iexplorer.exe infected help!.

Status
Not open for further replies.
Well iexplorer.exe is still running 24/7 and is starting to consume alot of memory around 100,000K+ in task manager. I am still being redirected to random sites sometimes also, and i still have my email application downloading the same emails which i have received every time. For example every 15 minutes i believe my email checks the server, I'll use spybot's notification email as an example (ive received approx 6 emails from spybot telling me you've replied), however every time my email application (Mozilla Thunderbird) checks for new emails every 15 minutes it will download all the spybot alerts which i already have?. Do the math 5 hours = 300 emails, now thats assuming that i only receive emails from spybot.... which i dont, so yeh i have mega spam. Overall whatever infected me is still present within this machine. Hopefully you can help me Jeff :P
 
Okay, the email problem i exaggerated its not 500 emails every 5 hours, its around 100, but still the more emails i receive from people, the more ill have on the server, hence the more i will download, let me show u an example screen shot.

I colour coded this screen shot, the same colour = same email, note this is just a small section of the emails ive received lol.

Screen shot is in the zip file attached
 
Hi Cyxee,

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
OTL logfile created on: 7/11/2011 4:00:24 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Steven\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

5.99 Gb Total Physical Memory | 4.37 Gb Available Physical Memory | 73.03% Memory free
11.98 Gb Paging File | 10.13 Gb Available in Paging File | 84.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 753.24 Gb Total Space | 218.65 Gb Free Space | 29.03% Space Free | Partition Type: NTFS

Computer Name: STEVEN-PC | User Name: Steven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Steven\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\RocketDock\Docklets\StackDocklet\StackDocklet.dll ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) Logitech Webcam 500(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64k.sys (Microsoft Corporation)
DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/burn4free/{31E8F9C9-9A88-4306-AA6A-8016A68E03F3}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 1C 18 F6 F8 9B CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/16 19:29:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/01 19:23:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/10/05 18:18:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/09/15 16:21:12 | 000,000,000 | ---D | M]

[2011/05/20 17:14:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Extensions
[2010/01/23 21:52:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/02/28 18:37:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/11/01 20:17:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/01 20:17:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/04/15 03:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/01 20:17:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 19:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/05 19:24:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (Reg Error: Key error.)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{145D26AA-2997-42BB-9E56-802EBB4619D7}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18231C3B-8D00-4CBA-93DB-C293EAC62737}: DhcpNameServer = 10.1.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 03:59:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Steven\Desktop\OTL.exe
[2011/11/05 19:44:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/05 19:24:19 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/05 18:41:09 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Local\PAYDAY
[2011/11/05 18:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2011/11/05 18:33:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Payday The Heist
[2011/11/05 18:29:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/05 00:45:26 | 003,191,696 | ---- | C] (TeamViewer GmbH) -- C:\Users\Steven\Desktop\TeamViewer_Setup_en.exe
[2011/11/04 22:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/11/04 22:50:04 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Steven\Desktop\esetsmartinstaller_enu.exe
[2011/11/04 18:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/11/04 18:16:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/11/04 18:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/11/04 18:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/11/04 02:02:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/04 02:02:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/04 02:02:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/02 22:51:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/02 22:50:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/02 22:48:52 | 004,283,620 | R--- | C] (Swearware) -- C:\Users\Steven\Desktop\ComboFix.exe
[2011/11/02 13:23:13 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steven\Desktop\TDSSKiller.exe
[2011/11/02 02:04:59 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Steven\Desktop\aswMBR.exe
[2011/11/01 23:43:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Steven\Desktop\dds.com
[2011/11/01 20:17:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/01 20:17:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/01 20:17:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/11/01 19:23:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/11/01 15:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/11/01 14:54:40 | 100,299,728 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\Steven\Desktop\11-10_vista64_win7_64_dd_ccc_ocl.exe
[2011/10/30 22:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/30 22:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/10/27 18:56:26 | 000,000,000 | ---D | C] -- C:\Users\Steven\Desktop\loloololol
[2011/10/27 00:47:41 | 000,000,000 | -H-D | C] -- C:\Users\Steven\Documents\Battlefield 3
[2011/10/15 18:51:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/10/15 18:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/10/15 18:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/10/14 15:39:23 | 000,000,000 | -H-D | C] -- C:\Users\Steven\Documents\Orcs Must Die
[2011/10/14 15:36:20 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orcs Must Die!
[2011/10/14 15:31:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orcs Must Die!
[2011/10/14 03:39:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/14 03:39:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/14 03:39:04 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/14 03:39:04 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/14 03:39:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/14 03:39:02 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/10/14 03:39:02 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/10/14 03:39:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/10/14 03:39:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/13 18:52:04 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/13 18:52:04 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/13 18:52:04 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/13 18:52:04 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/13 18:51:00 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/13 18:51:00 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/13 07:56:18 | 010,207,232 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2011/10/13 07:20:20 | 024,629,760 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2011/10/13 07:14:36 | 000,159,744 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2011/10/13 07:10:28 | 000,466,944 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2011/10/13 07:10:18 | 000,487,936 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2011/10/13 07:09:44 | 000,204,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2011/10/13 07:08:34 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011/10/13 07:08:16 | 000,423,424 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2011/10/13 07:08:10 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2011/10/13 07:07:58 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2011/10/13 07:07:54 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011/10/13 07:07:48 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2011/10/13 07:07:44 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2011/10/13 07:04:14 | 018,630,656 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2011/10/13 06:46:20 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2011/10/13 06:46:18 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2011/10/13 06:46:10 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2011/10/13 06:46:08 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2011/10/13 06:45:58 | 009,877,504 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2011/10/13 06:44:44 | 001,113,088 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll
[2011/10/13 06:44:20 | 001,828,864 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll
[2011/10/13 06:44:10 | 004,023,296 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2011/10/13 06:42:56 | 008,391,680 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2011/10/13 06:38:20 | 005,431,808 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2011/10/13 06:31:34 | 000,479,744 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2011/10/13 06:31:22 | 000,335,872 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2011/10/13 06:31:06 | 000,017,408 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2011/10/13 06:31:02 | 000,014,336 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2011/10/13 06:31:02 | 000,014,336 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2011/10/13 06:30:58 | 000,039,936 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2011/10/13 06:30:50 | 000,032,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2011/10/13 06:30:42 | 000,317,952 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2011/10/13 06:29:34 | 000,038,912 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2011/10/13 06:28:30 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2011/10/13 06:16:52 | 000,054,784 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2011/10/13 06:16:52 | 000,054,784 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2011/10/13 06:16:42 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2011/10/13 06:16:42 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2011/10/12 16:16:22 | 016,787,456 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll
[2011/10/12 16:14:54 | 000,051,200 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Steven\Desktop\*.tmp files -> C:\Users\Steven\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/07 04:03:13 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 04:03:13 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 03:59:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steven\Desktop\OTL.exe
[2011/11/07 03:56:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/07 03:55:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/07 03:55:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011/11/07 03:55:34 | 529,096,703 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 02:27:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/06 18:37:46 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/06 17:53:48 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011/11/05 23:48:03 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/11/05 23:48:03 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/05 23:42:03 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/11/05 20:42:55 | 000,000,917 | ---- | M] () -- C:\Users\Steven\Application Data\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk
[2011/11/05 20:42:55 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2011/11/05 20:31:52 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/05 20:31:49 | 000,726,908 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/05 20:31:49 | 000,150,188 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/05 19:24:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/05 19:17:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011/11/05 18:36:50 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Payday The Heist.lnk
[2011/11/05 18:27:59 | 004,283,620 | R--- | M] (Swearware) -- C:\Users\Steven\Desktop\ComboFix.exe
[2011/11/05 00:45:39 | 003,191,696 | ---- | M] (TeamViewer GmbH) -- C:\Users\Steven\Desktop\TeamViewer_Setup_en.exe
[2011/11/04 22:50:07 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Steven\Desktop\esetsmartinstaller_enu.exe
[2011/11/04 07:02:34 | 036,234,186 | ---- | M] () -- C:\Users\Steven\Desktop\crack.rar
[2011/11/02 13:31:18 | 000,023,347 | ---- | M] () -- C:\Users\Steven\Desktop\TDSSKlog.zip
[2011/11/02 13:22:56 | 001,545,436 | ---- | M] () -- C:\Users\Steven\Desktop\tdsskiller.zip
[2011/11/02 02:23:50 | 000,000,512 | ---- | M] () -- C:\Users\Steven\Desktop\MBR.dat
[2011/11/02 02:05:07 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Steven\Desktop\aswMBR.exe
[2011/11/02 00:38:31 | 000,000,719 | ---- | M] () -- C:\Users\Steven\Desktop\GMER.zip
[2011/11/01 23:55:17 | 000,003,634 | ---- | M] () -- C:\Users\Steven\Desktop\Attach.zip
[2011/11/01 23:43:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Steven\Desktop\dds.com
[2011/11/01 20:17:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/11/01 20:17:30 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/01 20:17:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/01 20:17:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/11/01 17:05:50 | 000,894,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/01 15:52:31 | 000,000,448 | ---- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/11/01 15:49:18 | 000,000,304 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/11/01 15:49:18 | 000,000,200 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011/11/01 15:30:25 | 000,000,440 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/11/01 15:28:20 | 000,000,304 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/11/01 15:28:20 | 000,000,200 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/11/01 14:55:51 | 100,299,728 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\Steven\Desktop\11-10_vista64_win7_64_dd_ccc_ocl.exe
[2011/10/30 16:06:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/30 10:07:14 | 000,000,000 | -H-- | M] () -- C:\Users\Steven\AppData\Local\{F6638B61-B082-46A1-A304-82A142BD8139}
[2011/10/28 11:12:06 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steven\Desktop\TDSSKiller.exe
[2011/10/25 21:58:06 | 000,885,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/25 20:54:31 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/10/25 20:53:57 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/10/24 20:26:41 | 032,147,858 | ---- | M] () -- C:\Users\Steven\Desktop\SmartSteam_v1.4.1_Incl_Steam_20110909.rar
[2011/10/21 17:29:13 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/10/19 22:14:52 | 000,059,904 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/10/17 22:38:30 | 000,000,129 | -H-- | M] () -- C:\Users\Steven\jagex_runescape_preferences2.dat
[2011/10/17 22:38:30 | 000,000,046 | -H-- | M] () -- C:\Users\Steven\jagex_runescape_preferences.dat
[2011/10/14 15:36:20 | 000,001,256 | ---- | M] () -- C:\Users\Steven\Desktop\Orcs Must Die!.lnk
[2011/10/14 14:35:23 | 000,304,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/13 07:56:18 | 010,207,232 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2011/10/13 07:20:20 | 024,629,760 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2011/10/13 07:15:20 | 000,198,664 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2011/10/13 07:14:36 | 000,159,744 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2011/10/13 07:14:26 | 000,736,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2011/10/13 07:13:00 | 000,867,328 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\aticfx64.dll
[2011/10/13 07:10:28 | 000,466,944 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2011/10/13 07:10:18 | 000,487,936 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2011/10/13 07:09:44 | 000,204,288 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2011/10/13 07:08:34 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011/10/13 07:08:16 | 000,423,424 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2011/10/13 07:08:10 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2011/10/13 07:07:58 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2011/10/13 07:07:54 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011/10/13 07:07:48 | 000,059,392 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2011/10/13 07:07:44 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2011/10/13 07:04:42 | 004,231,680 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2011/10/13 07:04:14 | 018,630,656 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2011/10/13 06:54:44 | 004,960,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2011/10/13 06:46:20 | 000,051,200 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2011/10/13 06:46:18 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2011/10/13 06:46:10 | 000,044,544 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2011/10/13 06:46:08 | 000,044,032 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2011/10/13 06:45:58 | 009,877,504 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2011/10/13 06:44:44 | 001,113,088 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll
[2011/10/13 06:44:28 | 004,289,024 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2011/10/13 06:44:20 | 001,828,864 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll
[2011/10/13 06:44:10 | 004,023,296 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2011/10/13 06:42:56 | 008,391,680 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2011/10/13 06:39:38 | 000,058,880 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
[2011/10/13 06:39:34 | 001,847,904 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2011/10/13 06:38:20 | 005,431,808 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2011/10/13 06:33:10 | 004,174,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2011/10/13 06:32:14 | 001,849,344 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2011/10/13 06:31:34 | 000,479,744 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2011/10/13 06:31:22 | 000,335,872 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2011/10/13 06:31:06 | 000,017,408 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2011/10/13 06:31:02 | 000,014,336 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2011/10/13 06:31:02 | 000,014,336 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2011/10/13 06:30:58 | 000,039,936 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2011/10/13 06:30:50 | 000,032,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2011/10/13 06:30:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2011/10/13 06:29:50 | 000,040,960 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
[2011/10/13 06:29:42 | 000,031,744 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2011/10/13 06:29:34 | 000,038,912 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2011/10/13 06:29:26 | 000,029,184 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2011/10/13 06:28:30 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2011/10/13 06:16:52 | 000,054,784 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2011/10/13 06:16:52 | 000,054,784 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2011/10/13 06:16:42 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2011/10/13 06:16:42 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2011/10/12 16:16:36 | 000,066,048 | ---- | M] () -- C:\Windows\SysNative\OpenVideo64.dll
[2011/10/12 16:16:22 | 016,787,456 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll
[2011/10/12 16:14:54 | 000,051,200 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Steven\Desktop\*.tmp files -> C:\Users\Steven\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/05 21:06:37 | 036,234,186 | ---- | C] () -- C:\Users\Steven\Desktop\crack.rar
[2011/11/05 21:06:37 | 032,147,858 | ---- | C] () -- C:\Users\Steven\Desktop\SmartSteam_v1.4.1_Incl_Steam_20110909.rar
[2011/11/05 18:36:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Payday The Heist.lnk
[2011/11/04 02:02:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/04 02:02:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/04 02:02:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/04 02:02:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/04 02:02:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/02 13:31:18 | 000,023,347 | ---- | C] () -- C:\Users\Steven\Desktop\TDSSKlog.zip
[2011/11/02 13:22:48 | 001,545,436 | ---- | C] () -- C:\Users\Steven\Desktop\tdsskiller.zip
[2011/11/02 02:23:50 | 000,000,512 | ---- | C] () -- C:\Users\Steven\Desktop\MBR.dat
[2011/11/02 00:38:31 | 000,000,719 | ---- | C] () -- C:\Users\Steven\Desktop\GMER.zip
[2011/11/01 23:55:17 | 000,003,634 | ---- | C] () -- C:\Users\Steven\Desktop\Attach.zip
[2011/11/01 23:44:55 | 000,302,592 | ---- | C] () -- C:\Users\Steven\Desktop\gmer.exe
[2011/11/01 17:06:13 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/01 15:49:18 | 000,000,304 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/11/01 15:49:18 | 000,000,200 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011/11/01 15:49:15 | 000,000,448 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/11/01 15:28:20 | 000,000,200 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/11/01 15:28:19 | 000,000,304 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/11/01 15:28:13 | 000,000,440 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/30 22:35:04 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/30 10:07:14 | 000,000,000 | -H-- | C] () -- C:\Users\Steven\AppData\Local\{F6638B61-B082-46A1-A304-82A142BD8139}
[2011/10/25 20:54:31 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/10/19 22:14:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/10/14 15:36:20 | 000,001,256 | ---- | C] () -- C:\Users\Steven\Desktop\Orcs Must Die!.lnk
[2011/10/13 07:15:20 | 000,198,664 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2011/10/13 06:39:34 | 001,847,904 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2011/10/13 06:32:14 | 001,849,344 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2011/10/12 16:16:36 | 000,066,048 | ---- | C] () -- C:\Windows\SysNative\OpenVideo64.dll
[2011/08/24 21:19:10 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/07/24 23:35:42 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/06/16 19:29:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/29 15:04:36 | 000,000,006 | -H-- | C] () -- C:\Users\Steven\AppData\Roaming\start
[2011/05/16 15:32:42 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/05/16 15:32:25 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/05/05 17:21:15 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/04/09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/18 04:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/11 19:01:11 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/09/30 14:59:57 | 000,000,094 | -H-- | C] () -- C:\Users\Steven\AppData\Local\fusioncache.dat
[2010/09/30 11:47:38 | 000,894,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/08 01:49:25 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010/07/27 19:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/07/27 19:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/07/27 19:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/05/19 23:31:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2010/04/26 14:21:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/02/26 00:09:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/02/25 18:04:09 | 000,007,602 | -H-- | C] () -- C:\Users\Steven\AppData\Local\resmon.resmoncfg
[2010/02/10 16:00:42 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/02/01 22:29:49 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/02/01 22:29:49 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/01/23 18:19:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/01/23 18:03:27 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/01/23 18:03:27 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/01/23 17:59:20 | 000,030,911 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/01/23 17:58:36 | 000,021,355 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/14 16:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 13:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 13:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 11:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 08:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/11/07 18:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2007/12/28 18:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2010/01/31 17:34:45 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\acccore
[2010/08/06 21:27:23 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\AnvSoft
[2010/08/08 15:22:55 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\App Launcher Gadget
[2010/09/08 23:29:57 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Auslogics
[2010/12/29 03:04:41 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Cool Record Edit Pro
[2011/11/05 18:33:26 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\DAEMON Tools Lite
[2011/07/03 02:05:40 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Day 1 Studios
[2011/11/01 16:54:44 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\Dev-Cpp
[2010/12/28 23:26:02 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Free Sound Recorder
[2011/11/01 16:46:36 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\FrostWire
[2011/11/01 16:54:44 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\GameHouse
[2011/02/09 16:19:16 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Huut
[2010/08/24 18:53:39 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\IObit
[2010/01/29 20:40:31 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Leadertech
[2011/06/05 20:16:42 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\LolClient
[2010/06/06 17:29:46 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Mount&Blade Warband
[2011/05/08 01:18:46 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Mount&Blade With Fire and Sword
[2011/11/01 16:46:41 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\Opera
[2011/05/20 17:37:58 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Oqteof
[2011/10/21 17:29:31 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Origin
[2011/05/29 19:02:40 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Poegg
[2010/07/05 15:34:44 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\runic games
[2010/04/17 21:27:24 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Subversion
[2011/11/01 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\SystemRequirementsLab
[2011/11/05 00:46:05 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\TeamViewer
[2011/11/01 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\Thunderbird
[2011/11/01 23:26:00 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\TS3Client
[2011/11/07 02:20:16 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\Tunngle
[2011/11/01 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\Ubisoft
[2011/09/28 20:18:50 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Utherverse
[2011/11/07 03:12:59 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\uTorrent
[2011/02/09 15:46:01 | 000,000,000 | -H-D | M] -- C:\Users\Steven\AppData\Roaming\Yrkyk
[2011/10/28 19:46:29 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:679ABA25
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0A8E2C33

< End of report >
 
OTL Extras logfile created on: 7/11/2011 4:00:24 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Steven\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

5.99 Gb Total Physical Memory | 4.37 Gb Available Physical Memory | 73.03% Memory free
11.98 Gb Paging File | 10.13 Gb Available in Paging File | 84.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 753.24 Gb Total Space | 218.65 Gb Free Space | 29.03% Space Free | Partition Type: NTFS

Computer Name: STEVEN-PC | User Name: Steven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0031FC73-643E-19DB-0A34-F7FF70B2F1E7}" = ccc-utility64
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{36A415C2-7181-421D-92C9-8255766E0FF3}" = TortoiseSVN 1.6.10.19898 (64 bit)
"{401E03EC-1644-1B0A-B8D3-C40477ADCEC4}" = AMD Drag and Drop Transcoding
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6681A016-C62A-DD7B-7F56-25B1A55CE12A}" = AMD Media Foundation Decoders
"{72DECC0F-58E0-0618-C857-43B4D3DB7B75}" = AMD Catalyst Install Manager
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0018-0000-1000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-001B-0000-1000-0000000FF1CE}" = Microsoft Office Word 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CCleaner" = CCleaner
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Office14.POWERPOINT" = Microsoft PowerPoint 2010
"Office14.WORD" = Microsoft Word 2010
"SP6" = Logitech SetPoint 6.15
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1" = Deus Ex - Human Revolution version 1.0
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13557DA4-3AB0-DB9B-B746-1BE901DEC60D}" = Catalyst Control Center
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34962E5E-FAC1-D8DF-7070-AA2B58971E31}" = Catalyst Control Center Graphics Previews Common
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{3F5FA47E-B4DE-45B4-85E3-11CD5E4974A3}_is1" = The Witcher 2 Assassins of Kings version 1.0
"{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Activision(R)
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{43E506CC-6633-4F2A-8D8E-4A95D2384393}" = Crysis Wars(R) Patch
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{5066FFF7-0029-BBA3-DD41-D71599987F1B}" = Catalyst Control Center InstallProxy
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7D6283AC-26E6-5F9C-AB8F-08D8A3EFB819}" = Application Profiles
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDCA3C32-FCE7-40E8-8CB5-7B0E87ADDFC9}_is1" = Majesty 2: The Fantasy Kingdom Sim
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DAABB60F-D2CB-ADC0-6FA7-8B2BB0A78CDA}" = Catalyst Control Center InstallProxy
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFABB945-0D32-C208-897A-F611F63A19D4}" = CCC Help English
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"APB Reloaded" = APB Reloaded
"Battlelog Web Plugins" = Battlelog Web Plugins
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Crysis Wars(R)" = Crysis Wars(R)
"Crysis Wars(R) Patch" = Crysis Wars(R) Patch
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Setup.divx.com" = DivX Setup
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"Eurobattle.net1.24b" = Eurobattle.net
"Fallout New Vegas_is1" = Fallout New Vegas
"FIFA 12 (c) EA_is1" = FIFA 12 (c) EA version 1
"FrostWire" = FrostWire 4.21.7
"GamersFirst LIVE!" = GamersFirst LIVE!
"hon" = Heroes of Newerth
"InstallShield_{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Singularity(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mount&Blade Warband" = Mount&Blade Warband
"Mount&Blade With Fire and Sword" = Mount&Blade With Fire and Sword
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.15)" = Mozilla Thunderbird (3.1.15)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"OpenAL" = OpenAL
"Opera 11.52.1100" = Opera 11.52
"Origin" = Origin
"Payday The Heist (c) OVERKILL Software_is1" = Payday The Heist (c) OVERKILL Software version 1
"PunkBusterSvc" = PunkBuster Services
"RocketDock_is1" = RocketDock 1.3.5
"Runic Games Torchlight" = Torchlight
"StarCraft II" = StarCraft II
"Steam App 12840" = DiRT 2
"Steam App 17410" = Mirror's Edge
"Steam App 17740" = Empires
"Steam App 240" = Counter-Strike: Source
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 6980" = Thief: Deadly Shadows
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"Tunngle beta_is1" = Tunngle beta
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.7
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/11/2011 1:41:58 PM | Computer Name = Steven-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 34754777

Error - 4/11/2011 1:41:58 PM | Computer Name = Steven-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 34754777

Error - 4/11/2011 1:41:59 PM | Computer Name = Steven-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/11/2011 1:41:59 PM | Computer Name = Steven-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 34755791

Error - 4/11/2011 1:41:59 PM | Computer Name = Steven-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 34755791

Error - 4/11/2011 1:42:04 PM | Computer Name = Steven-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/11/2011 1:42:04 PM | Computer Name = Steven-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 34760783

Error - 4/11/2011 1:42:04 PM | Computer Name = Steven-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 34760783

Error - 5/11/2011 5:42:51 AM | Computer Name = Steven-PC | Source = TnglCtrl.exe | ID = 0
Description =

Error - 6/11/2011 8:08:06 AM | Computer Name = Steven-PC | Source = Application Error | ID = 1000
Description = Faulting application name: steam.exe, version: 1.0.1065.11, time stamp:
0x4d9b89de Faulting module name: steamclient.dll_unloaded, version: 0.0.0.0, time
stamp: 0x4e692a41 Exception code: 0xc0000005 Fault offset: 0x383170c8 Faulting process
id: 0x14e8 Faulting application start time: 0x01cc9c7981cff722 Faulting application
path: C:\Program Files (x86)\Steam\steam.exe Faulting module path: steamclient.dll
Report
Id: fb7dc906-086f-11e1-851d-e0cb4e321de0

[ System Events ]
Error - 5/11/2011 4:18:48 AM | Computer Name = Steven-PC | Source = Microsoft Antimalware | ID = 5101
Description =

Error - 5/11/2011 4:18:58 AM | Computer Name = Steven-PC | Source = Service Control Manager | ID = 7023
Description = The Microsoft Antimalware Service service terminated with the following
error: %%-2147017840

Error - 5/11/2011 4:19:04 AM | Computer Name = Steven-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 5/11/2011 4:38:59 AM | Computer Name = Steven-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 5/11/2011 5:27:40 AM | Computer Name = Steven-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 6/11/2011 2:43:27 AM | Computer Name = Steven-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 6/11/2011 2:44:24 AM | Computer Name = Steven-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 6/11/2011 3:04:19 AM | Computer Name = Steven-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 6/11/2011 12:55:34 PM | Computer Name = Steven-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 6/11/2011 12:56:32 PM | Computer Name = Steven-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .


< End of report >
 
Download CKScanner by askey127 from Here & save it to your Desktop.
  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
 
CKScanner - Additional Security Risks - These are not necessarily bad
c:\lol\steamapps\common\call of duty black ops\zone\common\mp_cracked.ff
c:\lol\steamapps\common\call of duty black ops\zone\english\en_mp_cracked.ff
c:\lol\steamapps\nigga21\counter-strike source\cstrike\maps\cs_crackhouse.bsp
c:\lol\steamapps\nigga21\counter-strike source\cstrike\maps\cs_crackhouse.nav
c:\lol\steamapps\nigga21\counter-strike source\cstrike\maps\soundcache\cs_crackhouse.cache
c:\lol\steamapps\nigga21\counter-strike source\cstrike\materials\concrete\prodwllecracked.vmt
c:\lol\steamapps\nigga21\garrysmod\garrysmod\addons\phx3\sound\phx\.svn\prop-base\eggcrack.wav.svn-base
c:\lol\steamapps\nigga21\garrysmod\garrysmod\addons\phx3\sound\phx\.svn\text-base\eggcrack.wav.svn-base
c:\lol\steamapps\sourcemods\empires\materials\common\models\props_system\resourcepoint_crackalpha.vtf
c:\lol\steamapps\sourcemods\empires\materials\common\overlays\cracked01.vmt
c:\lol\steamapps\sourcemods\empires\materials\common\overlays\cracked01.vtf
c:\lol\steamapps\sourcemods\empires\materials\common\overlays\cracked01_normal.vtf
c:\lol\steamapps\sourcemods\empires\materials\silk\arid_crackedearth1.vtf
c:\lol\steamapps\sourcemods\empires\materials\silk\arid_crackedearth2.vtf
c:\lol\steamapps\sourcemods\empires\materials\silk\arid_crackedearth3.vtf
c:\lol\steamapps\sourcemods\empires\materials\silk\arid_crackedearth3_normal.vtf
c:\lol\steamapps\sourcemods\gesource\materials\goldeneye\temple\crackedrock.vmt
c:\lol\steamapps\sourcemods\gesource\materials\goldeneye\temple\crackedrock.vtf
c:\lol\steamapps\sourcemods\gesource\materials\goldeneye\temple\crackedrock_normal.vtf
c:\program files\mount&blade warband\sounds\fire_small_crackle_slick_op.ogg
c:\program files (x86)\gamersfirst\apb reloaded\apbgame\content\release\packages\symboleditor\primitives_splatscracks.upk
c:\program files (x86)\mount&blade with fire and sword\sounds\fire_small_crackle_slick_op.ogg
c:\program files (x86)\steam\steamapps\common\call of duty black ops\zone\common\mp_cracked.ff
c:\program files (x86)\steam\steamapps\common\call of duty black ops\zone\english\en_mp_cracked.ff
c:\program files (x86)\steam\steamapps\nigga21\counter-strike source\cstrike\maps\cs_crackhouse.bsp
c:\program files (x86)\steam\steamapps\nigga21\counter-strike source\cstrike\maps\cs_crackhouse.nav
c:\program files (x86)\steam\steamapps\nigga21\counter-strike source\cstrike\maps\soundcache\cs_crackhouse.cache
c:\program files (x86)\steam\steamapps\nigga21\counter-strike source\cstrike\materials\concrete\prodwllecracked.vmt
c:\program files (x86)\steam\steamapps\sourcemods\empires\materials\common\models\props_system\resourcepoint_crackalpha.vtf
c:\program files (x86)\steam\steamapps\sourcemods\empires\materials\common\overlays\cracked01.vmt
c:\program files (x86)\steam\steamapps\sourcemods\empires\materials\common\overlays\cracked01.vtf
c:\program files (x86)\steam\steamapps\sourcemods\empires\materials\common\overlays\cracked01_normal.vtf
c:\program files (x86)\steam\steamapps\sourcemods\empires\materials\silk\arid_crackedearth1.vtf
c:\program files (x86)\steam\steamapps\sourcemods\empires\materials\silk\arid_crackedearth2.vtf
c:\program files (x86)\steam\steamapps\sourcemods\empires\materials\silk\arid_crackedearth3.vtf
c:\program files (x86)\steam\steamapps\sourcemods\empires\materials\silk\arid_crackedearth3_normal.vtf
c:\program files (x86)\steam\steamapps\sourcemods\gesource\materials\goldeneye\temple\crackedrock.vmt
c:\program files (x86)\steam\steamapps\sourcemods\gesource\materials\goldeneye\temple\crackedrock.vtf
c:\program files (x86)\steam\steamapps\sourcemods\gesource\materials\goldeneye\temple\crackedrock_normal.vtf
c:\program files (x86)\stunlock studios\bloodline champions\content\particles\1x1\point_cracks.dds.xnb
c:\users\steven\desktop\crack.rar
c:\users\steven\downloads\auslogics boostspeed 5.0.2.200\crack instructions.txt
scanner sequence 3.ZZ.11.SUNALI
----- EOF -----
 
Hi Cyxee,

CKScanner has detected illegal software on your system. Besides being illegal, it's the number one way of infecting your system as all cracked/keygen software is infected. This forum, as well as all the other malware removal forums, do not support the use of illegal software except for their removal. If I were to continue helping you with illegal software installed, it could be construed in the eyes of the law as aiding and abetting a crime.

I have worked up a fix for their removal. If you do not agree to this then this thread will be closed and no further help will be offered. Please let me know if you wish to continue.
 
Hi Cyxee,

Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
-----------

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :Services

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/burn4free/{31E8F9C9-9A88-4306-AA6A-8016A68E03F3}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 1C 18 F6 F8 9B CA 01 [binary data]
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Steven\Desktop\*.tmp files -> C:\Users\Steven\Desktop\*.tmp -> ]
[2011/11/01 15:52:31 | 000,000,448 | ---- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/11/01 15:49:18 | 000,000,304 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/11/01 15:49:18 | 000,000,200 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011/11/01 15:30:25 | 000,000,440 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/11/01 15:28:20 | 000,000,304 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/11/01 15:28:20 | 000,000,200 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2010/02/25 18:04:09 | 000,007,602 | -H-- | C] () -- C:\Users\Steven\AppData\Local\resmon.resmoncfg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
 
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
C:\Windows\SysNative\SET847F.tmp deleted successfully.
C:\Windows\SysNative\SET857A.tmp deleted successfully.
C:\Windows\SysNative\SET95A6.tmp deleted successfully.
C:\Windows\SysNative\SET95D7.tmp deleted successfully.
C:\Windows\SysNative\SET9780.tmp deleted successfully.
C:\Windows\SysNative\SETA3DB.tmp deleted successfully.
C:\Windows\SysNative\SETA47B.tmp deleted successfully.
C:\Windows\SysWow64\SET98BA.tmp deleted successfully.
C:\Windows\SysWow64\SET9987.tmp deleted successfully.
C:\Windows\SysWow64\SETA1EF.tmp deleted successfully.
C:\Windows\SysWow64\SETA43B.tmp deleted successfully.
C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\Steven\Desktop\~WRL0005.tmp deleted successfully.
C:\ProgramData\1kAlMiG2Kb7FzP moved successfully.
C:\ProgramData\~1kAlMiG2Kb7FzP moved successfully.
C:\ProgramData\~1kAlMiG2Kb7FzPr moved successfully.
C:\ProgramData\6DSS92c31Apgjk moved successfully.
C:\ProgramData\~6DSS92c31Apgjk moved successfully.
C:\ProgramData\~6DSS92c31Apgjkr moved successfully.
C:\Users\Steven\AppData\Local\resmon.resmoncfg moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Steven\Desktop\cmd.bat deleted successfully.
C:\Users\Steven\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Steven
->Temp folder emptied: 61551063 bytes
->Temporary Internet Files folder emptied: 41549153 bytes
->Java cache emptied: 1915495 bytes
->FireFox cache emptied: 1139313 bytes
->Opera cache emptied: 335515428 bytes
->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 725506 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 389077173 bytes

Total Files Cleaned = 793.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11092011_022419

Files\Folders moved on Reboot...
C:\Users\Steven\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File\Folder C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VMCB36CX\afr[1].htm not found!
File\Folder C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VMCB36CX\afr[2].htm not found!
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VMCB36CX\login_status[1].htm moved successfully.
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VMCB36CX\sandbox[1].htm moved successfully.
File\Folder C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWJ8K8MX\gossipcenter[1].htm not found!
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWJ8K8MX\redirect_v93_cim_11_15_6[1].htm moved successfully.
File\Folder C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDWJ80C5\01[1].htm not found!
File\Folder C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDWJ80C5\afr[1].htm not found!
File\Folder C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDWJ80C5\afr[2].htm not found!
File\Folder C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDWJ80C5\gossipcenter[1].htm not found!
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDWJ80C5\statstracker[1].htm moved successfully.
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDWJ80C5\tweet_button[1].htm moved successfully.
File\Folder C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1M2KVIF\01[1].htm not found!
File\Folder C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1M2KVIF\01[2].htm not found!
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1M2KVIF\afr[1].htm moved successfully.
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1M2KVIF\afr[2].htm moved successfully.
File\Folder C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1M2KVIF\like[1].htm not found!

Registry entries deleted on Reboot...
 
Hi Cyxee,

I see that you have Malwarebytes on your system. Please run Malwarebytes, update it and then run a Quick Scan. Save the log that is produced for your next reply.
---------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    esetOnline.png
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      esetSmartInstall.png
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  4. Check
    esetAcceptTerms.png
  5. Click the Start button.
  6. Accept any security warnings from your browser.
  7. Check
    esetScanArchives.png
  8. Make sure that the option "Remove found threats" is Unchecked
  9. Push the Start button.
  10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  11. When the scan completes, push
    esetListThreats.png
  12. Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  13. Push the Back button.
  14. Push Finish
http://www.eset.com/onlinescan/
----------

In your next reply please post the logs created by Malwarebytes and ESET online scanner.
 
ESET SCAN

C:\Qoobox\Quarantine\C\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\522f31f7-5abd2f8f.vir a variant of Win32/Kryptik.USY trojan
C:\Qoobox\Quarantine\C\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\53ed4abb-4ae0d6dd.vir Java/Agent.DW trojan
C:\Qoobox\Quarantine\C\Users\Steven\AppData\Roaming\Auslogics\Rescue\Boost Speed\111015185748350.rsc.vir multiple threats
C:\Qoobox\Quarantine\C\Users\Steven\Desktop\Games\Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll.vir a variant of Win32/Packed.VMProtect.AAA trojan
 
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8129

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/11/2011 3:27:36 PM
mbam-log-2011-11-10 (15-27-36).txt

Scan type: Quick scan
Objects scanned: 190278
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Hi Cyxee,

P2P - I see you have P2P software µTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Programs and Features.
---------------

What remaining issues are you still having? :)
 
All the issues are still present, cant i just simply delete or uninstall internet explorer?, i mean, i just noticed they're were 2 iexeplorer.exe's running with the total consumption of ram between the two was 700,000k, they were each 400,000 to 300,000k. So yeah can we just remove internet explorer?
 
Hi Cyxee,

Please visit the website here and go to the Microsoft Fix It button and press Run Now.

Once that completes reboot your system and let me know if the problem still persists.
 
All problems still present.

Problem recap;

Constant iexplorer.exe running, despite me terminating it, seconds later it returns.

Redirecting occasionally to random websites,

Email re-downloading old mail, every time it checks for new mail. Its to the point of 100 old emails being received as 'new' each check, and these checks are approximately hourly i believe.
 
Hi Cyxee,

Are you using a wireless router by chance? If so are there other computers using it that are having the same problem?
 
Status
Not open for further replies.
Back
Top