-10-15 08:53 . 2011-03-28 07:24 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2010-11-29 12:35 1985841 ----a-w- c:\windows\system32\nvcoproc.bin
2011-10-15 08:53 . 2010-11-29 12:35 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2010-11-29 10:35 539456 ----a-w- c:\windows\system32\nvhotkey.dll
2011-10-15 08:53 . 2010-11-29 10:35 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2010-11-29 10:35 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2010-11-29 10:35 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll
2011-10-15 08:53 . 2010-11-29 10:35 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-10-15 08:53 . 2010-11-29 10:35 1349440 ----a-w- c:\windows\system32\nv3dappshext.dll
2011-10-15 08:53 . 2010-11-29 10:35 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-10-15 08:53 . 2010-11-29 10:35 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2010-11-29 10:34 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-01 03:21 . 2011-10-12 22:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-12 22:14 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 21:00 . 2011-08-15 15:59 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-05_01.39.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-04-03 00:34 . 2008-10-27 14:04 70992 c:\windows\SysWOW64\XAPOFX1_2.dll
+ 2011-11-11 17:01 . 2008-10-27 15:04 70992 c:\windows\SysWOW64\XAPOFX1_2.dll
- 2011-04-03 00:34 . 2008-07-31 14:41 68616 c:\windows\SysWOW64\XAPOFX1_1.dll
+ 2011-11-11 17:01 . 2008-07-31 15:41 68616 c:\windows\SysWOW64\XAPOFX1_1.dll
+ 2011-11-11 17:01 . 2008-05-30 19:17 65032 c:\windows\SysWOW64\XAPOFX1_0.dll
- 2011-04-03 00:34 . 2008-05-30 18:17 65032 c:\windows\SysWOW64\XAPOFX1_0.dll
- 2011-04-03 00:34 . 2009-03-16 18:18 22360 c:\windows\SysWOW64\X3DAudio1_6.dll
+ 2011-11-11 17:02 . 2009-03-16 19:18 22360 c:\windows\SysWOW64\X3DAudio1_6.dll
- 2011-04-03 00:34 . 2008-10-27 14:04 23376 c:\windows\SysWOW64\X3DAudio1_5.dll
+ 2011-11-11 17:01 . 2008-10-27 15:04 23376 c:\windows\SysWOW64\X3DAudio1_5.dll
- 2011-04-03 00:34 . 2008-05-30 18:17 25608 c:\windows\SysWOW64\X3DAudio1_4.dll
+ 2011-11-11 17:01 . 2008-05-30 19:17 25608 c:\windows\SysWOW64\X3DAudio1_4.dll
- 2011-04-03 00:34 . 2008-03-05 20:00 25608 c:\windows\SysWOW64\X3DAudio1_3.dll
+ 2011-11-11 17:00 . 2008-03-05 21:00 25608 c:\windows\SysWOW64\X3DAudio1_3.dll
- 2010-03-18 13:15 . 2010-03-18 13:15 51024 c:\windows\SysWOW64\vcomp100.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 51024 c:\windows\SysWOW64\vcomp100.dll
+ 2011-11-12 21:42 . 2011-10-15 08:53 61248 c:\windows\SysWOW64\OpenCL.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 81744 c:\windows\SysWOW64\mfcm100u.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 81744 c:\windows\SysWOW64\mfcm100.dll
- 2010-03-18 13:15 . 2010-03-18 13:15 60752 c:\windows\SysWOW64\mfc100rus.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 60752 c:\windows\SysWOW64\mfc100rus.dll
- 2010-03-18 13:15 . 2010-03-18 13:15 43344 c:\windows\SysWOW64\mfc100kor.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 43344 c:\windows\SysWOW64\mfc100kor.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 43856 c:\windows\SysWOW64\mfc100jpn.dll
- 2010-03-18 13:15 . 2010-03-18 13:15 43856 c:\windows\SysWOW64\mfc100jpn.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 62288 c:\windows\SysWOW64\mfc100ita.dll
- 2010-03-18 13:15 . 2010-03-18 13:15 62288 c:\windows\SysWOW64\mfc100ita.dll
- 2010-03-18 13:15 . 2010-03-18 13:15 64336 c:\windows\SysWOW64\mfc100fra.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 64336 c:\windows\SysWOW64\mfc100fra.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 63824 c:\windows\SysWOW64\mfc100esn.dll
- 2010-03-18 13:15 . 2010-03-18 13:15 63824 c:\windows\SysWOW64\mfc100esn.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 55120 c:\windows\SysWOW64\mfc100enu.dll
- 2010-03-18 13:15 . 2010-03-18 13:15 55120 c:\windows\SysWOW64\mfc100enu.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 64336 c:\windows\SysWOW64\mfc100deu.dll
- 2010-03-18 13:15 . 2010-03-18 13:15 64336 c:\windows\SysWOW64\mfc100deu.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 36176 c:\windows\SysWOW64\mfc100cht.dll
- 2010-03-18 13:15 . 2010-03-18 13:15 36176 c:\windows\SysWOW64\mfc100cht.dll
- 2010-03-18 13:15 . 2010-03-18 13:15 36176 c:\windows\SysWOW64\mfc100chs.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 36176 c:\windows\SysWOW64\mfc100chs.dll
- 2011-10-09 17:35 . 2011-11-04 22:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2011-10-09 17:35 . 2011-11-26 01:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2011-11-25 12:59 . 2011-11-26 03:52 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011112520111126\index.dat
+ 2011-11-24 13:48 . 2011-11-25 02:50 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011112420111125\index.dat
+ 2011-11-24 01:09 . 2011-11-24 03:00 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011112320111124\index.dat
+ 2011-04-02 22:49 . 2011-11-26 21:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-02 22:49 . 2011-11-05 01:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-11-26 02:45 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2011-10-22 11:12 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-04-02 22:49 . 2011-11-26 21:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-02 22:49 . 2011-11-05 01:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-02 22:49 . 2011-11-26 21:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-02 22:49 . 2011-11-05 01:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-03 02:01 . 2011-11-05 01:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-03 02:01 . 2011-11-26 21:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-03 02:01 . 2011-11-05 01:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-03 02:01 . 2011-11-26 21:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-21 17:43 . 2011-07-21 17:43 27648 c:\windows\Installer\2003d42.msp
+ 2011-01-24 22:16 . 2011-01-24 22:16 14336 c:\windows\Installer\1fc8065.msp
- 2011-04-28 15:51 . 2011-04-28 15:51 10134 c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe
+ 2011-11-25 16:23 . 2011-11-25 16:23 10134 c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe
- 2011-04-28 15:51 . 2011-04-28 15:51 10134 c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe
+ 2011-11-25 16:23 . 2011-11-25 16:23 10134 c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe
+ 2011-11-25 16:24 . 2011-11-25 16:24 10134 c:\windows\Installer\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}\ARPPRODUCTICON.exe
- 2011-04-28 15:53 . 2011-04-28 15:53 10134 c:\windows\Installer\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}\ARPPRODUCTICON.exe
- 2011-04-28 15:53 . 2011-04-28 15:53 10134 c:\windows\Installer\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}\ARPPRODUCTICON.exe
+ 2011-11-25 16:24 . 2011-11-25 16:24 10134 c:\windows\Installer\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}\ARPPRODUCTICON.exe
+ 2011-11-23 08:04 . 2011-11-23 08:04 75104 c:\windows\Installer\{95140000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2011-06-21 13:50 . 2011-06-21 13:50 75104 c:\windows\Installer\{95140000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2011-04-28 15:51 . 2011-04-28 15:51 10134 c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
+ 2011-11-25 16:23 . 2011-11-25 16:23 10134 c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
+ 2011-11-25 16:23 . 2011-11-25 16:23 10134 c:\windows\Installer\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}\ARPPRODUCTICON.exe
- 2011-04-28 15:52 . 2011-04-28 15:52 10134 c:\windows\Installer\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}\ARPPRODUCTICON.exe
- 2011-04-28 15:53 . 2011-04-28 15:53 10134 c:\windows\Installer\{925D058B-564A-443A-B4B2-7E90C6432E55}\ARPPRODUCTICON.exe
+ 2011-11-25 16:24 . 2011-11-25 16:24 10134 c:\windows\Installer\{925D058B-564A-443A-B4B2-7E90C6432E55}\ARPPRODUCTICON.exe
- 2011-04-05 04:44 . 2011-04-05 04:44 89952 c:\windows\Installer\{90140000-006D-0409-1000-0000000FF1CE}\cvhicon.exe
+ 2011-11-23 08:02 . 2011-11-23 08:02 89952 c:\windows\Installer\{90140000-006D-0409-1000-0000000FF1CE}\cvhicon.exe
- 2011-08-07 19:13 . 2011-08-07 19:13 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-08-07 19:13 . 2011-11-23 08:05 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-08-07 19:13 . 2011-08-07 19:13 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2011-08-07 19:13 . 2011-11-23 08:05 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2011-08-07 19:13 . 2011-11-23 08:05 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-08-07 19:13 . 2011-08-07 19:13 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-03-28 05:21 . 2011-11-19 15:23 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2011-03-28 05:21 . 2011-03-28 05:21 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2011-04-28 15:53 . 2011-04-28 15:53 10134 c:\windows\Installer\{8557397C-A42D-486F-97B3-A2CBC2372593}\ARPPRODUCTICON.exe
+ 2011-11-25 16:24 . 2011-11-25 16:24 10134 c:\windows\Installer\{8557397C-A42D-486F-97B3-A2CBC2372593}\ARPPRODUCTICON.exe
- 2011-04-28 15:51 . 2011-04-28 15:51 10134 c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
+ 2011-11-25 16:23 . 2011-11-25 16:23 10134 c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
- 2011-04-28 15:53 . 2011-04-28 15:53 10134 c:\windows\Installer\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}\ARPPRODUCTICON.exe
+ 2011-11-25 16:24 . 2011-11-25 16:24 10134 c:\windows\Installer\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}\ARPPRODUCTICON.exe
+ 2011-11-25 16:24 . 2011-11-25 16:24 10134 c:\windows\Installer\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}\ARPPRODUCTICON.exe
- 2011-04-28 15:53 . 2011-04-28 15:53 10134 c:\windows\Installer\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}\ARPPRODUCTICON.exe
+ 2011-11-25 16:24 . 2011-11-25 16:24 10134 c:\windows\Installer\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}\ARPPRODUCTICON.exe
- 2011-04-28 15:53 . 2011-04-28 15:53 10134 c:\windows\Installer\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}\ARPPRODUCTICON.exe
+ 2011-11-25 16:23 . 2011-11-25 16:23 10134 c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
- 2011-04-28 15:51 . 2011-04-28 15:51 10134 c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
+ 2011-11-25 16:23 . 2011-11-25 16:23 10134 c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe
- 2011-04-28 15:51 . 2011-04-28 15:51 10134 c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe
+ 2010-10-20 20:43 . 2010-10-20 20:43 42880 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SPWADDDS.DLL
+ 2010-10-20 20:43 . 2010-10-20 20:43 46976 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SPWADDDA.DLL
+ 2010-03-25 14:23 . 2010-03-25 14:23 31648 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SOCIALPROVIDER.DLL
+ 2010-03-23 01:30 . 2010-03-23 01:30 40296 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\RECALL.DLL
+ 2010-02-28 06:22 . 2010-02-28 06:22 48504 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\PUBTRAP.DLL
+ 2010-03-23 14:57 . 2010-03-23 14:57 43352 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OUTLRPC.DLL
+ 2010-03-23 14:57 . 2010-03-23 14:57 30560 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OUTLACCT.DLL
+ 2010-03-23 01:30 . 2010-03-23 01:30 20864 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MLSHEXT.DLL
+ 2010-10-20 20:43 . 2010-10-20 20:43 18816 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\INTMAPI.DLL
+ 2010-10-20 20:43 . 2010-10-20 20:43 11648 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\INTGMAT.DLL
+ 2010-03-23 01:29 . 2010-03-23 01:29 87408 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\DLGSETP.DLL
- 2011-08-20 17:24 . 2011-08-20 17:24 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-11-11 17:12 . 2011-11-11 17:12 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-08-20 17:24 . 2011-08-20 17:24 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-11-11 17:12 . 2011-11-11 17:12 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-11-25 17:47 . 2011-11-25 17:47 2638 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0VJAH68\EpicPlaySetup[1].exe
+ 2011-11-25 17:47 . 2011-11-25 17:48 2638 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65A3IZY0\EpicPlaySetup[1].exe
+ 2011-11-25 23:34 . 2011-11-25 23:34 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FF871EC4-17BD-11E1-B0C6-BC773710FB34}.dat
+ 2011-11-25 23:27 . 2011-11-25 23:27 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FBBEEB6C-17BC-11E1-B0C6-BC773710FB34}.dat
+ 2011-11-25 23:55 . 2011-11-25 23:55 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F5254EE3-17C0-11E1-B0C6-BC773710FB34}.dat
+ 2011-11-26 01:12 . 2011-11-26 01:12 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C6BC1672-17CB-11E1-B0C6-BC773710FB34}.dat
+ 2011-11-25 23:53 . 2011-11-25 23:53 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BAFFA91D-17C0-11E1-B0C6-BC773710FB34}.dat
+ 2011-11-25 23:32 . 2011-11-25 23:32 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B7FF86A4-17BD-11E1-B0C6-BC773710FB34}.dat
+ 2011-11-25 23:30 . 2011-11-25 23:31 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7D34C4D3-17BD-11E1-B0C6-BC773710FB34}.dat
+ 2011-11-25 23:37 . 2011-11-25 23:37 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{73DCF1C7-17BE-11E1-B0C6-BC773710FB34}.dat
+ 2011-11-25 23:00 . 2011-11-25 23:00 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{54E21C24-17B9-11E1-B0C6-BC773710FB34}.dat
+ 2011-11-25 23:57 . 2011-11-25 23:57 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3CB01B5F-17C1-11E1-B0C6-BC773710FB34}.dat
+ 2011-11-25 23:35 . 2011-11-25 23:35 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{39ECDBBA-17BE-11E1-B0C6-BC773710FB34}.dat
+ 2011-11-25 23:28 . 2011-11-25 23:30 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{35ADF006-17BD-11E1-B0C6-BC773710FB34}.dat
+ 2011-11-25 22:59 . 2011-11-25 23:00 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{16368F2A-17B9-11E1-B0C6-BC773710FB34}.dat
- 2011-11-05 01:37 . 2011-11-05 01:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-26 21:52 . 2011-11-26 21:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-26 21:52 . 2011-11-26 21:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-05 01:37 . 2011-11-05 01:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-13 05:01 . 2010-03-13 05:01 9592 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\XLCALL32.DLL
- 2011-04-03 00:34 . 2009-03-16 18:18 517448 c:\windows\SysWOW64\XAudio2_4.dll
+ 2011-11-11 17:02 . 2009-03-16 19:18 517448 c:\windows\SysWOW64\XAudio2_4.dll
- 2011-04-03 00:34 . 2008-10-27 14:04 514384 c:\windows\SysWOW64\XAudio2_3.dll
+ 2011-11-11 17:01 . 2008-10-27 15:04 514384 c:\windows\SysWOW64\XAudio2_3.dll
- 2011-04-03 00:34 . 2008-07-31 14:40 509448 c:\windows\SysWOW64\XAudio2_2.dll
+ 2011-11-11 17:01 . 2008-07-31 15:40 509448 c:\windows\SysWOW64\XAudio2_2.dll
- 2011-04-03 00:34 . 2008-05-30 18:19 507400 c:\windows\SysWOW64\XAudio2_1.dll
+ 2011-11-11 17:01 . 2008-05-30 19:19 507400 c:\windows\SysWOW64\XAudio2_1.dll
+ 2011-11-11 17:00 . 2008-03-05 21:03 479752 c:\windows\SysWOW64\XAudio2_0.dll
- 2011-04-03 00:34 . 2008-03-05 20:03 479752 c:\windows\SysWOW64\XAudio2_0.dll
- 2011-04-03 00:34 . 2009-09-04 21:44 238936 c:\windows\SysWOW64\xactengine3_5.dll
+ 2011-11-11 17:02 . 2009-09-04 22:44 238936 c:\windows\SysWOW64\xactengine3_5.dll
- 2011-04-03 00:34 . 2009-03-16 18:18 235352 c:\windows\SysWOW64\xactengine3_4.dll
+ 2011-11-11 17:02 . 2009-03-16 19:18 235352 c:\windows\SysWOW64\xactengine3_4.dll
+ 2011-11-11 17:01 . 2008-10-27 15:04 235856 c:\windows\SysWOW64\xactengine3_3.dll
- 2011-04-03 00:34 . 2008-10-27 14:04 235856 c:\windows\SysWOW64\xactengine3_3.dll
- 2011-04-03 00:34 . 2008-07-31 14:41 238088 c:\windows\SysWOW64\xactengine3_2.dll
+ 2011-11-11 17:01 . 2008-07-31 15:41 238088 c:\windows\SysWOW64\xactengine3_2.dll
+ 2011-11-11 17:01 . 2008-05-30 19:18 238088 c:\windows\SysWOW64\xactengine3_1.dll
- 2011-04-03 00:34 . 2008-05-30 18:18 238088 c:\windows\SysWOW64\xactengine3_1.dll
+ 2011-11-11 17:00 . 2008-03-05 21:03 238088 c:\windows\SysWOW64\xactengine3_0.dll
- 2011-04-03 00:34 . 2008-03-05 20:03 238088 c:\windows\SysWOW64\xactengine3_0.dll
+ 2011-11-12 21:42 . 2011-10-15 08:53 716608 c:\windows\SysWOW64\nvumdshim.dll
+ 2011-11-12 21:42 . 2011-10-15 08:53 330560 c:\windows\SysWOW64\nvoptimusmft.dll
+ 2011-11-12 21:42 . 2011-10-15 08:53 203072 c:\windows\SysWOW64\nvinit.dll
+ 2011-11-12 21:42 . 2011-10-15 08:53 301888 c:\windows\SysWOW64\nvdecodemft.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 773968 c:\windows\SysWOW64\msvcr100.dll
- 2010-03-18 13:15 . 2010-03-18 13:15 421200 c:\windows\SysWOW64\msvcp100.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 421200 c:\windows\SysWOW64\msvcp100.dll
+ 2011-11-11 17:02 . 2009-09-04 22:29 235344 c:\windows\SysWOW64\d3dx11_42.dll
- 2011-04-03 00:34 . 2009-09-04 21:29 235344 c:\windows\SysWOW64\d3dx11_42.dll
+ 2011-11-11 17:01 . 2008-10-15 11:22 452440 c:\windows\SysWOW64\d3dx10_40.dll
- 2011-04-08 21:58 . 2008-10-15 10:22 452440 c:\windows\SysWOW64\d3dx10_40.dll
- 2011-04-03 00:34 . 2008-07-10 15:01 467984 c:\windows\SysWOW64\d3dx10_39.dll
+ 2011-11-11 17:01 . 2008-07-10 16:01 467984 c:\windows\SysWOW64\d3dx10_39.dll
- 2011-04-03 00:34 . 2008-05-30 18:11 467984 c:\windows\SysWOW64\d3dx10_38.dll
+ 2011-11-11 17:01 . 2008-05-30 19:11 467984 c:\windows\SysWOW64\d3dx10_38.dll
- 2011-04-03 00:34 . 2008-02-06 03:07 462864 c:\windows\SysWOW64\d3dx10_37.dll
+ 2011-11-11 17:00 . 2008-02-06 04:07 462864 c:\windows\SysWOW64\d3dx10_37.dll
+ 2011-11-24 01:09 . 2011-11-24 01:06 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011103120111107\index.dat
+ 2011-10-09 16:48 . 2011-11-26 21:38 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2011-10-09 16:48 . 2011-11-05 01:28 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2010-03-18 13:15 . 2010-03-18 13:15 138056 c:\windows\SysWOW64\atl100.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 138056 c:\windows\SysWOW64\atl100.dll
+ 2009-07-14 05:01 . 2011-11-26 21:52 509804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-11-05 01:36 509804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-26 15:17 . 2010-11-26 15:17 532992 c:\windows\Installer\3217ae3.msi
+ 2010-11-26 16:19 . 2010-11-26 16:19 620032 c:\windows\Installer\3217ad3.msi
+ 2010-11-26 18:32 . 2010-11-26 18:32 510976 c:\windows\Installer\3217ac3.msi
+ 2010-11-26 18:32 . 2010-11-26 18:32 607744 c:\windows\Installer\3217abb.msi
+ 2010-11-26 15:45 . 2010-11-26 15:45 606208 c:\windows\Installer\3217aa3.msi
+ 2010-11-26 16:19 . 2010-11-26 16:19 725504 c:\windows\Installer\3217a93.msi
+ 2011-04-19 09:54 . 2011-04-19 09:54 227328 c:\windows\Installer\2003d2d.msi
+ 2011-04-19 09:21 . 2011-04-19 09:21 235520 c:\windows\Installer\2003d26.msi
+ 2011-06-20 04:33 . 2011-06-20 04:33 407552 c:\windows\Installer\1fc8212.msp
+ 2011-03-17 23:19 . 2011-03-17 23:19 304128 c:\windows\Installer\1fc81fb.msp
+ 2010-07-22 07:43 . 2010-07-22 07:43 257024 c:\windows\Installer\1fc8180.msp
+ 2010-07-22 23:28 . 2010-07-22 23:28 287232 c:\windows\Installer\1fc813f.msp
+ 2011-10-27 04:23 . 2011-10-27 04:23 925696 c:\windows\Installer\1fc80d1.msp
+ 2011-10-27 03:51 . 2011-10-27 03:51 592896 c:\windows\Installer\1fc805d.msp
+ 2011-08-22 04:19 . 2011-08-22 04:19 133120 c:\windows\Installer\1fc7fec.msp
+ 2011-02-20 04:08 . 2011-02-20 04:08 163840 c:\windows\Installer\1ba09b.msi
- 2011-08-07 19:08 . 2011-08-07 19:08 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2011-11-23 08:03 . 2011-11-23 08:03 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2011-08-07 19:13 . 2011-11-23 08:05 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2011-08-07 19:13 . 2011-08-07 19:13 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-08-07 19:13 . 2011-11-23 08:05 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2011-08-07 19:13 . 2011-08-07 19:13 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2011-08-07 19:13 . 2011-08-07 19:13 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2011-08-07 19:13 . 2011-11-23 08:05 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2011-08-07 19:13 . 2011-08-07 19:13 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-08-07 19:13 . 2011-11-23 08:05 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
- 2011-08-07 19:13 . 2011-08-07 19:13 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-08-07 19:13 . 2011-11-23 08:05 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-08-07 19:13 . 2011-11-23 08:05 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
- 2011-08-07 19:13 . 2011-08-07 19:13 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2011-11-17 01:58 . 2011-11-17 01:58 353118 c:\windows\Installer\{54E7C786-9DFC-437F-B79F-3EE6CECBEDCE}\_FD2A52CEF57BB0DDBD545B.exe
+ 2011-11-17 01:58 . 2011-11-17 01:58 353118 c:\windows\Installer\{54E7C786-9DFC-437F-B79F-3EE6CECBEDCE}\_B4192C41809B4D64202916.exe
+ 2010-02-28 06:33 . 2010-02-28 06:33 821664 c:\windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC\14.0.4763\CVHSVC.EXE
+ 2010-02-28 06:33 . 2010-02-28 06:33 379808 c:\windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC\14.0.4763\CVHBS.EXE
+ 2010-02-28 06:18 . 2010-02-28 06:18 105344 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\TRANSMGR.DLL
+ 2010-03-23 01:29 . 2010-03-23 01:29 340400 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SCNPST64.DLL
+ 2010-03-23 01:30 . 2010-03-23 01:30 329640 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SCNPST32.DLL
+ 2010-03-23 14:57 . 2010-03-23 14:57 415088 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\RTFHTML.DLL
+ 2010-03-01 08:56 . 2010-03-01 08:56 604024 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\PUBCONV.DLL
+ 2010-03-23 01:30 . 2010-03-23 01:30 308584 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\PSTPRX32.DLL
+ 2010-03-23 14:57 . 2010-03-23 14:57 329104 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OUTLPH.DLL
+ 2010-03-23 01:30 . 2010-03-23 01:30 523656 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OUTLMIME.DLL
+ 2010-03-23 01:30 . 2010-03-23 01:30 122720 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OUTLCTL.DLL
+ 2010-02-28 08:41 . 2010-02-28 08:41 615800 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONWORDADDIN.DLL
+ 2010-02-28 08:41 . 2010-02-28 08:41 560512 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONPPTADDIN.DLL
+ 2010-03-30 00:26 . 2010-03-30 00:26 140144 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONENOTEMANAGED.DLL
+ 2010-03-30 00:26 . 2010-03-30 00:26 227712 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONENOTEM.EXE
+ 2010-02-28 08:41 . 2010-02-28 08:41 533368 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONBTTNWD.DLL
+ 2010-02-28 08:41 . 2010-02-28 08:41 533376 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONBTTNPPT.DLL
+ 2010-03-01 09:19 . 2010-03-01 09:19 697728 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONBTTNOL.DLL
+ 2010-03-01 08:53 . 2010-03-01 08:53 234384 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OMSXP32.DLL
+ 2010-03-01 08:53 . 2010-03-01 08:53 724352 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OMSMAIN.DLL
+ 2010-03-16 06:58 . 2010-03-16 06:58 360824 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSOUC.EXE
+ 2010-03-16 06:58 . 2010-03-16 06:58 718208 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSOSYNC.EXE
+ 2010-01-10 01:50 . 2010-01-10 01:50 119160 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSCONV97.DLL
+ 2010-03-01 08:56 . 2010-03-01 08:56 457104 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MORPH9.DLL
+ 2010-03-23 01:29 . 2010-03-23 01:29 358240 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MIMEDIR.DLL
+ 2010-03-23 01:29 . 2010-03-23 01:29 272800 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MAPIPH.DLL
+ 2010-03-23 01:30 . 2010-03-23 01:30 135016 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\IMPMAIL.DLL
+ 2010-02-28 08:41 . 2010-02-28 08:41 578472 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\IECONTENTSERVICE.EXE
+ 2010-03-23 01:30 . 2010-03-23 01:30 155008 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ENVELOPE.DLL
+ 2010-03-23 14:57 . 2010-03-23 14:57 135032 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\CONTAB32.DLL
+ 2010-02-28 06:19 . 2010-02-28 06:19 211320 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\CLVIEW.EXE
+ 2011-11-26 01:20 . 2011-11-26 19:27 223744 c:\windows\assembly\temp\kwrd.dll
+ 2011-11-11 17:12 . 2011-11-11 17:12 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-08-20 17:24 . 2011-08-20 17:24 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-11-11 17:12 . 2011-11-11 17:12 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2011-08-20 17:24 . 2011-08-20 17:24 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2011-08-20 17:24 . 2011-08-20 17:24 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-11-11 17:12 . 2011-11-11 17:12 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-11-11 17:12 . 2011-11-11 17:12 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-08-20 17:24 . 2011-08-20 17:24 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-08-20 17:24 . 2011-08-20 17:24 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-11-11 17:12 . 2011-11-11 17:12 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-08-20 17:24 . 2011-08-20 17:24 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-11 17:12 . 2011-11-11 17:12 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-08-20 17:24 . 2011-08-20 17:24 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-11 17:12 . 2011-11-11 17:12 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-08-20 17:24 . 2011-08-20 17:24 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-11 17:12 . 2011-11-11 17:12 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-08-20 17:24 . 2011-08-20 17:24 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-11 17:12 . 2011-11-11 17:12 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-08-20 17:24 . 2011-08-20 17:24 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-11 17:12 . 2011-11-11 17:12 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-11 17:12 . 2011-11-11 17:12 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-08-20 17:24 . 2011-08-20 17:24 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-11 17:12 . 2011-11-11 17:12 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-08-20 17:24 . 2011-08-20 17:24 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-11 17:12 . 2011-11-11 17:12 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-08-20 17:24 . 2011-08-20 17:24 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-08-20 17:24 . 2011-08-20 17:24 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-11-11 17:12 . 2011-11-11 17:12 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-09-14 10:45 . 2010-09-14 10:45 1119592 c:\windows\SysWOW64\sftldr_wow64.dll
+ 2011-11-12 21:42 . 2011-10-15 08:53 7041856 c:\windows\SysWOW64\nvwgf2um.dll
+ 2011-11-12 21:42 . 2011-10-15 08:53 2401088 c:\windows\SysWOW64\nvcuvid.dll
+ 2011-11-12 21:42 . 2011-10-15 08:53 2099520 c:\windows\SysWOW64\nvcuvenc.dll
+ 2011-11-12 21:42 . 2011-10-15 08:53 5578560 c:\windows\SysWOW64\nvcuda.dll
+ 2011-11-12 21:42 . 2011-10-15 08:53 2458432 c:\windows\SysWOW64\nvapi.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 4422992 c:\windows\SysWOW64\mfc100u.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 4397384 c:\windows\SysWOW64\mfc100.dll
- 2011-04-03 00:34 . 2009-09-04 21:29 1892184 c:\windows\SysWOW64\D3DX9_42.dll
+ 2011-11-11 17:02 . 2009-09-04 22:29 1892184 c:\windows\SysWOW64\D3DX9_42.dll
- 2011-04-03 00:34 . 2009-03-09 19:27 4178264 c:\windows\SysWOW64\D3DX9_41.dll
+ 2011-11-11 17:02 . 2009-03-09 20:27 4178264 c:\windows\SysWOW64\D3DX9_41.dll
+ 2011-11-11 17:01 . 2008-10-15 11:22 4379984 c:\windows\SysWOW64\D3DX9_40.dll
- 2011-04-08 21:58 . 2008-10-15 10:22 4379984 c:\windows\SysWOW64\D3DX9_40.dll
+ 2011-11-11 17:01 . 2008-07-10 16:00 3851784 c:\windows\SysWOW64\D3DX9_39.dll
- 2011-04-03 00:34 . 2008-07-10 15:00 3851784 c:\windows\SysWOW64\D3DX9_39.dll
+ 2011-11-11 17:00 . 2008-05-30 19:11 3850760 c:\windows\SysWOW64\D3DX9_38.dll
- 2011-04-03 00:34 . 2008-05-30 18:11 3850760 c:\windows\SysWOW64\D3DX9_38.dll
+ 2011-11-11 17:00 . 2008-03-05 20:56 3786760 c:\windows\SysWOW64\D3DX9_37.dll
- 2011-04-03 00:34 . 2008-03-05 19:56 3786760 c:\windows\SysWOW64\D3DX9_37.dll
+ 2011-11-11 17:02 . 2009-09-04 22:29 5501792 c:\windows\SysWOW64\d3dcsx_42.dll
- 2011-04-03 00:34 . 2009-09-04 21:29 5501792 c:\windows\SysWOW64\d3dcsx_42.dll
- 2011-04-03 00:34 . 2009-09-04 21:29 1974616 c:\windows\SysWOW64\D3DCompiler_42.dll
+ 2011-11-11 17:02 . 2009-09-04 22:29 1974616 c:\windows\SysWOW64\D3DCompiler_42.dll
- 2011-04-08 21:58 . 2008-10-15 10:22 2036576 c:\windows\SysWOW64\D3DCompiler_40.dll
+ 2011-11-11 17:01 . 2008-10-15 11:22 2036576 c:\windows\SysWOW64\D3DCompiler_40.dll
+ 2011-11-11 17:01 . 2008-07-10 16:00 1493528 c:\windows\SysWOW64\D3DCompiler_39.dll
- 2011-04-03 00:34 . 2008-07-10 15:00 1493528 c:\windows\SysWOW64\D3DCompiler_39.dll
- 2011-04-03 00:34 . 2008-05-30 18:11 1491992 c:\windows\SysWOW64\D3DCompiler_38.dll
+ 2011-11-11 17:01 . 2008-05-30 19:11 1491992 c:\windows\SysWOW64\D3DCompiler_38.dll
+ 2011-11-11 17:00 . 2008-03-05 20:56 1420824 c:\windows\SysWOW64\D3DCompiler_37.dll
- 2011-04-03 00:34 . 2008-03-05 19:56 1420824 c:\windows\SysWOW64\D3DCompiler_37.dll
+ 2009-07-14 04:54 . 2011-11-26 21:53 1032192 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-26 21:53 8011776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-05 01:39 8011776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-26 21:53 6307840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-05 01:39 6307840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:45 . 2011-11-23 08:23 3802522 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-10-16 02:15 3802522 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-04-03 00:13 . 2011-11-26 21:52 4485084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-8645341-3787877179-1305212307-1001-8192.dat
+ 2008-09-15 18:41 . 2008-09-15 18:41 3025920 c:\windows\Installer\5009efa.msi
+ 2010-11-26 19:34 . 2010-11-26 19:34 9998336 c:\windows\Installer\3217aeb.msi
+ 2010-11-26 18:44 . 2010-11-26 18:44 3123200 c:\windows\Installer\3217adb.msi
+ 2010-11-26 14:04 . 2010-11-26 14:04 1911808 c:\windows\Installer\3217acb.msi
+ 2010-11-26 16:44 . 2010-11-26 16:44 1528320 c:\windows\Installer\3217ab3.msi
+ 2010-11-26 18:44 . 2010-11-26 18:44 3670016 c:\windows\Installer\3217a9b.msi
+ 2010-11-26 16:43 . 2010-11-26 16:43 1997312 c:\windows\Installer\3217a8b.msi
+ 2010-11-26 18:32 . 2010-11-26 18:32 2211328 c:\windows\Installer\3217a83.msi
+ 2011-03-18 00:20 . 2011-03-18 00:20 1961984 c:\windows\Installer\2003d0f.msp
+ 2011-06-29 02:27 . 2011-06-29 02:27 4028928 c:\windows\Installer\1fc822b.msp
+ 2011-10-22 20:21 . 2011-10-22 20:21 3463168 c:\windows\Installer\1fc81f3.msp
+ 2011-07-21 17:34 . 2011-07-21 17:34 3456000 c:\windows\Installer\1fc81a2.msp
+ 2011-03-08 18:36 . 2011-03-08 18:36 5902336 c:\windows\Installer\1fc8189.msp
+ 2011-10-27 03:45 . 2011-10-27 03:45 9177600 c:\windows\Installer\1fc8159.msp
+ 2011-07-21 17:45 . 2011-07-21 17:45 3809792 c:\windows\Installer\1fc8107.msp
+ 2011-10-27 04:23 . 2011-10-27 04:23 8821760 c:\windows\Installer\1fc80db.msp
+ 2011-07-21 17:41 . 2011-07-21 17:41 8413696 c:\windows\Installer\1fc8081.msp
+ 2011-04-16 13:44 . 2011-04-16 13:44 2770944 c:\windows\Installer\1fc802d.msi
+ 2011-08-22 04:18 . 2011-08-22 04:18 1585152 c:\windows\Installer\1fc7fe4.msp
+ 2011-08-07 19:13 . 2011-11-23 08:05 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-08-07 19:13 . 2011-08-07 19:13 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-08-07 19:13 . 2011-08-07 19:13 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-08-07 19:13 . 2011-11-23 08:05 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-08-07 19:13 . 2011-08-07 19:13 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-08-07 19:13 . 2011-11-23 08:05 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-08-07 19:13 . 2011-11-23 08:05 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2011-08-07 19:13 . 2011-08-07 19:13 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-03-01 09:20 . 2010-03-01 09:20 2102656 c:\windows\Installer\$PatchCache$\Managed\00004159FA0090400000000000F01FEC\14.0.4763\GKPOWERPOINT.DLL
+ 2010-02-28 06:33 . 2010-02-28 06:33 3207072 c:\windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC\14.0.4763\CVH.EXE
+ 2010-02-28 06:33 . 2010-02-28 06:33 4817336 c:\windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC\14.0.4763\CVH.DLL
+ 2010-03-25 00:28 . 2010-03-25 00:28 1479520 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\XLICONS.EXE
+ 2010-03-27 12:45 . 2010-03-27 12:45 5460312 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\WRD12CNV.DLL
+ 2010-03-25 00:28 . 2010-03-25 00:28 1858400 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\WORDICON.EXE
+ 2010-03-27 12:38 . 2010-03-27 12:38 1422168 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\WINWORD.EXE
+ 2010-03-25 14:23 . 2010-03-25 14:23 1707904 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SOCIALCONNECTOR.DLL
+ 2010-03-25 00:28 . 2010-03-25 00:28 3792736 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\PPTICO.EXE
+ 2010-03-09 13:57 . 2010-03-09 13:57 9696616 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\PPCORE.DLL
+ 2009-07-23 14:01 . 2009-07-23 14:01 3670016 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OUTLFLTR.DAT
+ 2010-03-30 12:29 . 2010-03-30 12:29 9182056 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONMAIN.DLL
+ 2010-03-30 12:29 . 2010-03-30 12:29 1676128 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONENOTE.EXE
+ 2010-03-23 14:57 . 2010-03-23 14:57 3189120 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OLMAPI32.DLL
+ 2010-03-01 09:20 . 2010-03-01 09:20 2323840 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\GKWORD.DLL
+ 2010-03-01 09:20 . 2010-03-01 09:20 2102656 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\GKPOWERPOINT.DLL
+ 2010-03-01 09:20 . 2010-03-01 09:20 3355008 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\GKEXCEL.DLL
+ 2011-11-11 17:12 . 2011-11-11 17:12 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-08-20 17:24 . 2011-08-20 17:24 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-11 17:12 . 2011-11-11 17:12 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-08-20 17:24 . 2011-08-20 17:24 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-12 21:42 . 2011-10-15 08:53 18871616 c:\windows\SysWOW64\nvoglv32.dll
+ 2011-11-12 21:42 . 2011-10-15 08:53 13205312 c:\windows\SysWOW64\nvd3dum.dll
+ 2011-11-12 21:42 . 2011-10-15 08:53 17248576 c:\windows\SysWOW64\nvcompiler.dll
+ 2011-07-04 02:04 . 2011-07-04 02:04 26916352 c:\windows\Installer\37131.msi
+ 2010-11-26 18:21 . 2010-11-26 18:21 12719104 c:\windows\Installer\3217aab.msi
+ 2010-08-13 19:08 . 2010-08-13 19:08 41272320 c:\windows\Installer\1fc81dc.msp
+ 2011-07-21 17:36 . 2011-07-21 17:36 66808320 c:\windows\Installer\1fc81c2.msp
+ 2011-06-20 04:28 . 2011-06-20 04:28 18457088 c:\windows\Installer\1fc8120.msp
+ 2010-11-11 17:52 . 2010-11-11 17:52 13486592 c:\windows\Installer\1fc80c8.msp
+ 2011-08-22 04:14 . 2011-08-22 04:14 20647936 c:\windows\Installer\1fc80b1.msp
+ 2011-10-27 03:51 . 2011-10-27 03:51 16885760 c:\windows\Installer\1fc804d.msp
+ 2011-10-27 03:46 . 2011-10-27 03:46 11580928 c:\windows\Installer\1fc8003.msp
+ 2011-10-22 20:21 . 2011-10-22 20:21 21515264 c:\windows\Installer\1fc7fcc.msp
+ 2011-03-08 18:33 . 2011-03-08 18:33 54645248 c:\windows\Installer\1fc7f9b.msp
+ 2011-11-19 15:23 . 2011-11-19 15:23 20333568 c:\windows\Installer\122ead77.msp
+ 2010-03-13 19:08 . 2010-03-13 19:08 20516712 c:\windows\Installer\$PatchCache$\Managed\00004159FA0090400000000000F01FEC\14.0.4763\OART.DLL
+ 2010-03-23 00:36 . 2010-03-23 00:36 72521600 c:\windows\Installer\$PatchCache$\Managed\00004159FA0090400000000000F01FEC\14.0.4763\MSORES.DLL
+ 2010-03-13 04:50 . 2010-03-13 04:50 17800544 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\XL12CNV.EXE
+ 2010-03-27 12:38 . 2010-03-27 12:38 19370840 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\WWLIB.DLL
+ 2010-03-23 14:57 . 2010-03-23 14:57 15889248 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OUTLOOK.EXE
+ 2010-03-13 04:05 . 2010-03-13 04:05 11121528 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OARTCONV.DLL
+ 2010-03-13 19:08 . 2010-03-13 19:08 20516712 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OART.DLL
+ 2010-03-01 08:56 . 2010-03-01 08:56 10272104 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSPUB.EXE
+ 2010-03-23 00:36 . 2010-03-23 00:36 72521600 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSORES.DLL
+ 2010-03-25 14:25 . 2010-03-25 14:25 30969208 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\GROOVE.EXE
+ 2010-03-13 18:53 . 2010-03-13 18:53 20753760 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\EXCEL.EXE
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [x]
R0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-08-21 19952]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Cuda\Downloads\ThrottleStop_330\ThrottleStop_330\WinRing0x64.sys [2008-07-27 14544]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-26 c:\windows\Tasks\At10.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-26 c:\windows\Tasks\At12.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-26 c:\windows\Tasks\At14.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-26 c:\windows\Tasks\At16.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-26 c:\windows\Tasks\At18.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-26 c:\windows\Tasks\At2.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-26 c:\windows\Tasks\At20.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-26 c:\windows\Tasks\At22.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-26 c:\windows\Tasks\At24.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-26 c:\windows\Tasks\At26.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-26 c:\windows\Tasks\At28.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-26 c:\windows\Tasks\At30.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-26 c:\windows\Tasks\At32.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-26 c:\windows\Tasks\At34.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-25 c:\windows\Tasks\At36.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-25 c:\windows\Tasks\At38.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-26 c:\windows\Tasks\At4.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-26 c:\windows\Tasks\At40.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-26 c:\windows\Tasks\At42.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-26 c:\windows\Tasks\At44.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-26 c:\windows\Tasks\At46.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-26 c:\windows\Tasks\At48.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-26 c:\windows\Tasks\At6.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-26 c:\windows\Tasks\At8.job
- c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
.
2011-11-26 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2011-08-07 19:05]
.
2011-11-26 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2011-08-07 19:05]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8645341-3787877179-1305212307-1001Core.job
- c:\users\Cuda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-12 17:57]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8645341-3787877179-1305212307-1001UA.job
- c:\users\Cuda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-12 17:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"combofix"="c:\combofix\CF19160.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://iknowsearch.net
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Cuda\AppData\Roaming\Mozilla\Firefox\Profiles\ldkaumgk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.iknowsearch.net/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-01220171.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2011-11-26 16:58:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-26 21:58
ComboFix2.txt 2011-11-06 17:50
ComboFix3.txt 2011-11-05 19:59
ComboFix4.txt 2011-11-05 01:43
.
Pre-Run: 60,613,726,208 bytes free
Post-Run: 60,602,261,504 bytes free
.
- - End Of File - - 0C678F7418F264E6EEE261E7DA432A8C

Oh - and the goodfix log:


GooredFix by jpshortstuff (03.07.10.1)
Log created at 16:45 on 26/11/2011 (Cuda)
Firefox version 8.0 (en-US)

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:12 05/11/2011]

C:\Users\Cuda\Application Data\Mozilla\Firefox\Profiles\ldkaumgk.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-

Hi,

You have a very long and complicated Combofix log, I need to look it over very close, I will be away until tomorrow morning so in the meantime lets do this.


Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)







OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

TDSKiller found nothing.

Here is the OTL.txt

OTL logfile created on: 11/26/2011 5:24:50 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Cuda\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.92 Gb Total Physical Memory | 4.51 Gb Available Physical Memory | 76.20% Memory free
11.83 Gb Paging File | 10.37 Gb Available in Paging File | 87.67% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.42 Gb Total Space | 56.29 Gb Free Space | 9.68% Space Free | Partition Type: NTFS
Drive D: | 192.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CUDA-PC | User Name: Cuda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Cuda\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinRing0_1_2_0) -- C:\Users\Cuda\Downloads\ThrottleStop_330\ThrottleStop_330\WinRing0x64.sys (OpenLibSys.org)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://iknowsearch.net
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.iknowsearch.net/"

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Cuda\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Cuda\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/11 09:59:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/08/30 22:16:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/04/02 17:56:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cuda\AppData\Roaming\Mozilla\Extensions
[2011/09/17 17:15:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cuda\AppData\Roaming\Mozilla\Firefox\Profiles\ldkaumgk.default\extensions
[2011/11/11 09:59:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/11 09:59:16 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/11 09:59:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cuda\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Cuda\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Cuda\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Cuda\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: James White = C:\Users\Cuda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\
CHR - Extension: Alexa Traffic Rank = C:\Users\Cuda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1.1.0_0\
CHR - Extension: AdBlock = C:\Users\Cuda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.29_0\
CHR - Extension: TweetDeck = C:\Users\Cuda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\0.9.8.2_0\
CHR - Extension: Flixster = C:\Users\Cuda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh\1.0.6_0\
CHR - Extension: HootSuite = C:\Users\Cuda\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.243_0\
CHR - Extension: Incredible StartPage - Productive Start Page for Chrome! = C:\Users\Cuda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.4.3_0\
CHR - Extension: Reddit Pictures /pics.fefoo/ = C:\Users\Cuda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pafcjefdljlmkjchkghlekjhpiaccpbp\1.2_0\

O1 HOSTS File: ([2011/11/26 16:53:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D3382E0-DBD8-46D4-A614-67C593A25B99}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9E27C6B-587B-40A8-845B-760F11C1DBCE}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/07 15:08:54 | 000,000,054 | ---- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/26 17:21:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Cuda\Desktop\OTL.exe
[2011/11/26 16:58:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/26 16:53:19 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/26 16:45:37 | 000,000,000 | ---D | C] -- C:\Users\Cuda\Desktop\GooredFix Backups
[2011/11/26 16:43:12 | 004,309,325 | R--- | C] (Swearware) -- C:\Users\Cuda\Desktop\ComboFix.exe
[2011/11/26 16:42:30 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Cuda\Desktop\GooredFix.exe
[2011/11/26 14:22:24 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Cuda\Desktop\aswMBR.exe
[2011/11/25 20:05:34 | 000,000,000 | ---D | C] -- C:\Users\Cuda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NET Traffic Meter
[2011/11/25 20:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NET Traffic Meter
[2011/11/25 20:05:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NET Traffic Meter
[2011/11/25 12:45:04 | 000,000,000 | ---D | C] -- C:\Users\Cuda\AppData\Roaming\PhotoScape
[2011/11/25 12:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2011/11/25 12:44:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape
[2011/11/24 12:34:33 | 000,000,000 | ---D | C] -- C:\Users\Cuda\AppData\Local\Microsoft Games
[2011/11/16 20:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trident Web Solutions, Inc
[2011/11/15 20:23:56 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/11/12 16:42:00 | 024,796,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/11/12 16:42:00 | 024,742,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/11/12 16:42:00 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/11/12 16:42:00 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/11/12 16:42:00 | 015,693,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011/11/12 16:42:00 | 013,205,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011/11/12 16:42:00 | 008,791,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011/11/12 16:42:00 | 007,581,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/11/12 16:42:00 | 007,041,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/11/12 16:42:00 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/11/12 16:42:00 | 002,542,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/11/12 16:42:00 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011/11/12 16:42:00 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/11/12 16:42:00 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/11/12 16:42:00 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/11/12 16:42:00 | 001,533,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011/11/12 16:42:00 | 001,454,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011/11/12 16:42:00 | 001,452,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420102.dll
[2011/11/12 16:42:00 | 000,716,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2011/11/12 16:42:00 | 000,371,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoptimusmft.dll
[2011/11/12 16:42:00 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2011/11/12 16:42:00 | 000,330,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoptimusmft.dll
[2011/11/12 16:42:00 | 000,301,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2011/11/12 16:42:00 | 000,249,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvkflt.sys
[2011/11/12 16:42:00 | 000,241,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2011/11/12 16:42:00 | 000,203,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2011/11/12 16:42:00 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2011/11/12 16:42:00 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/11/12 16:42:00 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/11/12 16:42:00 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2011/11/12 16:42:00 | 000,028,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvpciflt.sys
[2011/11/11 12:19:47 | 000,000,000 | ---D | C] -- C:\Users\Cuda\AppData\Local\Skyrim
[2011/11/11 12:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2011/11/11 12:03:01 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2011/11/11 12:03:01 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2011/11/11 12:03:01 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2011/11/11 12:03:01 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2011/11/11 12:03:01 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2011/11/11 12:03:01 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2011/11/11 12:03:00 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2011/11/11 12:03:00 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2011/11/11 12:02:57 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2011/11/11 12:02:52 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2011/11/11 12:02:52 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2011/11/11 12:02:50 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2011/11/11 12:02:50 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2011/11/11 12:02:40 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2011/11/11 12:02:40 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2011/11/11 12:02:33 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2011/11/11 12:02:33 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2011/11/11 12:02:29 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2011/11/11 12:02:29 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011/11/11 12:02:21 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2011/11/11 12:02:21 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2011/11/11 12:02:11 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2011/11/11 12:02:11 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011/11/11 12:02:07 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2011/11/11 12:02:07 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2011/11/11 12:02:07 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2011/11/11 12:02:05 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2011/11/11 12:02:05 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2011/11/11 12:02:04 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2011/11/11 12:02:04 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2011/11/11 12:01:55 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2011/11/11 12:01:55 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011/11/11 12:01:55 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2011/11/11 12:01:55 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011/11/11 12:01:46 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2011/11/11 12:01:46 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011/11/11 12:01:42 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2011/11/11 12:01:42 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2011/11/11 12:01:42 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2011/11/11 12:01:42 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2011/11/11 12:01:40 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2011/11/11 12:01:40 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2011/11/11 12:01:37 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2011/11/11 12:01:37 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2011/11/11 12:01:33 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2011/11/11 12:01:33 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011/11/11 12:01:33 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2011/11/11 12:01:33 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011/11/11 12:01:30 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2011/11/11 12:01:30 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2011/11/11 12:01:27 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2011/11/11 12:01:27 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011/11/11 12:01:27 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2011/11/11 12:01:27 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011/11/11 12:01:19 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2011/11/11 12:01:19 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011/11/11 12:01:11 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2011/11/11 12:01:11 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2011/11/11 12:01:11 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2011/11/11 12:01:11 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2011/11/11 12:01:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2011/11/11 12:01:09 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2011/11/11 12:01:08 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2011/11/11 12:01:08 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2011/11/11 12:01:01 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2011/11/11 12:01:01 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2011/11/11 12:01:01 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2011/11/11 12:01:01 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2011/11/11 12:00:51 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2011/11/11 12:00:51 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2011/11/11 12:00:47 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2011/11/11 12:00:47 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2011/11/11 12:00:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2011/11/11 12:00:44 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2011/11/11 12:00:43 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2011/11/11 12:00:43 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2011/11/11 12:00:38 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2011/11/11 12:00:38 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2011/11/11 12:00:38 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2011/11/11 12:00:38 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2011/11/11 12:00:31 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2011/11/11 12:00:31 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2011/11/11 11:54:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim
[2011/11/04 20:54:25 | 000,000,000 | ---D | C] -- C:\Users\Cuda\AppData\Local\Adobe
[2011/11/04 20:27:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/04 20:27:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/04 20:27:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/04 20:27:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/04 20:27:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/03 20:42:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/10/30 18:33:03 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2011/10/30 18:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2 C:\Users\Cuda\Desktop\*.tmp files -> C:\Users\Cuda\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/26 17:21:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Cuda\Desktop\OTL.exe
[2011/11/26 17:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At36.job
[2011/11/26 17:07:15 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 17:07:15 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 17:04:27 | 000,784,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/26 17:04:27 | 000,663,924 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/26 17:04:27 | 000,122,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/26 17:02:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-8645341-3787877179-1305212307-1001UA.job
[2011/11/26 17:00:38 | 000,000,198 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2011/11/26 17:00:37 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2011/11/26 17:00:32 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2011/11/26 16:59:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/26 16:59:36 | 469,372,927 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/26 16:53:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/26 16:43:24 | 004,309,325 | R--- | M] (Swearware) -- C:\Users\Cuda\Desktop\ComboFix.exe
[2011/11/26 16:42:31 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Cuda\Desktop\GooredFix.exe
[2011/11/26 16:38:05 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-8645341-3787877179-1305212307-1001Core.job
[2011/11/26 16:38:05 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At34.job
[2011/11/26 16:38:05 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At32.job
[2011/11/26 14:46:50 | 000,000,512 | ---- | M] () -- C:\Users\Cuda\Desktop\MBR.dat
[2011/11/26 14:27:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At28.job
[2011/11/26 14:27:48 | 755,290,210 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/26 14:22:32 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Cuda\Desktop\aswMBR.exe
[2011/11/26 14:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011/11/26 14:15:59 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At26.job
[2011/11/26 14:15:59 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/11/26 14:15:59 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/11/26 09:33:50 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/11/25 23:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At48.job
[2011/11/25 22:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At46.job
[2011/11/25 21:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At44.job
[2011/11/25 21:09:21 | 000,003,036 | ---- | M] () -- C:\Users\Cuda\Desktop\Attach.zip
[2011/11/25 20:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At42.job
[2011/11/25 19:59:53 | 000,001,243 | ---- | M] () -- C:\Users\Cuda\Desktop\Install Bandwidth Monitor Pro.lnk
[2011/11/25 19:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At40.job
[2011/11/25 18:25:27 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At38.job
[2011/11/25 17:16:41 | 000,000,112 | ---- | M] () -- C:\ProgramData\2jHiLI.dat
[2011/11/25 17:14:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\g0Qol0.com.b
[2011/11/25 17:13:53 | 000,111,616 | ---- | M] () -- C:\Windows\SysWow64\g0Qol0.com
[2011/11/24 12:33:42 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cuda\Desktop\TDSSKiller.exe
[2011/11/23 18:50:17 | 000,001,211 | ---- | M] () -- C:\Users\Cuda\AppData\Roaming\ahst.lni
[2011/11/23 14:07:39 | 000,000,132 | ---- | M] () -- C:\Users\Cuda\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/11/23 03:02:57 | 000,800,940 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/13 03:17:24 | 005,023,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/30 18:48:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2 C:\Users\Cuda\Desktop\*.tmp files -> C:\Users\Cuda\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/26 14:46:50 | 000,000,512 | ---- | C] () -- C:\Users\Cuda\Desktop\MBR.dat
[2011/11/25 21:09:21 | 000,003,036 | ---- | C] () -- C:\Users\Cuda\Desktop\Attach.zip
[2011/11/25 20:21:59 | 000,078,848 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2011/11/25 20:10:16 | 000,111,616 | ---- | C] () -- C:\Windows\SysWow64\g0Qol0.com
[2011/11/25 19:59:53 | 000,001,243 | ---- | C] () -- C:\Users\Cuda\Desktop\Install Bandwidth Monitor Pro.lnk
[2011/11/25 17:14:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\g0Qol0.com.b
[2011/11/25 17:11:19 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/11/25 17:11:19 | 000,000,112 | ---- | C] () -- C:\ProgramData\2jHiLI.dat
[2011/11/25 17:11:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/11/25 17:11:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/11/25 17:11:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/11/25 17:11:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/11/25 17:11:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/11/25 17:11:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/11/25 17:11:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/11/25 17:11:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/11/25 17:11:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/11/25 17:11:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/11/25 17:11:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/11/25 17:11:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/11/25 17:11:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/11/25 17:11:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/11/25 17:11:15 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/11/25 17:11:15 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/11/25 17:11:15 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/11/25 17:11:15 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/11/25 17:11:15 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/11/25 17:11:14 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/11/25 17:11:14 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/11/25 17:11:14 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/11/25 17:11:14 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/11/23 18:49:56 | 000,001,211 | ---- | C] () -- C:\Users\Cuda\AppData\Roaming\ahst.lni
[2011/11/23 14:07:39 | 000,000,132 | ---- | C] () -- C:\Users\Cuda\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/11/16 20:58:16 | 000,002,699 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iKnow Image Crop 1.6.3.lnk
[2011/11/04 21:12:35 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/04 20:27:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/04 20:27:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/04 20:27:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/04 20:27:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/04 20:27:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/30 18:48:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2011/08/10 20:20:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/08/07 14:05:21 | 000,647,168 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2011/08/07 14:05:21 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011/06/14 20:36:32 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/05/20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/04/12 17:26:28 | 000,003,584 | ---- | C] () -- C:\Users\Cuda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/04 23:44:45 | 000,800,940 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/02 21:37:37 | 000,000,565 | ---- | C] () -- C:\Users\Cuda\AppData\Roaming\myMPQ.ini
[2011/03/29 02:09:14 | 000,000,120 | ---- | C] () -- C:\Users\Cuda\AppData\Roaming\4c223628.dat
[2011/03/28 02:24:51 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/03/28 02:24:12 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/03/28 02:24:10 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/03/28 02:24:08 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2010/04/20 19:21:16 | 000,000,108 | RHS- | C] () -- C:\Windows\neoqaz2.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/04/02 18:32:15 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\App Launcher Gadget
[2011/07/04 21:57:31 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\avidemux
[2011/04/02 19:17:15 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\DAEMON Tools Lite
[2011/08/30 21:37:37 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\Executor
[2011/09/12 17:22:05 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\Leadertech
[2011/04/26 08:43:42 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\Mimo
[2011/05/31 17:17:56 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\Personal Video Database
[2011/11/25 20:32:51 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\PhotoScape
[2011/05/30 18:31:59 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\PMS
[2011/11/15 20:12:43 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\Rainmeter
[2011/08/16 08:00:23 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\SoftGrid Client
[2011/07/19 11:27:20 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\Sports Interactive
[2011/11/25 20:19:18 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\Spotify
[2011/02/15 15:27:57 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\System
[2011/08/20 22:18:38 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\SystemRequirementsLab
[2011/04/11 07:56:50 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\The Creative Assembly
[2011/08/30 22:17:01 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\Thunderbird
[2011/04/04 23:45:15 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\TP
[2011/05/03 08:47:51 | 000,000,000 | -HSD | M] -- C:\Users\Cuda\AppData\Roaming\wyUpdate AU
[2011/07/05 19:17:15 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\Xilisoft
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2011/11/26 09:33:50 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2011/11/26 14:15:59 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2011/11/26 14:15:59 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2011/11/26 14:15:59 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2011/11/26 14:27:51 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2011/11/26 14:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2011/11/26 16:38:05 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2011/11/26 16:38:05 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2011/11/26 17:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2011/11/25 18:25:27 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011/11/25 19:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2011/11/25 20:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2011/11/25 21:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2011/11/25 22:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2011/11/25 23:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011/11/26 17:00:38 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2011/11/26 17:00:37 | 000,000,202 | ---- | M] () -- C:\Windows\Tasks\AutoKMSDaily.job
[2011/08/04 08:48:38 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 108 bytes -> C:\Windows:

< End of report >



Didn't have an extras.txt

Did you set this as your homepage, can you tell me what it is, I am kind of leary going into a site I know nothing about

FF - prefs.js..browser.startup.homepage: "http://www.iknowsearch.net/"

Did you set this as your homepage, can you tell me what it is, I am kind of leary going into a site I know nothing about

FF - prefs.js..browser.startup.homepage: "http://www.iknowsearch.net/"



I did not. It keeps popping up every time I load my browser.

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses

:OTL
FF - prefs.js..browser.startup.homepage: "http://www.iknowsearch.net/"
[2011/11/26 17:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At36.job
[2011/11/26 16:38:05 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At34.job
[2011/11/26 16:38:05 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At32.job
[2011/11/26 14:27:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At28.job
[2011/11/26 14:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011/11/26 14:15:59 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At26.job
[2011/11/26 14:15:59 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/11/26 14:15:59 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/11/26 09:33:50 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/11/25 23:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At48.job
[2011/11/25 22:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At46.job
[2011/11/25 21:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At44.job
[2011/11/25 20:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At42.job
[2011/11/25 19:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At40.job
[2011/11/25 18:25:27 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At38.job
[2011/11/25 17:14:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\g0Qol0.com.b
[2011/11/25 17:13:53 | 000,111,616 | ---- | M] () -- C:\Windows\SysWow64\g0Qol0.com
[2011/11/25 20:10:16 | 000,111,616 | ---- | C] () -- C:\Windows\SysWow64\g0Qol0.com
[2011/11/25 17:14:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\g0Qol0.com.b
[2011/11/25 17:11:19 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/11/25 17:11:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/11/25 17:11:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/11/25 17:11:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/11/25 17:11:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/11/25 17:11:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/11/25 17:11:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/11/25 17:11:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/11/25 17:11:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/11/25 17:11:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/11/25 17:11:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/11/25 17:11:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/11/25 17:11:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/11/25 17:11:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/11/25 17:11:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/11/25 17:11:15 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/11/25 17:11:15 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/11/25 17:11:15 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/11/25 17:11:15 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/11/25 17:11:15 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/11/25 17:11:14 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/11/25 17:11:14 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/11/25 17:11:14 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/11/25 17:11:14 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At2.job
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 108 bytes -> C:\Windows:


:Services

:Reg

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.




Then, drag Combofix to the trash and use the links I provided earlier to download a fresh copy, follow the instructions to run it and post a new log please

All processes killed
========== PROCESSES ==========
========== OTL ==========
Prefs.js: "http://www.iknowsearch.net/" removed from browser.startup.homepage
C:\Windows\Tasks\At36.job moved successfully.
C:\Windows\Tasks\At34.job moved successfully.
C:\Windows\Tasks\At32.job moved successfully.
C:\Windows\Tasks\At28.job moved successfully.
C:\Windows\Tasks\At30.job moved successfully.
C:\Windows\Tasks\At26.job moved successfully.
C:\Windows\Tasks\At24.job moved successfully.
C:\Windows\Tasks\At22.job moved successfully.
C:\Windows\Tasks\At8.job moved successfully.
C:\Windows\Tasks\At6.job moved successfully.
C:\Windows\Tasks\At4.job moved successfully.
C:\Windows\Tasks\At20.job moved successfully.
C:\Windows\Tasks\At18.job moved successfully.
C:\Windows\Tasks\At16.job moved successfully.
C:\Windows\Tasks\At14.job moved successfully.
C:\Windows\Tasks\At12.job moved successfully.
C:\Windows\Tasks\At10.job moved successfully.
C:\Windows\Tasks\At2.job moved successfully.
C:\Windows\Tasks\At48.job moved successfully.
C:\Windows\Tasks\At46.job moved successfully.
C:\Windows\Tasks\At44.job moved successfully.
C:\Windows\Tasks\At42.job moved successfully.
C:\Windows\Tasks\At40.job moved successfully.
C:\Windows\Tasks\At38.job moved successfully.
C:\Windows\SysWOW64\g0Qol0.com.b moved successfully.
C:\Windows\SysWOW64\g0Qol0.com moved successfully.
File C:\Windows\SysWow64\g0Qol0.com not found.
File C:\Windows\SysWow64\g0Qol0.com.b not found.
File C:\Windows\tasks\At48.job not found.
File C:\Windows\tasks\At46.job not found.
File C:\Windows\tasks\At44.job not found.
File C:\Windows\tasks\At42.job not found.
File C:\Windows\tasks\At40.job not found.
File C:\Windows\tasks\At38.job not found.
File C:\Windows\tasks\At36.job not found.
File C:\Windows\tasks\At34.job not found.
File C:\Windows\tasks\At32.job not found.
File C:\Windows\tasks\At30.job not found.
File C:\Windows\tasks\At28.job not found.
File C:\Windows\tasks\At26.job not found.
File C:\Windows\tasks\At24.job not found.
File C:\Windows\tasks\At22.job not found.
File C:\Windows\tasks\At20.job not found.
File C:\Windows\tasks\At18.job not found.
File C:\Windows\tasks\At16.job not found.
File C:\Windows\tasks\At14.job not found.
File C:\Windows\tasks\At12.job not found.
File C:\Windows\tasks\At10.job not found.
File C:\Windows\tasks\At8.job not found.
File C:\Windows\tasks\At6.job not found.
File C:\Windows\tasks\At4.job not found.
File C:\Windows\tasks\At2.job not found.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\Temp:A8ADE5D8 deleted successfully.
Unable to delete ADS C:\Windows: .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::4909:23d8:654d:fac8%13
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.home:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{EE4C198B-A4C4-4CBF-B9AC-89F88F18467F}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{A472C05C-4A54-4D4C-B1C3-C3ECF3B61BBD}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{73904032-125D-47F0-9092-B2B6EA0C2C49}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Reusable ISATAP Interface {260A4E07-825E-4A91-AB91-813F36DE6055}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:28dc:2821:b89b:41b
Link-local IPv6 Address . . . . . : fe80::28dc:2821:b89b:41b%18
Default Gateway . . . . . . . . . : ::
C:\Users\Cuda\Desktop\cmd.bat deleted successfully.
C:\Users\Cuda\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection 3 while it has its media disconnected.
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : home
Link-local IPv6 Address . . . . . : fe80::4909:23d8:654d:fac8%13
IPv4 Address. . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{EE4C198B-A4C4-4CBF-B9AC-89F88F18467F}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{A472C05C-4A54-4D4C-B1C3-C3ECF3B61BBD}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{73904032-125D-47F0-9092-B2B6EA0C2C49}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Reusable ISATAP Interface {260A4E07-825E-4A91-AB91-813F36DE6055}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:8eb:3c40:3f57:fefd
Link-local IPv6 Address . . . . . : fe80::8eb:3c40:3f57:fefd%18
Default Gateway . . . . . . . . . : ::
C:\Users\Cuda\Desktop\cmd.bat deleted successfully.
C:\Users\Cuda\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Cuda\Desktop\cmd.bat deleted successfully.
C:\Users\Cuda\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Cuda
->Temp folder emptied: 5391503 bytes
->Temporary Internet Files folder emptied: 773980 bytes
->Java cache emptied: 22502239 bytes
->FireFox cache emptied: 186436079 bytes
->Google Chrome cache emptied: 6243486 bytes
->Flash cache emptied: 31077 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes
RecycleBin emptied: 16819138384 bytes

Total Files Cleaned = 16,251.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11262011_234909

Files\Folders moved on Reboot...
C:\Users\Cuda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

This log was far to long to post from combofix. I would have had to split it up into 10 different posts, so I decided to zip and attach it. Here it is.

Thats fine,

Rerun aswMBR just to scan, dont fix anything and post the new log.


Download CKScanner by askey127 from Here (http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop.
Doubleclick CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-26 14:28:36
-----------------------------
14:28:36.425 OS Version: Windows x64 6.1.7600
14:28:36.440 Number of processors: 8 586 0x2A07
14:28:36.440 ComputerName: CUDA-PC UserName: Cuda
14:28:38.437 Initialize success
14:28:43.523 AVAST engine defs: 11112601
14:28:46.222 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:28:46.222 Disk 0 Vendor: TOSHIBA_ MC00 Size: 610480MB BusType: 3
14:28:46.237 Disk 0 MBR read successfully
14:28:46.237 Disk 0 MBR scan
14:28:46.237 Disk 0 Windows VISTA default MBR code
14:28:46.237 Service scanning
14:28:48.889 Modules scanning
14:28:48.889 Disk 0 trace - called modules:
14:28:48.905 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
14:28:48.905 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006619060]
14:28:48.905 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8006482c80]
14:28:48.905 5 stdcfltn.sys[fffff8800184bc52] -> nt!IofCallDriver -> [0xfffffa8005f52e40]
14:28:48.920 7 ACPI.sys[fffff8800100b781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f54050]
14:28:50.496 AVAST engine scan C:\Windows
14:28:55.394 AVAST engine scan C:\Windows\system32
14:29:02.836 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Malware-gen
14:30:25.018 AVAST engine scan C:\Windows\system32\drivers
14:30:40.384 AVAST engine scan C:\Users\Cuda
14:33:17.006 File: C:\Users\Cuda\AppData\Local\Temp\akslsunobi **INFECTED** Win32:FakeAlert-BLY [Trj]
14:33:19.496 File: C:\Users\Cuda\AppData\Local\Temp\mgr.dll **INFECTED** Win32:FakeAlert-BLY [Trj]
14:33:29.730 File: C:\Users\Cuda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\54a13990-49a30161 **INFECTED** Win32:FakeAlert-BLY [Trj]
14:36:46.418 AVAST engine scan C:\ProgramData
14:46:15.405 Scan finished successfully
14:46:50.238 Disk 0 MBR has been saved successfully to "C:\Users\Cuda\Desktop\MBR.dat"
14:46:50.244 The log file has been saved successfully to "C:\Users\Cuda\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-27 08:50:13
-----------------------------
08:50:13.109 OS Version: Windows x64 6.1.7600
08:50:13.109 Number of processors: 8 586 0x2A07
08:50:13.110 ComputerName: CUDA-PC UserName: Cuda
08:50:14.638 Initialize success
08:50:25.930 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:50:25.933 Disk 0 Vendor: TOSHIBA_ MC00 Size: 610480MB BusType: 3
08:50:25.950 Disk 0 MBR read successfully
08:50:25.953 Disk 0 MBR scan
08:50:25.956 Disk 0 Windows VISTA default MBR code
08:50:25.959 Service scanning
08:50:27.377 Modules scanning
08:50:27.386 Disk 0 trace - called modules:
08:50:27.432 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
08:50:27.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e9e060]
08:50:27.442 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8007d06cb0]
08:50:27.446 5 stdcfltn.sys[fffff8800164bc52] -> nt!IofCallDriver -> [0xfffffa8005f5cd10]
08:50:27.450 7 ACPI.sys[fffff88000f58781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f60050]
08:50:27.455 Scan finished successfully
08:50:37.525 Disk 0 MBR has been saved successfully to "C:\Users\Cuda\Desktop\MBR.dat"
08:50:37.541 The log file has been saved successfully to "C:\Users\Cuda\Desktop\aswMBR.txt"

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.ZZ.11.KWAPAH
----- EOF -----

Looks like the CKScanner log has been altered, can you explain ?

Just ran it again and this is what I get...



CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.RKGLPN
----- EOF -----

How many times have you actually run CKScanner, the instructions state to run it just once unless asked to run it again

How many times have you actually run CKScanner, the instructions state to run it just once unless asked to run it again

I had only run it that one time until you asked me about that scan result, so I ran it again to make sure I hadn't done something wrong. Sorry for the confusion.

There is no confusion. CKScanner has been run many more times than just twice and the logs have been altered .

When a user posts for help, there is a certain amount of trust between the user and the person helping you. You trust me to provide professional help to clean your system and in return I trust you to provide the information via logs that I ask for, by altering that information you have broken that trust and I am no longer bound to help you.

This thread is now closed