system infected with security suite

Status
Not open for further replies.
OTL Log - System Current Status

Hi,
Every time I boot my system , a program called Registry Reviver runs automatically. It used to scan automatically and say that some files are infected. Last time I ran MBAM and removed some infected files. But Still this Registry Reviver runs when the desktop is loaded but it says that 'no scan is being done'. I feel that the actual infected file that was running behind the scene has been removed by MBAM but the triggering program is still not removed. Apologies if I am putting in a lot of information and if I am diverting you. But I felt it would be better to keep you informed.
 
Otl log

I have given a short description of my system in the previous post. OTL log below.

Thanks.
--------------------------------------------------------
OTL LOG
--------------------------------------------------------
OTL logfile created on: 10/1/2010 1:34:41 AM - Run 3
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 164.60 Gb Free Space | 58.08% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.84 Gb Free Space | 53.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MANJULA-HOME
Current User Name: Home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msshsq.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\duser.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\actxprxy.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\SLC.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\networkexplorer.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\thumbcache.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\linkinfo.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\IconCodecService.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe ()
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (TeamViewer4) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys ()
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys ()
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys ()
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (OA008Ufd) -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys ()
DRV:64bit: - (OA008Vid) -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys ()
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys ()
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys ()
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys ()
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys ()
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys ()
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys ()
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys ()
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092



O1 HOSTS File: ([2006/09/18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHECMypCaxosWLGCkK1JiQosd/H0OCHCnSI7WSJ0dujMhxZUI/
A1tO7KiyJsabDFMdlInzYiqYCEWuLBmz6Ec/qYgK7bmQ50WnC3UWtWnRqcyPLv/5AUoQalaqUWGK
lNp0KtVUZJmq3cl2bcStFb0qREoz7sCkaauaXTu25lKIVtuO3CrX6N66AuFe7Qp4JF6JHCMLdisw
L+WG1H4+RMtYoUy4k/9Zjsr5ZmClJFMvXX13Z+HQX6du5Vp2oOLaiWkf3h0bLdmrryHjDS548WKc
ugnSjZgXafKDy1kqfOyZ+NPM2CVLZswzrfbUnf3G/8z783bQnaO1mieoOXbOgiepgzXs/jJ95pc1
wiwPGv5DuaXZZtpdSXlmUEqYUeUVVvdRhBdn22VlGYOQ5ZZUfwxixxtFYimY21be8RaUb12dZGJ8
B0aY33/ZTZcRdDqB2FB6BukEoHNxmZjUiScmWCGF/g31n1/YocXRb+E9NNs/UzRJ22kT2lRgbKBx
iCGPWA53ZHEH0TjkeT8GudGO6VmHo2gwNTmFXC15uRs1hJmEYn8jIpikQ24OGVJLKoq5EZYKGrnj
hrYhVWRmMaLQ5HzbeafjoyeCKJWKS8aEaGB51pSpdLFpZF2KILVZYosGnVnZk6moueOhg/IYqlPD
of/1HGlGOmTdpgYax5OdIhZ34pT+xXqbldzBOYWi8fVYGavMUlfegXXV2t5M87GHG2Jgqmfqfz9N
4Ye3utkoGpxGaqRZrHACGpOar3k6nGh/lndospklp6GAldLkB6Kj0cinYZH9JDC4f3oaqnPf8vdk
Qakoeqy3ReGlpqIo+Daoeg03GSDDDicU65RHAiXVaBw6afHH8UllqGi+IUVifeJG2N+g5b40hW/1
CnzyaCAivNy3FN+cUkrfTpzWg0w6rDG6tjV5JL+uwWvb0TupeXOX+/Gr9a9wSnqvy+BNHeVQ/FpM
jaIun2ziSi47J3DaKm9ltaIqoRU0CkA1CvTDyFr/mlSTij7mlbjwtmc4Yz8FPbLaXk4r62w3C13v
bJTTWa1n3wbcrNY7M16v1eAODLqWeY+kZtFOVjYc4LV21FKVU0v9IOhgV2agckaCC/m+ICk8m6BF
2tpV4FTRtTbDnXfG97G5P2xy5yc7nKrzxifWce+ksnyXyFh17tyx/xCvX31O+SwpZzZ+W3mH9c24
qEHeXm0a6FNoNXq+p1qsqrGnC+skq4IyEl2gBzyuUENjTFpTa5gELJDArWWlKY93ziRBtagvK3KT
X9igFRv67c1hC6vXvVKFNgcGjTD2KyHyCIgznK3NRH5A2wFvRqLp3cxtr7OctignMI7IzTo5i07T
/yZVGatlayFLmtvEnLYsnCGkaAa0mtv6V7bEWMZGEHqd9byFluc9Dm8tNJvHQuezST1rJt1pW9EI
N8NUla5goYJWvk4COOcdq23iqVHGKraSY6EAbUihmJXMJqdxkaWFZQMc71S4Rf2YKkPbM1TX5Haw
9bSPISb73A0hBj8MEWhlBYkh6v4HEec4jFVWu9D/OFSgZD3IbXCL1/R0ohMmDsRJMsITUm54kp5J
Kpc9ISHbIKY+mOCoaHwCDXlkZUcE9gZ6IKFelWL4MBteCIAPepCV1oe6B/VNIKe75JhW1kWJFTNG
N8zj5RAyvT+9L2EFOR0sWxnAKaEOb9Lbme04mP9C3u2pjvJUXXYG6qCtaWiGN8ygodYIJIYJMZqa
4aZWUiUwbPHmgpnp2wFRELH/nRGH6drRbO7GtzK55iR/XNM8u7U8FEDtOIYsktnY5c2rwQlZIiyV
Dk+VUF/uS32O9FND4JnASb1vI7isp9QEKiiledCiZUPdGFOpsIZ6zH40JInTuuitgZLJbVh7WwV/
h7+JXgSBqSsiV2z40IlaTCueAijoxDc0ci3nKtWEzi4VuMD1TQShDvKNxhD6k3kxq3KFlRvlHITY
BQFmq0cVDRd3169QRnF0CCUljxoInTvCBy9vXCpjKpfH6dUumpsMnazIRFBmTe53p+IhTswVuKX/
NQ9iZ8NtKAu1r1cusW13I2JBN9shlDKPZVhpbYjkNLRifitpZBxp/AKnMCFFxrD8AReiGuuhT7GU
r4lh4gEt2Z62iXWUW5WVUzc2lVaqhJo3BJ4rE+tej0Dwp8BSrHO2e0cvpu2/Zlvtaslq18aWTWe4
4p/QtDVDOj4XTWK1mG42OjHV2HE/O0sJuuLzsH258qcl6dnbQGTVlcRIutczjA631DSv9RJyu+pV
ZwmWtxmqJ74EOpny1ou45WXKlcYCI6A0JCvY+Oc55ZkY5dhJsqIgzE6T9DCu/DRe3hEIXMfikxvR
NFFYjhJv3Elg0CJkrhbCBW9AGu6v5kk+zRS0/0A7opiVd0jJxAgVTYrx1JKbGKBbGbAr2SVP2ubi
Ri6+dV1ShI8rp9Ynl7CPbPYddMGI6x12IZG0m7lPjXiVJGC6hGhGFBsRLSLBOPW2R66SrDr/xDZ4
LQhSHCqUe3vnwEcPNXIP3gun75STnYrHaj5kb0YQ1KIjBWjFmnbdr07ay/M02SE/q26SPsWeObdF
w+KdqGP5KRmaqasmZO2ZwY4zwqFdLmdC6oyX/iIlWy+ZPOZOt15sEtgp06TRk+pRWx2omh7R8y0m
NQu1X3K7i1HrS0utl1aMHGZ2ZyUzgF7VxbBb7RH3KdjFjZqojqgSg4Wn230GmIyFV5pZsaWQvP/u
UuzGhOpdn2WfLN8Ijhq9atEifDoQHzhMOxUvsUxL0akBmZGvIsDWKitexzPxYI485yByNswLvBMk
MTXQOH585DM65NWPfp1lnyc4yX3iz4N0skH/a51dkjAh9Yl2fvLc2L9Z1bjoJZ03cz3qrFZNbXIO
r12qZtZOvq9dI3zewrv4I/KJkL3vTBIIjWfRVSEontZCFkn+CsGx1B7j8f4q3sinOk/RtSTZ4/iU
I53upg+byd2u8jmOyuBQ7xXEAfNssAx8OkhSHZiMThmP+6hGqz+5y8WJ9aRzat4V7bidtQyp0FNr
8V/xfbaAtCqTEL8jTz94ME3q4VfdXi3Ql1B3flBNe6h8Xzi/OezvUx4Y1ssbjqhR+tW/HhVLGf9A
sGd42/E0suHbxz+owRrO13uA4X//x05/xnOpR38BaBfXgXUsAi3JlX09cX4HeIFMYYEVgSMXYnge
OE8gGGEHSHP20X494WXclIIqiFgoOHdiQmYCF4MYERAAOw==] C:\Users\Home\AppData\Local\Temp\login.exe File not found
O4 - HKCU..\Run: [Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXGgwFcOHECNKnLiQGjWKES8K1DiQI8aPHRP6+ecRpEmDJSGmrGjRYsiT
MGOeHCmz5st/fnLq1JnKT8+cP33uFLqzp1GgNjmuvFiSacGVIIFOGTo0KNWfU636mUq161avYHNO
CXqToNKyA1O1dHoWpU2FPIUeBRqXrl2ieB2SXEgzoUa9bwPjFBw151OBOs3u3YhW5sq+D/W2Pdj0
JFS/ey8rfsuR6MGihCcCjoxRc8aFahm3DP3QacGdh6ntdLk6KdoprfdCXkyZpOmKmYNvpNaTpFrX
vDdP/C0R9uejwdm+3V0x1WjllK/HpC3ZJHOKk1M6//883u1q6YwVa6QeWW1q4cn3Wk8vfD79p8ep
TVVNfK1L5Re9p5pj/eUHl1Fw0XWfQmdJxx5DkPVnWlP9ZeSfbBYiZ9xyvmnIYEcFWmQdcSNaxZeC
AMZH30jSoffZQCPl1CKJDv1V42EoSeiSWrt56JZA9vnIm3+NBdaZHxfWhtNPGGmHkIv3HWWUewcJ
6JeIBFn3IGYdOfnkfwRtaRaY9FWG3XDRoekUT5MpJmZvabXYoW5zRQiYUmD2VRxaxFFnY4rDKfna
j/FVmJtrtL3204SxhcTcUv/cuKB6MEpJ01oGsbgnQvbRR+WVZIqk1XUUWrngo4ANhVyLVjGVmpyw
Zv+WaIBgCrniXa8CKVuDS0oa0nFpYhoWVUPCx+B/3xGaqVAQodhaS4Bdl1WRDYJ5p6XurXqTRtzJ
5dNPCDZ7mnmpcCXgb9d1umZiRcb4FYtwvtSdbFNAG+KALsLak34ooJAVXsUCy9Sss8oK66Uqfkjc
FAw37K+XDZllmHWddlTVhUjWBjCnZZULcYf2cpvfewFO0e/JmVkqY42CThoRux+aVa7JNPtr81Sh
KtUdYzIC+W25X03FFcLwGmfvyH0CFbJ+K8v8z1gWzYbTULqWe/LVKCBJ6kbe7ltmsbxy1HCRVdbM
cGrW+bvfnBEntCdW78oWrVzNybbVq3aLtWiSq0H/zC3DN59cb5xr5SeijT/79NraP341LjU2nwuk
zTpme3iSvO00lpabFtRq5qMiKRZPQGaFqZLaXtQXv1j7i6RiluMYcspyjf3kVx/f/jBCNN9pcKiB
0ob7hSBHXbhQp8uK2N1RA61noXxN3q/JrkvWN3HA2boRw12nZTtDyG2VNULi/yulQ5bzbTFXz9WI
MM86zXhRwz5FjbPxxF9++q7iXx2poTQyj3BSoqGzpUcnQjMMRmzGKddV6XwiYlb9WmIXt1HsRLfj
nkNwliW6RaZANUOBQ4gCuJ0BB0JbIc/aPNgaP+wuUybTDsSo9B8S2kV/fcLW15Y3ksFF6l0KDNbU
/4oWJi0BBWs4K1+/3pQe4CWHaeIx4JlQwz2UfC8tXOrQpphEorvJjEg5ZJHcROSe+IlFik3BVtcM
JCLBZa11/pLId5gXJrFY5mQeKZ/vfHWgTzEtgQmE0WRudJ4BpmYr3KuL6ii2RqDtjTbUg+MSsfQk
EBFqLVVkTMNGk6wwnY1EavskFiOzmzLqDVg/HMyksNe1CnmwJ+aqSNGw17zaTc9m0/MVH+PFH4/o
x4dL4uBJrGY2wdEshYBK5W2C6KauqO518KJYrUDGPeGtzlgGeklOrnbMn4GLR99qJbcwpZ6tcOtd
vGxNw0wmI/uNzVuKYo9HPEbB7hlmYL55CvYiFf+kxXyFLXl7ndNwtBFiTu+aL9mnPmukxik9TWla
AqZKyuJChnHLe2q76Oh65Cj5pJBW7xnJyPIZp52FsTiqs+gaY8S+8/iSnwKJZL8CKtI4jlJCJL3M
ej4JS6hJM1u+q0gmYag2RSGGLKey2y49pC2XZYlE00INOJE3sBv1sGaaotfJSlS5rh4ufe5RKdNy
lxuBMDBixMQNTN1CtcXQi2QuEWk2M5azYm1meO7hKlBDtFegVnSrrOOmQmF60XSSxIBAm85QgdSR
dZK1jgqMH7KMUrijhUh/xwkSODdHsZ9WTGLOYpFM3Xi1UhbUqeTDmRQ5tCBiMkZSCythXoGqV2n/
IjCcQVOgV5ckMjJ2lp8/0+BvfeOkij1TgaNFIssGtr8ABbVsYxEmQbOno8jttXn6MdUJ0wLEoU3w
p5WbmKE8Z58Lkncln/UcTogTuGO+NFL4IRGRKik0xrGWMhUVqUcrmTq3koifgIwo6aq1Gma+9lx1
he9vtTum2sgUag/MkmZ9qT5EWhS1TWKngp00z87OlkbpyhiaYDSWdq6KgvL5bGGna5z0QgsxWVqi
iV5aIt5YjyWIzCZM/mJdD3OORzdB5bb+1zKA6kVVQ+oPEQeUrtEI2XArJiJd+zIb8574qJ315pTQ
p55Ega+vJbMv+FqWHZIqi3xKxeJ4lcXJO9Vm/7gwrmS0GLkvH3sYQlmyDfySWbUVK8dwU2zTZvLG
Qa2FKlqEIyeOEPQ+Sy44JM7BZzrVytiEmcRrYx7ssZDlxNzs8odBGa+rgkcRTMPOvMVdXnEeS53H
VnKHuWLymp+blhHpyCQxwgxezAlWuWnZzj4uWA6djNCcwghmOBIojCwNEicKuW2eG2dTJZLeZimV
ks1WZWcLVKJtgxfY4PImjcSDazWG88UDgjZJ6AqleM1TccZqjLAuOMHeyEnCKvZmpZHju07zjGPM
lqO0Jdw1onh2kdzdMkSMm2kymdJRSWtPtW3MaICTbdmTYnCTFA2p4MVOe6CuSsHxdkE8dbqfX/87
DmxcpSWMJ1l1KRuRuxO8bpcx8VnLsdaOaoLKnCm6zAJfJLIrvegHmteweUbNjpEuKJwGyK5X+jZt
mPtstHwq4BRX0kYf9HTlRLNzGMawqwVDZs2AmSXFK56XcUrtib/mbhFiyB7VNUzW+KXqp+Wrijs6
HIEN+dQ64tt/fgtyXemmZ5iBeUlY+Heod/3iofnq0QUOvdbkzpd+j1WmqhQRv8ntzG6zO57AWh+3
winwjXcZmXQaLj4TmYLA6yTXa+328Jiwk5ziq7/V6yVyFh4m0sQ95/U50ThDHd9ZJPppqtrtx/Iq
znoB9BQHTS34OJfW8Q6bbhq1Q7T0iICV8ptWy8NOXOGLi8x2b7H5SWMZ5ZOfn3h3vxw5g2L4Yv0j
Hda4TPQPHpMyqqDKxmLpl3zyt3RAMnmscXMTNVjrh4DgcX9lNYAyg33rJ3e/Vzdmtl35h30GERAA
Ow==] C:\Users\Home\AppData\Local\Temp\win.exe File not found
O4 - HKCU..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.co.uk/s/v/63.16/uploader2.cab (UploadListView Class)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://inchnm03.tcs.com/dwa8W.cab (Domino Web Access 8 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: VIDC.3iv2 - C:\Windows\SysWow64\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.wmv3 - C:\Windows\SysWow64\WMV9VCM.dll (Microsoft Corporation)
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/09/26 17:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\ReviverSoft
[2010/09/26 17:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ReviverSoft
[2010/09/26 17:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/09/26 17:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veoh_Web_Player
[2010/09/23 19:09:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/20 19:04:11 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes
[2010/09/20 19:04:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/20 19:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/20 19:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/20 19:01:27 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Home\Desktop\mbam-setup.exe
[2010/09/20 18:46:58 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\TFC.exe
[2010/09/19 17:58:01 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/09/15 01:20:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/15 01:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/09/15 01:16:53 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\malware removal
[2010/09/15 01:00:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/09/13 19:17:52 | 000,000,000 | -HSD | C] -- C:\Users\Home\.COMMgr
[2010/09/13 19:17:37 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/13 19:17:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\D3ADD88C79438E06E44D32E19B9A55BD
[2010/09/03 22:43:10 | 000,000,000 | ---D | C] -- C:\My Collection for bristol festival
[2010/09/03 22:42:48 | 000,000,000 | ---D | C] -- C:\Bristol Harbour Festival - Copy
[2010/09/03 22:29:24 | 000,000,000 | ---D | C] -- C:\Swizzz
[2010/08/01 00:13:17 | 000,000,000 | ---D | C] -- C:\bgam upload
[2010/08/01 00:09:51 | 000,000,000 | ---D | C] -- C:\B'gham
[2010/07/13 20:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/07/13 20:51:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\OpenCandy
[2010/07/13 20:51:40 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\OpenCandy
[2010/07/13 20:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veoh Networks
[2010/07/11 17:39:37 | 000,000,000 | ---D | C] -- C:\Users\Home\Tracing
[2010/07/11 17:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office Outlook Connector
[2010/07/11 17:38:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/07/11 17:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/07/11 17:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/07/11 16:56:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Yahoo
[2010/07/11 16:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/07/11 16:55:14 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Yahoo!
[2010/07/11 16:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/07/11 16:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/07/10 18:09:56 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\My Documents

========== Files - Modified Within 90 Days ==========

[2010/10/01 01:36:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1000UA.job
[2010/10/01 01:35:24 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A65F5209-7875-4623-BD41-CEFBD59CC1B4}.job
[2010/10/01 01:35:24 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7FBA0C7D-C412-4974-BE03-F7065C3D79FB}.job
[2010/10/01 01:35:07 | 002,097,152 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT
[2010/10/01 01:33:04 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/01 01:33:04 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/01 01:33:04 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/01 01:29:43 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\Registry Reviver64-Home-Startup.job
[2010/10/01 01:29:21 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/01 01:27:25 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/01 01:27:25 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/01 01:27:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/01 01:27:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/01 01:27:09 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/30 19:08:44 | 000,524,288 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/09/30 19:08:44 | 000,065,536 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/09/30 19:08:40 | 001,883,552 | -H-- | M] () -- C:\Users\Home\AppData\Local\IconCache.db
[2010/09/30 03:13:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/30 00:23:05 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001UA.job
[2010/09/26 17:26:40 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Registry Reviver.lnk
[2010/09/26 15:23:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001Core.job
[2010/09/24 20:26:13 | 000,002,039 | ---- | M] () -- C:\Users\Home\Desktop\Google Chrome.lnk
[2010/09/24 20:26:13 | 000,002,001 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/20 20:36:55 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/09/20 20:34:43 | 000,000,680 | ---- | M] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2010/09/20 19:04:04 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/20 19:01:33 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Home\Desktop\mbam-setup.exe
[2010/09/20 18:47:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\TFC.exe
[2010/09/19 21:32:38 | 000,001,048 | ---- | M] () -- C:\Users\Home\Desktop\Google Talk.lnk
[2010/09/15 01:19:16 | 000,000,746 | ---- | M] () -- C:\Users\Home\Desktop\ERUNT.lnk
[2010/09/13 20:10:08 | 000,019,968 | ---- | M] () -- C:\Users\Home\Desktop\Swiss Expenses.xls
[2010/09/05 21:33:47 | 000,013,241 | ---- | M] () -- C:\Users\Home\Desktop\Jun9th to Jul 2.xlsx
[2010/09/05 21:33:40 | 000,012,509 | ---- | M] () -- C:\Users\Home\Documents\Aug Month Expenses.xlsx
[2010/09/05 21:33:40 | 000,012,509 | ---- | M] () -- C:\Users\Home\Desktop\Aug Month Expenses.xlsx
[2010/09/05 21:32:04 | 000,013,079 | ---- | M] () -- C:\Users\Home\Desktop\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/09/04 00:43:35 | 000,029,184 | ---- | M] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/25 11:03:44 | 023,363,584 | ---- | M] () -- C:\Users\Home\Desktop\M2U00027.MPG
[2010/08/14 11:19:28 | 000,422,520 | ---- | M] () -- C:\Users\Home\Desktop\hdfctransfer.docx
[2010/08/14 10:34:28 | 000,385,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/03 19:46:07 | 000,184,332 | ---- | M] () -- C:\Users\Home\Desktop\ramya.docx
[2010/08/01 13:35:18 | 000,013,068 | ---- | M] () -- C:\Users\Home\Documents\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/07/22 13:01:14 | 019,660,800 | ---- | M] () -- C:\Users\Home\Desktop\M2U00007.MPG
[2010/07/18 12:23:15 | 000,000,124 | ---- | M] () -- C:\Users\Home\JavaConnect.ini
[2010/07/15 21:39:36 | 000,000,969 | ---- | M] () -- C:\Users\Home\Desktop\Resume.doc
[2010/07/13 20:52:12 | 000,000,945 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/07/13 20:52:12 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/07/11 16:54:49 | 000,000,998 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger India.lnk
[2010/07/11 16:54:49 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger India.lnk
[2010/07/10 14:09:33 | 000,038,309 | ---- | M] () -- C:\Users\Home\Desktop\SwissTripbookingForm.docx
[2010/07/10 10:37:43 | 000,198,395 | ---- | M] () -- C:\Users\Home\Documents\OnlineBookingForm_web_updated.pdf
[2010/07/04 02:37:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1000Core.job

========== Files Created - No Company Name ==========

[2010/09/26 17:26:59 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\Registry Reviver64-Home-Startup.job
[2010/09/26 17:26:40 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Registry Reviver.lnk
[2010/09/20 19:04:04 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/20 19:04:00 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/19 21:32:38 | 000,001,048 | ---- | C] () -- C:\Users\Home\Desktop\Google Talk.lnk
[2010/09/16 01:02:36 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
[2010/09/16 01:02:24 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/16 01:02:22 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/09/16 00:58:10 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
[2010/09/15 01:19:16 | 000,000,746 | ---- | C] () -- C:\Users\Home\Desktop\ERUNT.lnk
[2010/09/13 20:10:08 | 000,019,968 | ---- | C] () -- C:\Users\Home\Desktop\Swiss Expenses.xls
[2010/09/05 21:34:16 | 000,012,509 | ---- | C] () -- C:\Users\Home\Desktop\Aug Month Expenses.xlsx
[2010/09/05 19:37:49 | 000,012,509 | ---- | C] () -- C:\Users\Home\Documents\Aug Month Expenses.xlsx
[2010/08/25 18:34:34 | 019,660,800 | ---- | C] () -- C:\Users\Home\Desktop\M2U00007.MPG
[2010/08/25 18:33:46 | 023,363,584 | ---- | C] () -- C:\Users\Home\Desktop\M2U00027.MPG
[2010/08/14 11:17:48 | 000,422,520 | ---- | C] () -- C:\Users\Home\Desktop\hdfctransfer.docx
[2010/08/12 19:24:33 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/12 19:24:28 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/12 19:24:28 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/12 19:24:24 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/12 19:24:22 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/12 19:24:11 | 004,675,976 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/12 19:23:56 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/12 19:23:55 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/12 19:23:53 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/12 19:23:50 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/12 19:23:50 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/12 19:23:50 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/12 19:23:50 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/12 19:23:49 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/12 19:23:49 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/12 19:23:49 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/12 19:23:49 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/12 19:23:49 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/08/12 19:23:49 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/12 19:23:49 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/08/12 19:23:49 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/08/12 19:23:49 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/08/12 19:23:49 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/12 19:23:48 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/12 19:23:48 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/08/12 19:23:48 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/12 19:23:48 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/12 19:23:32 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/12 19:23:30 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/03 19:46:05 | 000,184,332 | ---- | C] () -- C:\Users\Home\Desktop\ramya.docx
[2010/08/02 21:15:27 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/08/01 13:36:03 | 000,013,079 | ---- | C] () -- C:\Users\Home\Desktop\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/08/01 13:34:17 | 000,013,068 | ---- | C] () -- C:\Users\Home\Documents\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/08/01 11:34:48 | 000,013,241 | ---- | C] () -- C:\Users\Home\Desktop\Jun9th to Jul 2.xlsx
[2010/07/15 21:40:52 | 000,000,969 | ---- | C] () -- C:\Users\Home\Desktop\Resume.doc
[2010/07/13 20:52:12 | 000,000,945 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/07/13 20:52:12 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/07/11 17:38:03 | 000,061,288 | ---- | C] () -- C:\Windows\SysNative\drivers\fssfltr.sys
[2010/07/11 16:54:49 | 000,000,998 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger India.lnk
[2010/07/11 16:54:49 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger India.lnk
[2010/07/10 11:05:54 | 000,038,309 | ---- | C] () -- C:\Users\Home\Desktop\SwissTripbookingForm.docx
[2010/07/10 10:37:43 | 000,198,395 | ---- | C] () -- C:\Users\Home\Documents\OnlineBookingForm_web_updated.pdf
[2009/10/31 19:16:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/20 17:52:55 | 009,771,742 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog2AA9.txt
[2009/09/20 17:51:25 | 000,037,039 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_MSDN_vs_90.txt
[2009/09/20 17:51:14 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_msdn_vs_90.txt
[2009/09/20 17:51:13 | 000,258,736 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_msdn_vs_90.txt
[2009/09/20 17:48:16 | 000,188,218 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SqlPubWiz.msi271A.txt
[2009/09/20 17:48:08 | 000,283,760 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_RefInt_x64_MSI2700.txt
[2009/09/20 17:47:51 | 000,549,116 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI26C9.txt
[2009/09/20 17:47:36 | 000,440,290 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI2698.txt
[2009/09/20 17:46:24 | 005,358,798 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Build_x64_MSI25AD.txt
[2009/09/20 17:46:06 | 000,653,338 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Tools_x64_MSI2572.txt
[2009/09/20 17:45:06 | 002,501,282 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_x64_MSI24AE.txt
[2009/09/20 17:40:43 | 004,652,682 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_MSI2153.txt
[2009/09/20 17:40:20 | 001,222,686 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_RDBG_AMD64_MSI2108.txt
[2009/09/20 17:38:48 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/20 17:33:11 | 000,488,718 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_64bitEmulator_MSI1B8F.txt
[2009/09/20 17:32:10 | 005,155,436 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMSP_5_0_MSI1AC8.txt
[2009/09/20 17:30:43 | 007,073,050 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMPPC_5_0_MSI19AC.txt
[2009/09/20 17:30:24 | 000,739,886 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCEDeviceRuntime_MSI196E.txt
[2009/09/20 17:30:16 | 000,331,702 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SQLCEToolsForVS2007_MSI1953.txt
[2009/09/20 17:30:07 | 000,357,614 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCERuntime_MSI1936.txt
[2009/09/20 17:29:20 | 000,842,960 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VSTOR_MSI189D.txt
[2009/09/20 17:28:45 | 001,049,088 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv35_MSI182A.txt
[2009/09/20 17:28:09 | 001,293,660 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv2_MSI17B5.txt
[2009/09/20 17:00:05 | 053,868,066 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog0239.txt
[2009/09/20 16:55:45 | 002,870,540 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_Dexplorer90_retMSI7EE8.txt
[2009/09/20 16:55:35 | 000,347,944 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_PreReq_AMD64_MSI7EC8.txt
[2009/09/20 16:54:04 | 001,864,064 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NET_Framework35_x64_MSI7D9F.txt
[2009/09/20 16:53:05 | 000,175,713 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/09/20 16:53:01 | 000,131,474 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35install.txt
[2009/09/20 16:53:01 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35error.txt
[2009/09/20 16:52:41 | 000,837,792 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VC_MinRed_MSI7C90.txt
[2009/09/20 16:50:28 | 000,191,477 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2009/09/20 16:50:18 | 000,621,994 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_vs_procore_90.txt
[2009/09/20 16:50:18 | 000,037,810 | ---- | C] () -- C:\Users\Home\AppData\Local\uxeventlog.txt
[2009/09/20 16:50:18 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_vs_procore_90.txt
[2009/09/17 18:19:54 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/29 08:11:44 | 000,568,850 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009/08/29 08:11:43 | 000,856,064 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/08/29 08:11:43 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/08/29 08:11:42 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/08/29 08:11:35 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/08/29 08:11:35 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/08/03 20:05:19 | 000,000,200 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wklnhst.dat
[2009/07/31 19:27:59 | 000,029,184 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/31 02:45:20 | 000,000,680 | ---- | C] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2008/01/21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/21 03:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/09/20 20:25:37 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\D3ADD88C79438E06E44D32E19B9A55BD
[2010/09/26 17:25:17 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\OpenCandy
[2010/09/26 19:14:39 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Qyugs
[2010/03/30 11:43:48 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Soaxl
[2009/09/25 03:49:42 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TeamViewer
[2010/09/13 19:19:37 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Template
[2010/10/01 01:29:43 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\Registry Reviver64-Home-Startup.job
[2010/09/30 19:08:46 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/01 01:35:24 | 000,000,390 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7FBA0C7D-C412-4974-BE03-F7065C3D79FB}.job
[2010/10/01 01:35:24 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A65F5209-7875-4623-BD41-CEFBD59CC1B4}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/01/21 03:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/06/24 11:22:20 | 000,546,872 | ---- | M] (Microsoft Corporation) -- C:\bootmgr.efi
[2009/05/28 09:20:29 | 000,003,532 | RH-- | M] () -- C:\dell.sdr
[2010/10/01 01:27:09 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 05:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/10/01 01:27:07 | 270,475,263 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/11/02 16:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 16:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 16:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 16:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 04:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/07/31 04:52:58 | 000,000,286 | -HS- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/09/20 19:01:33 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Home\Desktop\mbam-setup.exe
[2010/09/20 20:36:55 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/09/20 18:47:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\TFC.exe
[2010/03/05 21:10:11 | 001,531,691 | ---- | M] () -- C:\Users\Home\Desktop\winrar-x64-392.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/07/30 04:01:35 | 000,000,402 | -HS- | M] () -- C:\Users\Home\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >
[2006/09/18 22:31:55 | 000,107,620 | ---- | M] () -- C:\Windows\SysWOW64\acwizard.ico

< %systemroot%\system\*.dat >

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/10/01 01:35:07 | 002,097,152 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
 
OK, let's try again:

Remove Programs
Click Start > Control Panel > Programs and Features
Remove these programs by clicking Uninstall

Uniblue RegistryBooster 2010

If some programs listed are not present, please do not panic

Run Fix With OTL
Highlight the following in the code box and press Ctrl+C on the keyboard
Make sure you include the first colon (:)
Code: 
:Otl
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O4 - HKCU..\Run: [Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHECMypCaxosWLGCkK1JiQosd/H0OCHCnSI7WSJ0dujMhxZUI/
A1tO7KiyJsabDFMdlInzYiqYCEWuLBmz6Ec/qYgK7bmQ50WnC3UWtWnRqcyPLv/5AUoQalaqUWGK
lNp0KtVUZJmq3cl2bcStFb0qREoz7sCkaauaXTu25lKIVtuO3CrX6N66AuFe7Qp4JF6JHCMLdisw
L+WG1H4+RMtYoUy4k/9Zjsr5ZmClJFMvXX13Z+HQX6du5Vp2oOLaiWkf3h0bLdmrryHjDS548WKc
ugnSjZgXafKDy1kqfOyZ+NPM2CVLZswzrfbUnf3G/8z783bQnaO1mieoOXbOgiepgzXs/jJ95pc1
wiwPGv5DuaXZZtpdSXlmUEqYUeUVVvdRhBdn22VlGYOQ5ZZUfwxixxtFYimY21be8RaUb12dZGJ8
B0aY33/ZTZcRdDqB2FB6BukEoHNxmZjUiScmWCGF/g31n1/YocXRb+E9NNs/UzRJ22kT2lRgbKBx
iCGPWA53ZHEH0TjkeT8GudGO6VmHo2gwNTmFXC15uRs1hJmEYn8jIpikQ24OGVJLKoq5EZYKGrnj
hrYhVWRmMaLQ5HzbeafjoyeCKJWKS8aEaGB51pSpdLFpZF2KILVZYosGnVnZk6moueOhg/IYqlPD
of/1HGlGOmTdpgYax5OdIhZ34pT+xXqbldzBOYWi8fVYGavMUlfegXXV2t5M87GHG2Jgqmfqfz9N
4Ye3utkoGpxGaqRZrHACGpOar3k6nGh/lndospklp6GAldLkB6Kj0cinYZH9JDC4f3oaqnPf8vdk
Qakoeqy3ReGlpqIo+Daoeg03GSDDDicU65RHAiXVaBw6afHH8UllqGi+IUVifeJG2N+g5b40hW/1
CnzyaCAivNy3FN+cUkrfTpzWg0w6rDG6tjV5JL+uwWvb0TupeXOX+/Gr9a9wSnqvy+BNHeVQ/FpM
jaIun2ziSi47J3DaKm9ltaIqoRU0CkA1CvTDyFr/mlSTij7mlbjwtmc4Yz8FPbLaXk4r62w3C13v
bJTTWa1n3wbcrNY7M16v1eAODLqWeY+kZtFOVjYc4LV21FKVU0v9IOhgV2agckaCC/m+ICk8m6BF
2tpV4FTRtTbDnXfG97G5P2xy5yc7nKrzxifWce+ksnyXyFh17tyx/xCvX31O+SwpZzZ+W3mH9c24
qEHeXm0a6FNoNXq+p1qsqrGnC+skq4IyEl2gBzyuUENjTFpTa5gELJDArWWlKY93ziRBtagvK3KT
X9igFRv67c1hC6vXvVKFNgcGjTD2KyHyCIgznK3NRH5A2wFvRqLp3cxtr7OctignMI7IzTo5i07T
/yZVGatlayFLmtvEnLYsnCGkaAa0mtv6V7bEWMZGEHqd9byFluc9Dm8tNJvHQuezST1rJt1pW9EI
N8NUla5goYJWvk4COOcdq23iqVHGKraSY6EAbUihmJXMJqdxkaWFZQMc71S4Rf2YKkPbM1TX5Haw
9bSPISb73A0hBj8MEWhlBYkh6v4HEec4jFVWu9D/OFSgZD3IbXCL1/R0ohMmDsRJMsITUm54kp5J
Kpc9ISHbIKY+mOCoaHwCDXlkZUcE9gZ6IKFelWL4MBteCIAPepCV1oe6B/VNIKe75JhW1kWJFTNG
N8zj5RAyvT+9L2EFOR0sWxnAKaEOb9Lbme04mP9C3u2pjvJUXXYG6qCtaWiGN8ygodYIJIYJMZqa
4aZWUiUwbPHmgpnp2wFRELH/nRGH6drRbO7GtzK55iR/XNM8u7U8FEDtOIYsktnY5c2rwQlZIiyV
Dk+VUF/uS32O9FND4JnASb1vI7isp9QEKiiledCiZUPdGFOpsIZ6zH40JInTuuitgZLJbVh7WwV/
h7+JXgSBqSsiV2z40IlaTCueAijoxDc0ci3nKtWEzi4VuMD1TQShDvKNxhD6k3kxq3KFlRvlHITY
BQFmq0cVDRd3169QRnF0CCUljxoInTvCBy9vXCpjKpfH6dUumpsMnazIRFBmTe53p+IhTswVuKX/
NQ9iZ8NtKAu1r1cusW13I2JBN9shlDKPZVhpbYjkNLRifitpZBxp/AKnMCFFxrD8AReiGuuhT7GU
r4lh4gEt2Z62iXWUW5WVUzc2lVaqhJo3BJ4rE+tej0Dwp8BSrHO2e0cvpu2/Zlvtaslq18aWTWe4
4p/QtDVDOj4XTWK1mG42OjHV2HE/O0sJuuLzsH258qcl6dnbQGTVlcRIutczjA631DSv9RJyu+pV
ZwmWtxmqJ74EOpny1ou45WXKlcYCI6A0JCvY+Oc55ZkY5dhJsqIgzE6T9DCu/DRe3hEIXMfikxvR
NFFYjhJv3Elg0CJkrhbCBW9AGu6v5kk+zRS0/0A7opiVd0jJxAgVTYrx1JKbGKBbGbAr2SVP2ubi
Ri6+dV1ShI8rp9Ynl7CPbPYddMGI6x12IZG0m7lPjXiVJGC6hGhGFBsRLSLBOPW2R66SrDr/xDZ4
LQhSHCqUe3vnwEcPNXIP3gun75STnYrHaj5kb0YQ1KIjBWjFmnbdr07ay/M02SE/q26SPsWeObdF
w+KdqGP5KRmaqasmZO2ZwY4zwqFdLmdC6oyX/iIlWy+ZPOZOt15sEtgp06TRk+pRWx2omh7R8y0m
NQu1X3K7i1HrS0utl1aMHGZ2ZyUzgF7VxbBb7RH3KdjFjZqojqgSg4Wn230GmIyFV5pZsaWQvP/u
UuzGhOpdn2WfLN8Ijhq9atEifDoQHzhMOxUvsUxL0akBmZGvIsDWKitexzPxYI485yByNswLvBMk
MTXQOH585DM65NWPfp1lnyc4yX3iz4N0skH/a51dkjAh9Yl2fvLc2L9Z1bjoJZ03cz3qrFZNbXIO
r12qZtZOvq9dI3zewrv4I/KJkL3vTBIIjWfRVSEontZCFkn+CsGx1B7j8f4q3sinOk/RtSTZ4/iU
I53upg+byd2u8jmOyuBQ7xXEAfNssAx8OkhSHZiMThmP+6hGqz+5y8WJ9aRzat4V7bidtQyp0FNr
8V/xfbaAtCqTEL8jTz94ME3q4VfdXi3Ql1B3flBNe6h8Xzi/OezvUx4Y1ssbjqhR+tW/HhVLGf9A
sGd42/E0suHbxz+owRrO13uA4X//x05/xnOpR38BaBfXgXUsAi3JlX09cX4HeIFMYYEVgSMXYnge
OE8gGGEHSHP20X494WXclIIqiFgoOHdiQmYCF4MYERAAOw==] C:\Users\Home\AppData\Local\Temp\login.exe File not found
O4 - HKCU..\Run: [Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXGgwFcOHECNKnLiQGjWKES8K1DiQI8aPHRP6+ecRpEmDJSGmrGjRYsiT
MGOeHCmz5st/fnLq1JnKT8+cP33uFLqzp1GgNjmuvFiSacGVIIFOGTo0KNWfU636mUq161avYHNO
CXqToNKyA1O1dHoWpU2FPIUeBRqXrl2ieB2SXEgzoUa9bwPjFBw151OBOs3u3YhW5sq+D/W2Pdj0
JFS/ey8rfsuR6MGihCcCjoxRc8aFahm3DP3QacGdh6ntdLk6KdoprfdCXkyZpOmKmYNvpNaTpFrX
vDdP/C0R9uejwdm+3V0x1WjllK/HpC3ZJHOKk1M6//883u1q6YwVa6QeWW1q4cn3Wk8vfD79p8ep
TVVNfK1L5Re9p5pj/eUHl1Fw0XWfQmdJxx5DkPVnWlP9ZeSfbBYiZ9xyvmnIYEcFWmQdcSNaxZeC
AMZH30jSoffZQCPl1CKJDv1V42EoSeiSWrt56JZA9vnIm3+NBdaZHxfWhtNPGGmHkIv3HWWUewcJ
6JeIBFn3IGYdOfnkfwRtaRaY9FWG3XDRoekUT5MpJmZvabXYoW5zRQiYUmD2VRxaxFFnY4rDKfna
j/FVmJtrtL3204SxhcTcUv/cuKB6MEpJ01oGsbgnQvbRR+WVZIqk1XUUWrngo4ANhVyLVjGVmpyw
Zv+WaIBgCrniXa8CKVuDS0oa0nFpYhoWVUPCx+B/3xGaqVAQodhaS4Bdl1WRDYJ5p6XurXqTRtzJ
5dNPCDZ7mnmpcCXgb9d1umZiRcb4FYtwvtSdbFNAG+KALsLak34ooJAVXsUCy9Sss8oK66Uqfkjc
FAw37K+XDZllmHWddlTVhUjWBjCnZZULcYf2cpvfewFO0e/JmVkqY42CThoRux+aVa7JNPtr81Sh
KtUdYzIC+W25X03FFcLwGmfvyH0CFbJ+K8v8z1gWzYbTULqWe/LVKCBJ6kbe7ltmsbxy1HCRVdbM
cGrW+bvfnBEntCdW78oWrVzNybbVq3aLtWiSq0H/zC3DN59cb5xr5SeijT/79NraP341LjU2nwuk
zTpme3iSvO00lpabFtRq5qMiKRZPQGaFqZLaXtQXv1j7i6RiluMYcspyjf3kVx/f/jBCNN9pcKiB
0ob7hSBHXbhQp8uK2N1RA61noXxN3q/JrkvWN3HA2boRw12nZTtDyG2VNULi/yulQ5bzbTFXz9WI
MM86zXhRwz5FjbPxxF9++q7iXx2poTQyj3BSoqGzpUcnQjMMRmzGKddV6XwiYlb9WmIXt1HsRLfj
nkNwliW6RaZANUOBQ4gCuJ0BB0JbIc/aPNgaP+wuUybTDsSo9B8S2kV/fcLW15Y3ksFF6l0KDNbU
/4oWJi0BBWs4K1+/3pQe4CWHaeIx4JlQwz2UfC8tXOrQpphEorvJjEg5ZJHcROSe+IlFik3BVtcM
JCLBZa11/pLId5gXJrFY5mQeKZ/vfHWgTzEtgQmE0WRudJ4BpmYr3KuL6ii2RqDtjTbUg+MSsfQk
EBFqLVVkTMNGk6wwnY1EavskFiOzmzLqDVg/HMyksNe1CnmwJ+aqSNGw17zaTc9m0/MVH+PFH4/o
x4dL4uBJrGY2wdEshYBK5W2C6KauqO518KJYrUDGPeGtzlgGeklOrnbMn4GLR99qJbcwpZ6tcOtd
vGxNw0wmI/uNzVuKYo9HPEbB7hlmYL55CvYiFf+kxXyFLXl7ndNwtBFiTu+aL9mnPmukxik9TWla
AqZKyuJChnHLe2q76Oh65Cj5pJBW7xnJyPIZp52FsTiqs+gaY8S+8/iSnwKJZL8CKtI4jlJCJL3M
ej4JS6hJM1u+q0gmYag2RSGGLKey2y49pC2XZYlE00INOJE3sBv1sGaaotfJSlS5rh4ufe5RKdNy
lxuBMDBixMQNTN1CtcXQi2QuEWk2M5azYm1meO7hKlBDtFegVnSrrOOmQmF60XSSxIBAm85QgdSR
dZK1jgqMH7KMUrijhUh/xwkSODdHsZ9WTGLOYpFM3Xi1UhbUqeTDmRQ5tCBiMkZSCythXoGqV2n/
IjCcQVOgV5ckMjJ2lp8/0+BvfeOkij1TgaNFIssGtr8ABbVsYxEmQbOno8jttXn6MdUJ0wLEoU3w
p5WbmKE8Z58Lkncln/UcTogTuGO+NFL4IRGRKik0xrGWMhUVqUcrmTq3koifgIwo6aq1Gma+9lx1
he9vtTum2sgUag/MkmZ9qT5EWhS1TWKngp00z87OlkbpyhiaYDSWdq6KgvL5bGGna5z0QgsxWVqi
iV5aIt5YjyWIzCZM/mJdD3OORzdB5bb+1zKA6kVVQ+oPEQeUrtEI2XArJiJd+zIb8574qJ315pTQ
p55Ega+vJbMv+FqWHZIqi3xKxeJ4lcXJO9Vm/7gwrmS0GLkvH3sYQlmyDfySWbUVK8dwU2zTZvLG
Qa2FKlqEIyeOEPQ+Sy44JM7BZzrVytiEmcRrYx7ssZDlxNzs8odBGa+rgkcRTMPOvMVdXnEeS53H
VnKHuWLymp+blhHpyCQxwgxezAlWuWnZzj4uWA6djNCcwghmOBIojCwNEicKuW2eG2dTJZLeZimV
ks1WZWcLVKJtgxfY4PImjcSDazWG88UDgjZJ6AqleM1TccZqjLAuOMHeyEnCKvZmpZHju07zjGPM
lqO0Jdw1onh2kdzdMkSMm2kymdJRSWtPtW3MaICTbdmTYnCTFA2p4MVOe6CuSsHxdkE8dbqfX/87
DmxcpSWMJ1l1KRuRuxO8bpcx8VnLsdaOaoLKnCm6zAJfJLIrvegHmteweUbNjpEuKJwGyK5X+jZt
mPtstHwq4BRX0kYf9HTlRLNzGMawqwVDZs2AmSXFK56XcUrtib/mbhFiyB7VNUzW+KXqp+Wrijs6
HIEN+dQ64tt/fgtyXemmZ5iBeUlY+Heod/3iofnq0QUOvdbkzpd+j1WmqhQRv8ntzG6zO57AWh+3
winwjXcZmXQaLj4TmYLA6yTXa+328Jiwk5ziq7/V6yVyFh4m0sQ95/U50ThDHd9ZJPppqtrtx/Iq
znoB9BQHTS34OJfW8Q6bbhq1Q7T0iICV8ptWy8NOXOGLi8x2b7H5SWMZ5ZOfn3h3vxw5g2L4Yv0j
Hda4TPQPHpMyqqDKxmLpl3zyt3RAMnmscXMTNVjrh4DgcX9lNYAyg33rJ3e/Vzdmtl35h30GERAA
Ow==] C:\Users\Home\AppData\Local\Temp\win.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2010/09/26 17:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\ReviverSoft
[2010/09/26 17:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ReviverSoft
[2010/09/26 17:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/09/26 17:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veoh_Web_Player
[2010/07/13 20:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/07/13 20:51:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\OpenCandy
[2010/07/13 20:51:40 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\OpenCandy
[2010/07/13 20:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veoh Networks
[2010/10/01 01:29:43 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\Registry Reviver64-Home-Startup.job
[2010/09/26 17:26:40 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Registry Reviver.lnk
[2010/09/04 00:43:35 | 000,029,184 | ---- | M] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/13 20:52:12 | 000,000,945 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/07/13 20:52:12 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/09/26 17:26:59 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\Registry Reviver64-Home-Startup.job
[2010/09/26 17:26:40 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Registry Reviver.lnk
[2010/07/13 20:52:12 | 000,000,945 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/07/13 20:52:12 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/09/26 17:25:17 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\OpenCandy
[2010/09/26 19:14:39 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Qyugs
[2010/03/30 11:43:48 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Soaxl
:Commands
[Purity]
[EmptyTemp]
[Reboot]

Right-click on the OTL.exe file, choose Run as Administrator to start OTL. OK any warning about running OTL.
Click in the Custom Scans/Fixes box at the bottom of the OTL window
Press Ctrl+V to paste the above code in the box (check that the code appears)
Click the Run Fix button
Please post the resulting log and close OTL.

Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 22.
NOTE: Ensure you update both the 64-bit & 32-bit versions of Java
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 22 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel
Kaspersky Online Scan
Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it
Go to Kaspersky website and perform an online antivirus scan
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply
Pictured tutorial if required.
This scan will take quite some time to update & scan, so be patient with it.

To post in next reply:
OTL Fix log
Kaspersky Online Scan log
Update on how the computer is running
 
should I uninstall veoh player?

Hi,
I am performing the steps you have asked me to do. I have uninstalled the UnUniblue RegistryBooster 2010. This was the only program that you have asked me to remove. In the custom scan code for OTL you have included some line which relate to Veohplayer. I saw that veoh web player, veoh video compass and veoh web player toolbar are installed in my system. It is listed in the Programs and Features in Control Panel. Should I unistall them ? I can unistall them if you want me to do so. Please confirm.

I will wait for your reply. Once I get a reply from you I will proceed with the rest of the steps(OTL fix,Updates,Kaspersky scan...).
 
Hi

I saw that veoh web player, veoh video compass and veoh web player toolbar are installed in my system. It is listed in the Programs and Features in Control Panel. Should I unistall them ?
Click to expand...
Yes..... I would uninstall them. It appears as if they may have been bundled with the Reviversoft junk.
 
java icon not in control panel

Hi ,

I have uninstalled the veoh player. also there was an entry for reviver in control panel. I have uninstalled that alos. I have run fix in OTL and the post is below.
The java update website link provied in your post contains only Update 21 and there is no Update 22. Also the orange color link is not available. I dont consider that as a big issue as the website should have changed as a result of ORACLE-SUN merger. I have installed JRE 6 Update 21. But I am not able to see any java (cup) icon in my control panel. I can see that icon in my friends lapotop but not in mine. Should I install something else along with the jre?
The file I used for Installation is - jre-6u21-windows-i586.exe. Please advise if it is ok to porceed with the Kaspersky online scan. I have not yet performed the clear cache in the java installation (
'Note: This deletes ALL the Downloaded Applications and Applets from the \CACHE ')

Is it ok to proceed with the kaspersky online scan without that claering cache stuff of java? Please advice.

OTL run fix log below:
-------------------------------
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.
File C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cd90bf73-20f6-44ef-993d-bb920303bd2e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.
File C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.
File C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cd90bf73-20f6-44ef-993d-bb920303bd2e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.
File C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CD90BF73-20F6-44EF-993D-BB920303BD2E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD90BF73-20F6-44EF-993D-BB920303BD2E}\ not found.
File C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
File Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
File Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Folder C:\Program Files\ReviverSoft\ not found.
Folder C:\ProgramData\ReviverSoft\ not found.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
Folder C:\Program Files (x86)\Veoh_Web_Player\ not found.
Folder C:\Program Files (x86)\Uniblue\ not found.
C:\Users\Home\AppData\Local\OpenCandy folder moved successfully.
C:\Users\Home\AppData\Roaming\OpenCandy\OpenCandy_BCBC9F43C5654F1CB2156983CD6BAA1F folder moved successfully.
C:\Users\Home\AppData\Roaming\OpenCandy\OpenCandy_0B0896EE98C94F209313EEF61862EAD4 folder moved successfully.
C:\Users\Home\AppData\Roaming\OpenCandy\BCBC9F43C5654F1CB2156983CD6BAA1F folder moved successfully.
C:\Users\Home\AppData\Roaming\OpenCandy folder moved successfully.
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library folder moved successfully.
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms folder moved successfully.
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\skins\black folder moved successfully.
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\skins folder moved successfully.
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer folder moved successfully.
C:\Program Files (x86)\Veoh Networks folder moved successfully.
C:\Windows\Tasks\Registry Reviver64-Home-Startup.job moved successfully.
File C:\Users\Public\Desktop\Registry Reviver.lnk not found.
C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
File C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk not found.
File C:\Users\Public\Desktop\RegistryBooster.lnk not found.
File C:\Windows\tasks\Registry Reviver64-Home-Startup.job not found.
File C:\Users\Public\Desktop\Registry Reviver.lnk not found.
File C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk not found.
File C:\Users\Public\Desktop\RegistryBooster.lnk not found.
Folder C:\Users\Home\AppData\Roaming\OpenCandy\ not found.
C:\Users\Home\AppData\Roaming\Qyugs folder moved successfully.
C:\Users\Home\AppData\Roaming\Soaxl folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Home
->Temp folder emptied: 12384428 bytes
->Temporary Internet Files folder emptied: 219988345 bytes
->Java cache emptied: 14751 bytes
->Google Chrome cache emptied: 110867424 bytes
->Flash cache emptied: 8541 bytes

User: Public

User: vijay

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1601266 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 329.00 mb


OTL by OldTimer - Version 3.2.14.0 log created on 10022010_003038

Files\Folders moved on Reboot...
File\Folder C:\Users\Home\AppData\Local\Temp\~DFEA91.tmp not found!
File\Folder C:\Users\Home\AppData\Local\Temp\~DFEA96.tmp not found!
File\Folder C:\Users\Home\AppData\Local\Temp\~DFEADC.tmp not found!
File\Folder C:\Users\Home\AppData\Local\Temp\~DFEAE1.tmp not found!
File\Folder C:\Users\Home\AppData\Local\Temp\~DFEB03.tmp not found!
File\Folder C:\Users\Home\AppData\Local\Temp\~DFEB08.tmp not found!
C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NV8HXCXQ\showthread[1].htm moved successfully.
C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZ9CPD6Y\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H5E1710X\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CP7ZNS2A\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8LXFTAGP\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Hmmm.... That was really strange with the Java update. I always check my links before posting & when i checked the link for the Java update it clearly showed Update 22.... But now it's back to 21. So my apologies for that.

Anyway... Yes, OK to proceed with the Kaspersky scan.
 
kaspersky scan result - 1 infected file

I have completed the kaspersky scan. I also removed the cache in java control panel. The kaspersky result showed that there was one infection. It didnt ask me to remove or heal the file. I havent taken any action against that file.

My system appears to be normal (though the infected file seems to be there!!! May be its hiding and waiting for a good time to come out :) )


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, October 3, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, October 03, 2010 05:10:15
Records in database: 4280953
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 179706
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 04:23:41


File name / Threat / Threats count
C:\Users\Home\AppData\Roaming\Template\vclupldrv12\msfttcp.dll Infected: Trojan.Win32.Swizzor.xgb 1

Selected area has been scanned.
 
Hell Karman,

Sorry for the delay. jmw3 was called away unexpectedly. My name is Ken and I will be taking over for him.


  1. Please download OTM by OldTimer and save it to your desktop.
  2. Double click the
    OTMdesktopicon.png
    icon on your desktop.
  3. Paste the following code under the
    pasteline.png
    area.
    Do not include the word "Code".

    Code: 
    :Processes
explorer.exe

:Services

:Reg

:Files
C:\Users\Home\AppData\Roaming\Template\vclupldrv12\msfttcp.dll


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  4. Push the large
    btnmoveit.png
    button.
  5. OTM may ask to reboot the machine. Please do so if asked.
  6. Copy/Paste the contents under the
    results.png
    line here in your next reply.
  7. If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Rerun OTL ( no need for the extra script) and post a new log please
 
OTM and OTL logs

Hi Ken,
convey my thanks to jmw3 please. He was very helpful answering all my doubts and in cleaning the system.

I have posted the OTM and OTL logs below.
------------------
OTM
------------------
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
LoadLibrary failed for C:\Users\Home\AppData\Roaming\Template\vclupldrv12\msfttcp.dll
C:\Users\Home\AppData\Roaming\Template\vclupldrv12\msfttcp.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Home
->Temp folder emptied: 110769480 bytes
->Temporary Internet Files folder emptied: 27638980 bytes
->Java cache emptied: 128094 bytes
->Google Chrome cache emptied: 50920577 bytes
->Flash cache emptied: 1651 bytes

User: Public

User: vijay

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 326 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 181.00 mb


OTM by OldTimer - Version 3.1.16.1 log created on 10072010_195106

Files moved on Reboot...
File C:\Users\Home\AppData\Local\Temp\~DF73A7.tmp not found!
File C:\Users\Home\AppData\Local\Temp\~DF73AC.tmp not found!
File C:\Users\Home\AppData\Local\Temp\~DF740A.tmp not found!
File C:\Users\Home\AppData\Local\Temp\~DF740F.tmp not found!
File C:\Users\Home\AppData\Local\Temp\~DF7432.tmp not found!
File C:\Users\Home\AppData\Local\Temp\~DF7437.tmp not found!
C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V0FD9NPJ\showthread[2].htm moved successfully.
C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZ9CPD6Y\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H5E1710X\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CP7ZNS2A\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8LXFTAGP\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...


-------------------------------------------
OTL LOG
-------------------------------------------

OTL logfile created on: 10/7/2010 7:59:56 PM - Run 4
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 163.34 Gb Free Space | 57.63% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.84 Gb Free Space | 53.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MANJULA-HOME
Current User Name: Home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe ()
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys ()
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys ()
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys ()
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (OA008Ufd) -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys ()
DRV:64bit: - (OA008Vid) -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys ()
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys ()
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys ()
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys ()
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys ()
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys ()
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys ()
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys ()
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/09/18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHECMypCaxosWLGCkK1JiQosd/H0OCHCnSI7WSJ0dujMhxZUI/
A1tO7KiyJsabDFMdlInzYiqYCEWuLBmz6Ec/qYgK7bmQ50WnC3UWtWnRqcyPLv/5AUoQalaqUWGK
lNp0KtVUZJmq3cl2bcStFb0qREoz7sCkaauaXTu25lKIVtuO3CrX6N66AuFe7Qp4JF6JHCMLdisw
L+WG1H4+RMtYoUy4k/9Zjsr5ZmClJFMvXX13Z+HQX6du5Vp2oOLaiWkf3h0bLdmrryHjDS548WKc
ugnSjZgXafKDy1kqfOyZ+NPM2CVLZswzrfbUnf3G/8z783bQnaO1mieoOXbOgiepgzXs/jJ95pc1
wiwPGv5DuaXZZtpdSXlmUEqYUeUVVvdRhBdn22VlGYOQ5ZZUfwxixxtFYimY21be8RaUb12dZGJ8
B0aY33/ZTZcRdDqB2FB6BukEoHNxmZjUiScmWCGF/g31n1/YocXRb+E9NNs/UzRJ22kT2lRgbKBx
iCGPWA53ZHEH0TjkeT8GudGO6VmHo2gwNTmFXC15uRs1hJmEYn8jIpikQ24OGVJLKoq5EZYKGrnj
hrYhVWRmMaLQ5HzbeafjoyeCKJWKS8aEaGB51pSpdLFpZF2KILVZYosGnVnZk6moueOhg/IYqlPD
of/1HGlGOmTdpgYax5OdIhZ34pT+xXqbldzBOYWi8fVYGavMUlfegXXV2t5M87GHG2Jgqmfqfz9N
4Ye3utkoGpxGaqRZrHACGpOar3k6nGh/lndospklp6GAldLkB6Kj0cinYZH9JDC4f3oaqnPf8vdk
Qakoeqy3ReGlpqIo+Daoeg03GSDDDicU65RHAiXVaBw6afHH8UllqGi+IUVifeJG2N+g5b40hW/1
CnzyaCAivNy3FN+cUkrfTpzWg0w6rDG6tjV5JL+uwWvb0TupeXOX+/Gr9a9wSnqvy+BNHeVQ/FpM
jaIun2ziSi47J3DaKm9ltaIqoRU0CkA1CvTDyFr/mlSTij7mlbjwtmc4Yz8FPbLaXk4r62w3C13v
bJTTWa1n3wbcrNY7M16v1eAODLqWeY+kZtFOVjYc4LV21FKVU0v9IOhgV2agckaCC/m+ICk8m6BF
2tpV4FTRtTbDnXfG97G5P2xy5yc7nKrzxifWce+ksnyXyFh17tyx/xCvX31O+SwpZzZ+W3mH9c24
qEHeXm0a6FNoNXq+p1qsqrGnC+skq4IyEl2gBzyuUENjTFpTa5gELJDArWWlKY93ziRBtagvK3KT
X9igFRv67c1hC6vXvVKFNgcGjTD2KyHyCIgznK3NRH5A2wFvRqLp3cxtr7OctignMI7IzTo5i07T
/yZVGatlayFLmtvEnLYsnCGkaAa0mtv6V7bEWMZGEHqd9byFluc9Dm8tNJvHQuezST1rJt1pW9EI
N8NUla5goYJWvk4COOcdq23iqVHGKraSY6EAbUihmJXMJqdxkaWFZQMc71S4Rf2YKkPbM1TX5Haw
9bSPISb73A0hBj8MEWhlBYkh6v4HEec4jFVWu9D/OFSgZD3IbXCL1/R0ohMmDsRJMsITUm54kp5J
Kpc9ISHbIKY+mOCoaHwCDXlkZUcE9gZ6IKFelWL4MBteCIAPepCV1oe6B/VNIKe75JhW1kWJFTNG
N8zj5RAyvT+9L2EFOR0sWxnAKaEOb9Lbme04mP9C3u2pjvJUXXYG6qCtaWiGN8ygodYIJIYJMZqa
4aZWUiUwbPHmgpnp2wFRELH/nRGH6drRbO7GtzK55iR/XNM8u7U8FEDtOIYsktnY5c2rwQlZIiyV
Dk+VUF/uS32O9FND4JnASb1vI7isp9QEKiiledCiZUPdGFOpsIZ6zH40JInTuuitgZLJbVh7WwV/
h7+JXgSBqSsiV2z40IlaTCueAijoxDc0ci3nKtWEzi4VuMD1TQShDvKNxhD6k3kxq3KFlRvlHITY
BQFmq0cVDRd3169QRnF0CCUljxoInTvCBy9vXCpjKpfH6dUumpsMnazIRFBmTe53p+IhTswVuKX/
NQ9iZ8NtKAu1r1cusW13I2JBN9shlDKPZVhpbYjkNLRifitpZBxp/AKnMCFFxrD8AReiGuuhT7GU
r4lh4gEt2Z62iXWUW5WVUzc2lVaqhJo3BJ4rE+tej0Dwp8BSrHO2e0cvpu2/Zlvtaslq18aWTWe4
4p/QtDVDOj4XTWK1mG42OjHV2HE/O0sJuuLzsH258qcl6dnbQGTVlcRIutczjA631DSv9RJyu+pV
ZwmWtxmqJ74EOpny1ou45WXKlcYCI6A0JCvY+Oc55ZkY5dhJsqIgzE6T9DCu/DRe3hEIXMfikxvR
NFFYjhJv3Elg0CJkrhbCBW9AGu6v5kk+zRS0/0A7opiVd0jJxAgVTYrx1JKbGKBbGbAr2SVP2ubi
Ri6+dV1ShI8rp9Ynl7CPbPYddMGI6x12IZG0m7lPjXiVJGC6hGhGFBsRLSLBOPW2R66SrDr/xDZ4
LQhSHCqUe3vnwEcPNXIP3gun75STnYrHaj5kb0YQ1KIjBWjFmnbdr07ay/M02SE/q26SPsWeObdF
w+KdqGP5KRmaqasmZO2ZwY4zwqFdLmdC6oyX/iIlWy+ZPOZOt15sEtgp06TRk+pRWx2omh7R8y0m
NQu1X3K7i1HrS0utl1aMHGZ2ZyUzgF7VxbBb7RH3KdjFjZqojqgSg4Wn230GmIyFV5pZsaWQvP/u
UuzGhOpdn2WfLN8Ijhq9atEifDoQHzhMOxUvsUxL0akBmZGvIsDWKitexzPxYI485yByNswLvBMk
MTXQOH585DM65NWPfp1lnyc4yX3iz4N0skH/a51dkjAh9Yl2fvLc2L9Z1bjoJZ03cz3qrFZNbXIO
r12qZtZOvq9dI3zewrv4I/KJkL3vTBIIjWfRVSEontZCFkn+CsGx1B7j8f4q3sinOk/RtSTZ4/iU
I53upg+byd2u8jmOyuBQ7xXEAfNssAx8OkhSHZiMThmP+6hGqz+5y8WJ9aRzat4V7bidtQyp0FNr
8V/xfbaAtCqTEL8jTz94ME3q4VfdXi3Ql1B3flBNe6h8Xzi/OezvUx4Y1ssbjqhR+tW/HhVLGf9A
sGd42/E0suHbxz+owRrO13uA4X//x05/xnOpR38BaBfXgXUsAi3JlX09cX4HeIFMYYEVgSMXYnge
OE8gGGEHSHP20X494WXclIIqiFgoOHdiQmYCF4MYERAAOw==] C:\Users\Home\AppData\Local\Temp\login.exe File not found
O4 - HKCU..\Run: [Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXGgwFcOHECNKnLiQGjWKES8K1DiQI8aPHRP6+ecRpEmDJSGmrGjRYsiT
MGOeHCmz5st/fnLq1JnKT8+cP33uFLqzp1GgNjmuvFiSacGVIIFOGTo0KNWfU636mUq161avYHNO
CXqToNKyA1O1dHoWpU2FPIUeBRqXrl2ieB2SXEgzoUa9bwPjFBw151OBOs3u3YhW5sq+D/W2Pdj0
JFS/ey8rfsuR6MGihCcCjoxRc8aFahm3DP3QacGdh6ntdLk6KdoprfdCXkyZpOmKmYNvpNaTpFrX
vDdP/C0R9uejwdm+3V0x1WjllK/HpC3ZJHOKk1M6//883u1q6YwVa6QeWW1q4cn3Wk8vfD79p8ep
TVVNfK1L5Re9p5pj/eUHl1Fw0XWfQmdJxx5DkPVnWlP9ZeSfbBYiZ9xyvmnIYEcFWmQdcSNaxZeC
AMZH30jSoffZQCPl1CKJDv1V42EoSeiSWrt56JZA9vnIm3+NBdaZHxfWhtNPGGmHkIv3HWWUewcJ
6JeIBFn3IGYdOfnkfwRtaRaY9FWG3XDRoekUT5MpJmZvabXYoW5zRQiYUmD2VRxaxFFnY4rDKfna
j/FVmJtrtL3204SxhcTcUv/cuKB6MEpJ01oGsbgnQvbRR+WVZIqk1XUUWrngo4ANhVyLVjGVmpyw
Zv+WaIBgCrniXa8CKVuDS0oa0nFpYhoWVUPCx+B/3xGaqVAQodhaS4Bdl1WRDYJ5p6XurXqTRtzJ
5dNPCDZ7mnmpcCXgb9d1umZiRcb4FYtwvtSdbFNAG+KALsLak34ooJAVXsUCy9Sss8oK66Uqfkjc
FAw37K+XDZllmHWddlTVhUjWBjCnZZULcYf2cpvfewFO0e/JmVkqY42CThoRux+aVa7JNPtr81Sh
KtUdYzIC+W25X03FFcLwGmfvyH0CFbJ+K8v8z1gWzYbTULqWe/LVKCBJ6kbe7ltmsbxy1HCRVdbM
cGrW+bvfnBEntCdW78oWrVzNybbVq3aLtWiSq0H/zC3DN59cb5xr5SeijT/79NraP341LjU2nwuk
zTpme3iSvO00lpabFtRq5qMiKRZPQGaFqZLaXtQXv1j7i6RiluMYcspyjf3kVx/f/jBCNN9pcKiB
0ob7hSBHXbhQp8uK2N1RA61noXxN3q/JrkvWN3HA2boRw12nZTtDyG2VNULi/yulQ5bzbTFXz9WI
MM86zXhRwz5FjbPxxF9++q7iXx2poTQyj3BSoqGzpUcnQjMMRmzGKddV6XwiYlb9WmIXt1HsRLfj
nkNwliW6RaZANUOBQ4gCuJ0BB0JbIc/aPNgaP+wuUybTDsSo9B8S2kV/fcLW15Y3ksFF6l0KDNbU
/4oWJi0BBWs4K1+/3pQe4CWHaeIx4JlQwz2UfC8tXOrQpphEorvJjEg5ZJHcROSe+IlFik3BVtcM
JCLBZa11/pLId5gXJrFY5mQeKZ/vfHWgTzEtgQmE0WRudJ4BpmYr3KuL6ii2RqDtjTbUg+MSsfQk
EBFqLVVkTMNGk6wwnY1EavskFiOzmzLqDVg/HMyksNe1CnmwJ+aqSNGw17zaTc9m0/MVH+PFH4/o
x4dL4uBJrGY2wdEshYBK5W2C6KauqO518KJYrUDGPeGtzlgGeklOrnbMn4GLR99qJbcwpZ6tcOtd
vGxNw0wmI/uNzVuKYo9HPEbB7hlmYL55CvYiFf+kxXyFLXl7ndNwtBFiTu+aL9mnPmukxik9TWla
AqZKyuJChnHLe2q76Oh65Cj5pJBW7xnJyPIZp52FsTiqs+gaY8S+8/iSnwKJZL8CKtI4jlJCJL3M
ej4JS6hJM1u+q0gmYag2RSGGLKey2y49pC2XZYlE00INOJE3sBv1sGaaotfJSlS5rh4ufe5RKdNy
lxuBMDBixMQNTN1CtcXQi2QuEWk2M5azYm1meO7hKlBDtFegVnSrrOOmQmF60XSSxIBAm85QgdSR
dZK1jgqMH7KMUrijhUh/xwkSODdHsZ9WTGLOYpFM3Xi1UhbUqeTDmRQ5tCBiMkZSCythXoGqV2n/
IjCcQVOgV5ckMjJ2lp8/0+BvfeOkij1TgaNFIssGtr8ABbVsYxEmQbOno8jttXn6MdUJ0wLEoU3w
p5WbmKE8Z58Lkncln/UcTogTuGO+NFL4IRGRKik0xrGWMhUVqUcrmTq3koifgIwo6aq1Gma+9lx1
he9vtTum2sgUag/MkmZ9qT5EWhS1TWKngp00z87OlkbpyhiaYDSWdq6KgvL5bGGna5z0QgsxWVqi
iV5aIt5YjyWIzCZM/mJdD3OORzdB5bb+1zKA6kVVQ+oPEQeUrtEI2XArJiJd+zIb8574qJ315pTQ
p55Ega+vJbMv+FqWHZIqi3xKxeJ4lcXJO9Vm/7gwrmS0GLkvH3sYQlmyDfySWbUVK8dwU2zTZvLG
Qa2FKlqEIyeOEPQ+Sy44JM7BZzrVytiEmcRrYx7ssZDlxNzs8odBGa+rgkcRTMPOvMVdXnEeS53H
VnKHuWLymp+blhHpyCQxwgxezAlWuWnZzj4uWA6djNCcwghmOBIojCwNEicKuW2eG2dTJZLeZimV
ks1WZWcLVKJtgxfY4PImjcSDazWG88UDgjZJ6AqleM1TccZqjLAuOMHeyEnCKvZmpZHju07zjGPM
lqO0Jdw1onh2kdzdMkSMm2kymdJRSWtPtW3MaICTbdmTYnCTFA2p4MVOe6CuSsHxdkE8dbqfX/87
DmxcpSWMJ1l1KRuRuxO8bpcx8VnLsdaOaoLKnCm6zAJfJLIrvegHmteweUbNjpEuKJwGyK5X+jZt
mPtstHwq4BRX0kYf9HTlRLNzGMawqwVDZs2AmSXFK56XcUrtib/mbhFiyB7VNUzW+KXqp+Wrijs6
HIEN+dQ64tt/fgtyXemmZ5iBeUlY+Heod/3iofnq0QUOvdbkzpd+j1WmqhQRv8ntzG6zO57AWh+3
winwjXcZmXQaLj4TmYLA6yTXa+328Jiwk5ziq7/V6yVyFh4m0sQ95/U50ThDHd9ZJPppqtrtx/Iq
znoB9BQHTS34OJfW8Q6bbhq1Q7T0iICV8ptWy8NOXOGLi8x2b7H5SWMZ5ZOfn3h3vxw5g2L4Yv0j
Hda4TPQPHpMyqqDKxmLpl3zyt3RAMnmscXMTNVjrh4DgcX9lNYAyg33rJ3e/Vzdmtl35h30GERAA
Ow==] C:\Users\Home\AppData\Local\Temp\win.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.co.uk/s/v/63.16/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://inchnm03.tcs.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/07 19:51:06 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/10/07 19:49:25 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTM.exe
[2010/10/02 23:14:03 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/10/02 16:31:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/02 16:31:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/02 16:31:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/02 16:31:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/02 16:30:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/10/02 00:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/02 00:51:24 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/09/23 19:09:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/20 19:04:11 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes
[2010/09/20 19:04:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/20 19:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/20 19:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/20 19:01:27 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Home\Desktop\mbam-setup.exe
[2010/09/20 18:46:58 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\TFC.exe
[2010/09/19 17:58:01 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/09/16 01:02:24 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2010/09/15 01:20:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/15 01:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/09/15 01:16:53 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\malware removal
[2010/09/15 01:00:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/09/13 19:17:52 | 000,000,000 | -HSD | C] -- C:\Users\Home\.COMMgr
[2010/09/13 19:17:37 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/13 19:17:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\D3ADD88C79438E06E44D32E19B9A55BD

========== Files - Modified Within 30 Days ==========

[2010/10/07 20:00:14 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A65F5209-7875-4623-BD41-CEFBD59CC1B4}.job
[2010/10/07 20:00:14 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7FBA0C7D-C412-4974-BE03-F7065C3D79FB}.job
[2010/10/07 19:59:30 | 002,097,152 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT
[2010/10/07 19:56:23 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/07 19:56:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/07 19:56:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/07 19:56:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/07 19:56:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/07 19:56:03 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/07 19:55:05 | 000,524,288 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/10/07 19:55:05 | 000,065,536 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/10/07 19:55:03 | 002,567,721 | -H-- | M] () -- C:\Users\Home\AppData\Local\IconCache.db
[2010/10/07 19:53:36 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/07 19:53:36 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/07 19:53:36 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/07 19:49:31 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTM.exe
[2010/10/07 00:13:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/04 20:23:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001UA.job
[2010/10/03 22:37:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1000UA.job
[2010/10/03 15:23:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001Core.job
[2010/10/02 16:30:45 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/02 16:30:45 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/02 16:30:45 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/02 16:30:44 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/09/24 20:26:13 | 000,002,039 | ---- | M] () -- C:\Users\Home\Desktop\Google Chrome.lnk
[2010/09/24 20:26:13 | 000,002,001 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/20 20:36:55 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/09/20 20:34:43 | 000,000,680 | ---- | M] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2010/09/20 19:04:04 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/20 19:01:33 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Home\Desktop\mbam-setup.exe
[2010/09/20 18:47:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\TFC.exe
[2010/09/19 21:32:38 | 000,001,048 | ---- | M] () -- C:\Users\Home\Desktop\Google Talk.lnk
[2010/09/15 01:19:16 | 000,000,746 | ---- | M] () -- C:\Users\Home\Desktop\ERUNT.lnk
[2010/09/13 20:10:08 | 000,019,968 | ---- | M] () -- C:\Users\Home\Desktop\Swiss Expenses.xls

========== Files Created - No Company Name ==========

[2010/09/30 00:33:31 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/09/20 19:04:04 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/20 19:04:00 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/19 21:32:38 | 000,001,048 | ---- | C] () -- C:\Users\Home\Desktop\Google Talk.lnk
[2010/09/16 01:02:36 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
[2010/09/16 01:02:24 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/16 01:02:22 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/09/16 00:58:10 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
[2010/09/15 01:19:16 | 000,000,746 | ---- | C] () -- C:\Users\Home\Desktop\ERUNT.lnk
[2010/09/13 20:10:08 | 000,019,968 | ---- | C] () -- C:\Users\Home\Desktop\Swiss Expenses.xls
[2009/10/31 19:16:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/20 17:52:55 | 009,771,742 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog2AA9.txt
[2009/09/20 17:51:25 | 000,037,039 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_MSDN_vs_90.txt
[2009/09/20 17:51:14 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_msdn_vs_90.txt
[2009/09/20 17:51:13 | 000,258,736 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_msdn_vs_90.txt
[2009/09/20 17:48:16 | 000,188,218 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SqlPubWiz.msi271A.txt
[2009/09/20 17:48:08 | 000,283,760 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_RefInt_x64_MSI2700.txt
[2009/09/20 17:47:51 | 000,549,116 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI26C9.txt
[2009/09/20 17:47:36 | 000,440,290 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI2698.txt
[2009/09/20 17:46:24 | 005,358,798 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Build_x64_MSI25AD.txt
[2009/09/20 17:46:06 | 000,653,338 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Tools_x64_MSI2572.txt
[2009/09/20 17:45:06 | 002,501,282 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_x64_MSI24AE.txt
[2009/09/20 17:40:43 | 004,652,682 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_MSI2153.txt
[2009/09/20 17:40:20 | 001,222,686 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_RDBG_AMD64_MSI2108.txt
[2009/09/20 17:38:48 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/20 17:33:11 | 000,488,718 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_64bitEmulator_MSI1B8F.txt
[2009/09/20 17:32:10 | 005,155,436 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMSP_5_0_MSI1AC8.txt
[2009/09/20 17:30:43 | 007,073,050 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMPPC_5_0_MSI19AC.txt
[2009/09/20 17:30:24 | 000,739,886 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCEDeviceRuntime_MSI196E.txt
[2009/09/20 17:30:16 | 000,331,702 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SQLCEToolsForVS2007_MSI1953.txt
[2009/09/20 17:30:07 | 000,357,614 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCERuntime_MSI1936.txt
[2009/09/20 17:29:20 | 000,842,960 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VSTOR_MSI189D.txt
[2009/09/20 17:28:45 | 001,049,088 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv35_MSI182A.txt
[2009/09/20 17:28:09 | 001,293,660 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv2_MSI17B5.txt
[2009/09/20 17:00:05 | 053,868,066 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog0239.txt
[2009/09/20 16:55:45 | 002,870,540 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_Dexplorer90_retMSI7EE8.txt
[2009/09/20 16:55:35 | 000,347,944 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_PreReq_AMD64_MSI7EC8.txt
[2009/09/20 16:54:04 | 001,864,064 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NET_Framework35_x64_MSI7D9F.txt
[2009/09/20 16:53:05 | 000,175,713 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/09/20 16:53:01 | 000,131,474 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35install.txt
[2009/09/20 16:53:01 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35error.txt
[2009/09/20 16:52:41 | 000,837,792 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VC_MinRed_MSI7C90.txt
[2009/09/20 16:50:28 | 000,191,477 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2009/09/20 16:50:18 | 000,621,994 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_vs_procore_90.txt
[2009/09/20 16:50:18 | 000,037,810 | ---- | C] () -- C:\Users\Home\AppData\Local\uxeventlog.txt
[2009/09/20 16:50:18 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_vs_procore_90.txt
[2009/09/17 18:19:54 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/29 08:11:44 | 000,568,850 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009/08/29 08:11:43 | 000,856,064 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/08/29 08:11:43 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/08/29 08:11:42 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/08/29 08:11:35 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/08/29 08:11:35 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/08/03 20:05:19 | 000,000,200 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wklnhst.dat
[2009/07/31 02:45:20 | 000,000,680 | ---- | C] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2008/01/21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/21 03:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >
 
Hi,

jmw3, he will be offline for a week or so but will let him know you said thanks.

You have some strange entries on your log, one that was not removed with OTL, not sure what thats all about, I need to look into it and will be back soon
 
Still waiting for reply.

Hi,

I know you are busy helping all here. I am replying just to say that I am waiting for your advise and I am not yet completely cured. I thought you may feel my system was alrigt if I didnt reply to this thread. I will wait till you give any further advice. Please dont consider this message as a chaser. Thanks.
 
Hi,

My bad :red:, lost your link to this thread. Lets do this


Download OTS.exe by OldTimer to your Desktop.
  1. Close any open browsers.
  2. Double-click on OTS.exe to start the program.
  3. Leave all settings as they appear as default, except for the following:
    • Under Drivers, select "All".
    • Under Additional Scans, click on the "Extra" button.
  4. Now click the Run Scan button on the toolbar.
  5. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  6. When the scan is complete Notepad will open with the report file loaded in it.
  7. Save that notepad file
Use the Reply button and attach the notepad file here (Do not copy and paste in a reply, Attach the file ).
 
HI,


Start OTS.

Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ ->
YN -> /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ->
YN -> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm ->
YN -> AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ ->
YN -> MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ->
YN -> ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ ->
YN -> mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm ->
YN -> zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ ->
YN -> /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ ->
YN -> AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA ->
YN -> M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ->
YN -> ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A ->
YN -> mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z ->
YN -> zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA ->
YN -> AAj/AP8JHEiwoMGDCBMqXMiwocOHECMypCaxosWLGCkK1JiQosd/H0OCHCnSI7WSJ0dujMhxZUI/ ->
YN -> A1tO7KiyJsabDFMdlInzYiqYCEWuLBmz6Ec/qYgK7bmQ50WnC3UWtWnRqcyPLv/5AUoQalaqUWGK ->
YN -> lNp0KtVUZJmq3cl2bcStFb0qREoz7sCkaauaXTu25lKIVtuO3CrX6N66AuFe7Qp4JF6JHCMLdisw ->
YN -> L+WG1H4+RMtYoUy4k/9Zjsr5ZmClJFMvXX13Z+HQX6du5Vp2oOLaiWkf3h0bLdmrryHjDS548WKc ->
YN -> ugnSjZgXafKDy1kqfOyZ+NPM2CVLZswzrfbUnf3G/8z783bQnaO1mieoOXbOgiepgzXs/jJ95pc1 ->
YN -> wiwPGv5DuaXZZtpdSXlmUEqYUeUVVvdRhBdn22VlGYOQ5ZZUfwxixxtFYimY21be8RaUb12dZGJ8 ->
YN -> B0aY33/ZTZcRdDqB2FB6BukEoHNxmZjUiScmWCGF/g31n1/YocXRb+E9NNs/UzRJ22kT2lRgbKBx ->
YN -> iCGPWA53ZHEH0TjkeT8GudGO6VmHo2gwNTmFXC15uRs1hJmEYn8jIpikQ24OGVJLKoq5EZYKGrnj ->
YN -> hrYhVWRmMaLQ5HzbeafjoyeCKJWKS8aEaGB51pSpdLFpZF2KILVZYosGnVnZk6moueOhg/IYqlPD ->
YN -> of/1HGlGOmTdpgYax5OdIhZ34pT+xXqbldzBOYWi8fVYGavMUlfegXXV2t5M87GHG2Jgqmfqfz9N ->
YN -> 4Ye3utkoGpxGaqRZrHACGpOar3k6nGh/lndospklp6GAldLkB6Kj0cinYZH9JDC4f3oaqnPf8vdk ->
YN -> Qakoeqy3ReGlpqIo+Daoeg03GSDDDicU65RHAiXVaBw6afHH8UllqGi+IUVifeJG2N+g5b40hW/1 ->
YN -> CnzyaCAivNy3FN+cUkrfTpzWg0w6rDG6tjV5JL+uwWvb0TupeXOX+/Gr9a9wSnqvy+BNHeVQ/FpM ->
YN -> jaIun2ziSi47J3DaKm9ltaIqoRU0CkA1CvTDyFr/mlSTij7mlbjwtmc4Yz8FPbLaXk4r62w3C13v ->
YN -> bJTTWa1n3wbcrNY7M16v1eAODLqWeY+kZtFOVjYc4LV21FKVU0v9IOhgV2agckaCC/m+ICk8m6BF ->
YN -> 2tpV4FTRtTbDnXfG97G5P2xy5yc7nKrzxifWce+ksnyXyFh17tyx/xCvX31O+SwpZzZ+W3mH9c24 ->
YN -> qEHeXm0a6FNoNXq+p1qsqrGnC+skq4IyEl2gBzyuUENjTFpTa5gELJDArWWlKY93ziRBtagvK3KT ->
YN -> X9igFRv67c1hC6vXvVKFNgcGjTD2KyHyCIgznK3NRH5A2wFvRqLp3cxtr7OctignMI7IzTo5i07T ->
YN -> /yZVGatlayFLmtvEnLYsnCGkaAa0mtv6V7bEWMZGEHqd9byFluc9Dm8tNJvHQuezST1rJt1pW9EI ->
YN -> N8NUla5goYJWvk4COOcdq23iqVHGKraSY6EAbUihmJXMJqdxkaWFZQMc71S4Rf2YKkPbM1TX5Haw ->
YN -> 9bSPISb73A0hBj8MEWhlBYkh6v4HEec4jFVWu9D/OFSgZD3IbXCL1/R0ohMmDsRJMsITUm54kp5J ->
YN -> Kpc9ISHbIKY+mOCoaHwCDXlkZUcE9gZ6IKFelWL4MBteCIAPepCV1oe6B/VNIKe75JhW1kWJFTNG ->
YN -> N8zj5RAyvT+9L2EFOR0sWxnAKaEOb9Lbme04mP9C3u2pjvJUXXYG6qCtaWiGN8ygodYIJIYJMZqa ->
YN -> 4aZWUiUwbPHmgpnp2wFRELH/nRGH6drRbO7GtzK55iR/XNM8u7U8FEDtOIYsktnY5c2rwQlZIiyV ->
YN -> Dk+VUF/uS32O9FND4JnASb1vI7isp9QEKiiledCiZUPdGFOpsIZ6zH40JInTuuitgZLJbVh7WwV/ ->
YN -> h7+JXgSBqSsiV2z40IlaTCueAijoxDc0ci3nKtWEzi4VuMD1TQShDvKNxhD6k3kxq3KFlRvlHITY ->
YN -> BQFmq0cVDRd3169QRnF0CCUljxoInTvCBy9vXCpjKpfH6dUumpsMnazIRFBmTe53p+IhTswVuKX/ ->
YN -> NQ9iZ8NtKAu1r1cusW13I2JBN9shlDKPZVhpbYjkNLRifitpZBxp/AKnMCFFxrD8AReiGuuhT7GU ->
YN -> r4lh4gEt2Z62iXWUW5WVUzc2lVaqhJo3BJ4rE+tej0Dwp8BSrHO2e0cvpu2/Zlvtaslq18aWTWe4 ->
YN -> 4p/QtDVDOj4XTWK1mG42OjHV2HE/O0sJuuLzsH258qcl6dnbQGTVlcRIutczjA631DSv9RJyu+pV ->
YN -> ZwmWtxmqJ74EOpny1ou45WXKlcYCI6A0JCvY+Oc55ZkY5dhJsqIgzE6T9DCu/DRe3hEIXMfikxvR ->
YN -> NFFYjhJv3Elg0CJkrhbCBW9AGu6v5kk+zRS0/0A7opiVd0jJxAgVTYrx1JKbGKBbGbAr2SVP2ubi ->
YN -> Ri6+dV1ShI8rp9Ynl7CPbPYddMGI6x12IZG0m7lPjXiVJGC6hGhGFBsRLSLBOPW2R66SrDr/xDZ4 ->
YN -> LQhSHCqUe3vnwEcPNXIP3gun75STnYrHaj5kb0YQ1KIjBWjFmnbdr07ay/M02SE/q26SPsWeObdF ->
YN -> w+KdqGP5KRmaqasmZO2ZwY4zwqFdLmdC6oyX/iIlWy+ZPOZOt15sEtgp06TRk+pRWx2omh7R8y0m ->
YN -> NQu1X3K7i1HrS0utl1aMHGZ2ZyUzgF7VxbBb7RH3KdjFjZqojqgSg4Wn230GmIyFV5pZsaWQvP/u ->
YN -> UuzGhOpdn2WfLN8Ijhq9atEifDoQHzhMOxUvsUxL0akBmZGvIsDWKitexzPxYI485yByNswLvBMk ->
YN -> MTXQOH585DM65NWPfp1lnyc4yX3iz4N0skH/a51dkjAh9Yl2fvLc2L9Z1bjoJZ03cz3qrFZNbXIO ->
YN -> r12qZtZOvq9dI3zewrv4I/KJkL3vTBIIjWfRVSEontZCFkn+CsGx1B7j8f4q3sinOk/RtSTZ4/iU ->
YN -> I53upg+byd2u8jmOyuBQ7xXEAfNssAx8OkhSHZiMThmP+6hGqz+5y8WJ9aRzat4V7bidtQyp0FNr ->
YN -> 8V/xfbaAtCqTEL8jTz94ME3q4VfdXi3Ql1B3flBNe6h8Xzi/OezvUx4Y1ssbjqhR+tW/HhVLGf9A ->
YN -> sGd42/E0suHbxz+owRrO13uA4X//x05/xnOpR38BaBfXgXUsAi3JlX09cX4HeIFMYYEVgSMXYnge ->
YN -> OE8gGGEHSHP20X494WXclIIqiFgoOHdiQmYCF4MYERAAOw==" -> C:\Users\Home\AppData\Local\Temp\login.exe [C:\Users\Home\AppData\Local\Temp\login.exe]
YN -> "Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ ->
YN -> /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ->
YN -> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm ->
YN -> AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ ->
YN -> MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ->
YN -> ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ ->
YN -> mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm ->
YN -> zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ ->
YN -> /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ ->
YN -> AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA ->
YN -> M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ->
YN -> ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A ->
YN -> mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z ->
YN -> zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA ->
YN -> AAj/AP8JHEiwoMGDCBMqXGgwFcOHECNKnLiQGjWKES8K1DiQI8aPHRP6+ecRpEmDJSGmrGjRYsiT ->
YN -> MGOeHCmz5st/fnLq1JnKT8+cP33uFLqzp1GgNjmuvFiSacGVIIFOGTo0KNWfU636mUq161avYHNO ->
YN -> CXqToNKyA1O1dHoWpU2FPIUeBRqXrl2ieB2SXEgzoUa9bwPjFBw151OBOs3u3YhW5sq+D/W2Pdj0 ->
YN -> JFS/ey8rfsuR6MGihCcCjoxRc8aFahm3DP3QacGdh6ntdLk6KdoprfdCXkyZpOmKmYNvpNaTpFrX ->
YN -> vDdP/C0R9uejwdm+3V0x1WjllK/HpC3ZJHOKk1M6//883u1q6YwVa6QeWW1q4cn3Wk8vfD79p8ep ->
YN -> TVVNfK1L5Re9p5pj/eUHl1Fw0XWfQmdJxx5DkPVnWlP9ZeSfbBYiZ9xyvmnIYEcFWmQdcSNaxZeC ->
YN -> AMZH30jSoffZQCPl1CKJDv1V42EoSeiSWrt56JZA9vnIm3+NBdaZHxfWhtNPGGmHkIv3HWWUewcJ ->
YN -> 6JeIBFn3IGYdOfnkfwRtaRaY9FWG3XDRoekUT5MpJmZvabXYoW5zRQiYUmD2VRxaxFFnY4rDKfna ->
YN -> j/FVmJtrtL3204SxhcTcUv/cuKB6MEpJ01oGsbgnQvbRR+WVZIqk1XUUWrngo4ANhVyLVjGVmpyw ->
YN -> Zv+WaIBgCrniXa8CKVuDS0oa0nFpYhoWVUPCx+B/3xGaqVAQodhaS4Bdl1WRDYJ5p6XurXqTRtzJ ->
YN -> 5dNPCDZ7mnmpcCXgb9d1umZiRcb4FYtwvtSdbFNAG+KALsLak34ooJAVXsUCy9Sss8oK66Uqfkjc ->
YN -> FAw37K+XDZllmHWddlTVhUjWBjCnZZULcYf2cpvfewFO0e/JmVkqY42CThoRux+aVa7JNPtr81Sh ->
YN -> KtUdYzIC+W25X03FFcLwGmfvyH0CFbJ+K8v8z1gWzYbTULqWe/LVKCBJ6kbe7ltmsbxy1HCRVdbM ->
YN -> cGrW+bvfnBEntCdW78oWrVzNybbVq3aLtWiSq0H/zC3DN59cb5xr5SeijT/79NraP341LjU2nwuk ->
YN -> zTpme3iSvO00lpabFtRq5qMiKRZPQGaFqZLaXtQXv1j7i6RiluMYcspyjf3kVx/f/jBCNN9pcKiB ->
YN -> 0ob7hSBHXbhQp8uK2N1RA61noXxN3q/JrkvWN3HA2boRw12nZTtDyG2VNULi/yulQ5bzbTFXz9WI ->
YN -> MM86zXhRwz5FjbPxxF9++q7iXx2poTQyj3BSoqGzpUcnQjMMRmzGKddV6XwiYlb9WmIXt1HsRLfj ->
YN -> nkNwliW6RaZANUOBQ4gCuJ0BB0JbIc/aPNgaP+wuUybTDsSo9B8S2kV/fcLW15Y3ksFF6l0KDNbU ->
YN -> /4oWJi0BBWs4K1+/3pQe4CWHaeIx4JlQwz2UfC8tXOrQpphEorvJjEg5ZJHcROSe+IlFik3BVtcM ->
YN -> JCLBZa11/pLId5gXJrFY5mQeKZ/vfHWgTzEtgQmE0WRudJ4BpmYr3KuL6ii2RqDtjTbUg+MSsfQk ->
YN -> EBFqLVVkTMNGk6wwnY1EavskFiOzmzLqDVg/HMyksNe1CnmwJ+aqSNGw17zaTc9m0/MVH+PFH4/o ->
YN -> x4dL4uBJrGY2wdEshYBK5W2C6KauqO518KJYrUDGPeGtzlgGeklOrnbMn4GLR99qJbcwpZ6tcOtd ->
YN -> vGxNw0wmI/uNzVuKYo9HPEbB7hlmYL55CvYiFf+kxXyFLXl7ndNwtBFiTu+aL9mnPmukxik9TWla ->
YN -> AqZKyuJChnHLe2q76Oh65Cj5pJBW7xnJyPIZp52FsTiqs+gaY8S+8/iSnwKJZL8CKtI4jlJCJL3M ->
YN -> ej4JS6hJM1u+q0gmYag2RSGGLKey2y49pC2XZYlE00INOJE3sBv1sGaaotfJSlS5rh4ufe5RKdNy ->
YN -> lxuBMDBixMQNTN1CtcXQi2QuEWk2M5azYm1meO7hKlBDtFegVnSrrOOmQmF60XSSxIBAm85QgdSR ->
YN -> dZK1jgqMH7KMUrijhUh/xwkSODdHsZ9WTGLOYpFM3Xi1UhbUqeTDmRQ5tCBiMkZSCythXoGqV2n/ ->
YN -> IjCcQVOgV5ckMjJ2lp8/0+BvfeOkij1TgaNFIssGtr8ABbVsYxEmQbOno8jttXn6MdUJ0wLEoU3w ->
YN -> p5WbmKE8Z58Lkncln/UcTogTuGO+NFL4IRGRKik0xrGWMhUVqUcrmTq3koifgIwo6aq1Gma+9lx1 ->
YN -> he9vtTum2sgUag/MkmZ9qT5EWhS1TWKngp00z87OlkbpyhiaYDSWdq6KgvL5bGGna5z0QgsxWVqi ->
YN -> iV5aIt5YjyWIzCZM/mJdD3OORzdB5bb+1zKA6kVVQ+oPEQeUrtEI2XArJiJd+zIb8574qJ315pTQ ->
YN -> p55Ega+vJbMv+FqWHZIqi3xKxeJ4lcXJO9Vm/7gwrmS0GLkvH3sYQlmyDfySWbUVK8dwU2zTZvLG ->
YN -> Qa2FKlqEIyeOEPQ+Sy44JM7BZzrVytiEmcRrYx7ssZDlxNzs8odBGa+rgkcRTMPOvMVdXnEeS53H ->
YN -> VnKHuWLymp+blhHpyCQxwgxezAlWuWnZzj4uWA6djNCcwghmOBIojCwNEicKuW2eG2dTJZLeZimV ->
YN -> ks1WZWcLVKJtgxfY4PImjcSDazWG88UDgjZJ6AqleM1TccZqjLAuOMHeyEnCKvZmpZHju07zjGPM ->
YN -> lqO0Jdw1onh2kdzdMkSMm2kymdJRSWtPtW3MaICTbdmTYnCTFA2p4MVOe6CuSsHxdkE8dbqfX/87 ->
YN -> DmxcpSWMJ1l1KRuRuxO8bpcx8VnLsdaOaoLKnCm6zAJfJLIrvegHmteweUbNjpEuKJwGyK5X+jZt ->
YN -> mPtstHwq4BRX0kYf9HTlRLNzGMawqwVDZs2AmSXFK56XcUrtib/mbhFiyB7VNUzW+KXqp+Wrijs6 ->
YN -> HIEN+dQ64tt/fgtyXemmZ5iBeUlY+Heod/3iofnq0QUOvdbkzpd+j1WmqhQRv8ntzG6zO57AWh+3 ->
YN -> winwjXcZmXQaLj4TmYLA6yTXa+328Jiwk5ziq7/V6yVyFh4m0sQ95/U50ThDHd9ZJPppqtrtx/Iq ->
YN -> znoB9BQHTS34OJfW8Q6bbhq1Q7T0iICV8ptWy8NOXOGLi8x2b7H5SWMZ5ZOfn3h3vxw5g2L4Yv0j ->
YN -> Hda4TPQPHpMyqqDKxmLpl3zyt3RAMnmscXMTNVjrh4DgcX9lNYAyg33rJ3e/Vzdmtl35h30GERAA ->
YY -> Ow==" -> C:\Users\Home\AppData\Local\Temp\win.exe [C:\Users\Home\AppData\Local\Temp\win.exe]
[Purity]
[Empty Temp Folders]
[Start Explorer]
Click to expand...



The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTS log.
 
OTS Run FIx Log

All Processes Killed
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AAj/AP8JHEiwoMGDCBMqXMiwocOHECMypCaxosWLGCkK1JiQosd/H0OCHCnSI7WSJ0dujMhxZUI/ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\A1tO7KiyJsabDFMdlInzYiqYCEWuLBmz6Ec/qYgK7bmQ50WnC3UWtWnRqcyPLv/5AUoQalaqUWGK not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lNp0KtVUZJmq3cl2bcStFb0qREoz7sCkaauaXTu25lKIVtuO3CrX6N66AuFe7Qp4JF6JHCMLdisw not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\L+WG1H4+RMtYoUy4k/9Zjsr5ZmClJFMvXX13Z+HQX6du5Vp2oOLaiWkf3h0bLdmrryHjDS548WKc not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ugnSjZgXafKDy1kqfOyZ+NPM2CVLZswzrfbUnf3G/8z783bQnaO1mieoOXbOgiepgzXs/jJ95pc1 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wiwPGv5DuaXZZtpdSXlmUEqYUeUVVvdRhBdn22VlGYOQ5ZZUfwxixxtFYimY21be8RaUb12dZGJ8 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\B0aY33/ZTZcRdDqB2FB6BukEoHNxmZjUiScmWCGF/g31n1/YocXRb+E9NNs/UzRJ22kT2lRgbKBx not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\iCGPWA53ZHEH0TjkeT8GudGO6VmHo2gwNTmFXC15uRs1hJmEYn8jIpikQ24OGVJLKoq5EZYKGrnj not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\hrYhVWRmMaLQ5HzbeafjoyeCKJWKS8aEaGB51pSpdLFpZF2KILVZYosGnVnZk6moueOhg/IYqlPD not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\of/1HGlGOmTdpgYax5OdIhZ34pT+xXqbldzBOYWi8fVYGavMUlfegXXV2t5M87GHG2Jgqmfqfz9N not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\4Ye3utkoGpxGaqRZrHACGpOar3k6nGh/lndospklp6GAldLkB6Kj0cinYZH9JDC4f3oaqnPf8vdk not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Qakoeqy3ReGlpqIo+Daoeg03GSDDDicU65RHAiXVaBw6afHH8UllqGi+IUVifeJG2N+g5b40hW/1 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CnzyaCAivNy3FN+cUkrfTpzWg0w6rDG6tjV5JL+uwWvb0TupeXOX+/Gr9a9wSnqvy+BNHeVQ/FpM not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\jaIun2ziSi47J3DaKm9ltaIqoRU0CkA1CvTDyFr/mlSTij7mlbjwtmc4Yz8FPbLaXk4r62w3C13v not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\bJTTWa1n3wbcrNY7M16v1eAODLqWeY+kZtFOVjYc4LV21FKVU0v9IOhgV2agckaCC/m+ICk8m6BF not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\2tpV4FTRtTbDnXfG97G5P2xy5yc7nKrzxifWce+ksnyXyFh17tyx/xCvX31O+SwpZzZ+W3mH9c24 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\qEHeXm0a6FNoNXq+p1qsqrGnC+skq4IyEl2gBzyuUENjTFpTa5gELJDArWWlKY93ziRBtagvK3KT not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\X9igFRv67c1hC6vXvVKFNgcGjTD2KyHyCIgznK3NRH5A2wFvRqLp3cxtr7OctignMI7IzTo5i07T not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\/yZVGatlayFLmtvEnLYsnCGkaAa0mtv6V7bEWMZGEHqd9byFluc9Dm8tNJvHQuezST1rJt1pW9EI not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\N8NUla5goYJWvk4COOcdq23iqVHGKraSY6EAbUihmJXMJqdxkaWFZQMc71S4Rf2YKkPbM1TX5Haw not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\9bSPISb73A0hBj8MEWhlBYkh6v4HEec4jFVWu9D/OFSgZD3IbXCL1/R0ohMmDsRJMsITUm54kp5J not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Kpc9ISHbIKY+mOCoaHwCDXlkZUcE9gZ6IKFelWL4MBteCIAPepCV1oe6B/VNIKe75JhW1kWJFTNG not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\N8zj5RAyvT+9L2EFOR0sWxnAKaEOb9Lbme04mP9C3u2pjvJUXXYG6qCtaWiGN8ygodYIJIYJMZqa not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\4aZWUiUwbPHmgpnp2wFRELH/nRGH6drRbO7GtzK55iR/XNM8u7U8FEDtOIYsktnY5c2rwQlZIiyV not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Dk+VUF/uS32O9FND4JnASb1vI7isp9QEKiiledCiZUPdGFOpsIZ6zH40JInTuuitgZLJbVh7WwV/ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\h7+JXgSBqSsiV2z40IlaTCueAijoxDc0ci3nKtWEzi4VuMD1TQShDvKNxhD6k3kxq3KFlRvlHITY not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BQFmq0cVDRd3169QRnF0CCUljxoInTvCBy9vXCpjKpfH6dUumpsMnazIRFBmTe53p+IhTswVuKX/ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NQ9iZ8NtKAu1r1cusW13I2JBN9shlDKPZVhpbYjkNLRifitpZBxp/AKnMCFFxrD8AReiGuuhT7GU not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\r4lh4gEt2Z62iXWUW5WVUzc2lVaqhJo3BJ4rE+tej0Dwp8BSrHO2e0cvpu2/Zlvtaslq18aWTWe4 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\4p/QtDVDOj4XTWK1mG42OjHV2HE/O0sJuuLzsH258qcl6dnbQGTVlcRIutczjA631DSv9RJyu+pV not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ZwmWtxmqJ74EOpny1ou45WXKlcYCI6A0JCvY+Oc55ZkY5dhJsqIgzE6T9DCu/DRe3hEIXMfikxvR not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NFFYjhJv3Elg0CJkrhbCBW9AGu6v5kk+zRS0/0A7opiVd0jJxAgVTYrx1JKbGKBbGbAr2SVP2ubi not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Ri6+dV1ShI8rp9Ynl7CPbPYddMGI6x12IZG0m7lPjXiVJGC6hGhGFBsRLSLBOPW2R66SrDr/xDZ4 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LQhSHCqUe3vnwEcPNXIP3gun75STnYrHaj5kb0YQ1KIjBWjFmnbdr07ay/M02SE/q26SPsWeObdF not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\w+KdqGP5KRmaqasmZO2ZwY4zwqFdLmdC6oyX/iIlWy+ZPOZOt15sEtgp06TRk+pRWx2omh7R8y0m not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NQu1X3K7i1HrS0utl1aMHGZ2ZyUzgF7VxbBb7RH3KdjFjZqojqgSg4Wn230GmIyFV5pZsaWQvP/u not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\UuzGhOpdn2WfLN8Ijhq9atEifDoQHzhMOxUvsUxL0akBmZGvIsDWKitexzPxYI485yByNswLvBMk not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MTXQOH585DM65NWPfp1lnyc4yX3iz4N0skH/a51dkjAh9Yl2fvLc2L9Z1bjoJZ03cz3qrFZNbXIO not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\r12qZtZOvq9dI3zewrv4I/KJkL3vTBIIjWfRVSEontZCFkn+CsGx1B7j8f4q3sinOk/RtSTZ4/iU not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\I53upg+byd2u8jmOyuBQ7xXEAfNssAx8OkhSHZiMThmP+6hGqz+5y8WJ9aRzat4V7bidtQyp0FNr not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\8V/xfbaAtCqTEL8jTz94ME3q4VfdXi3Ql1B3flBNe6h8Xzi/OezvUx4Y1ssbjqhR+tW/HhVLGf9A not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sGd42/E0suHbxz+owRrO13uA4X//x05/xnOpR38BaBfXgXUsAi3JlX09cX4HeIFMYYEVgSMXYnge not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\OE8gGGEHSHP20X494WXclIIqiFgoOHdiQmYCF4MYERAAOw==" not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AAj/AP8JHEiwoMGDCBMqXGgwFcOHECNKnLiQGjWKES8K1DiQI8aPHRP6+ecRpEmDJSGmrGjRYsiT not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MGOeHCmz5st/fnLq1JnKT8+cP33uFLqzp1GgNjmuvFiSacGVIIFOGTo0KNWfU636mUq161avYHNO not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CXqToNKyA1O1dHoWpU2FPIUeBRqXrl2ieB2SXEgzoUa9bwPjFBw151OBOs3u3YhW5sq+D/W2Pdj0 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\JFS/ey8rfsuR6MGihCcCjoxRc8aFahm3DP3QacGdh6ntdLk6KdoprfdCXkyZpOmKmYNvpNaTpFrX not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vDdP/C0R9uejwdm+3V0x1WjllK/HpC3ZJHOKk1M6//883u1q6YwVa6QeWW1q4cn3Wk8vfD79p8ep not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TVVNfK1L5Re9p5pj/eUHl1Fw0XWfQmdJxx5DkPVnWlP9ZeSfbBYiZ9xyvmnIYEcFWmQdcSNaxZeC not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AMZH30jSoffZQCPl1CKJDv1V42EoSeiSWrt56JZA9vnIm3+NBdaZHxfWhtNPGGmHkIv3HWWUewcJ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\6JeIBFn3IGYdOfnkfwRtaRaY9FWG3XDRoekUT5MpJmZvabXYoW5zRQiYUmD2VRxaxFFnY4rDKfna not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\j/FVmJtrtL3204SxhcTcUv/cuKB6MEpJ01oGsbgnQvbRR+WVZIqk1XUUWrngo4ANhVyLVjGVmpyw not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Zv+WaIBgCrniXa8CKVuDS0oa0nFpYhoWVUPCx+B/3xGaqVAQodhaS4Bdl1WRDYJ5p6XurXqTRtzJ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\5dNPCDZ7mnmpcCXgb9d1umZiRcb4FYtwvtSdbFNAG+KALsLak34ooJAVXsUCy9Sss8oK66Uqfkjc not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\FAw37K+XDZllmHWddlTVhUjWBjCnZZULcYf2cpvfewFO0e/JmVkqY42CThoRux+aVa7JNPtr81Sh not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KtUdYzIC+W25X03FFcLwGmfvyH0CFbJ+K8v8z1gWzYbTULqWe/LVKCBJ6kbe7ltmsbxy1HCRVdbM not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\cGrW+bvfnBEntCdW78oWrVzNybbVq3aLtWiSq0H/zC3DN59cb5xr5SeijT/79NraP341LjU2nwuk not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\zTpme3iSvO00lpabFtRq5qMiKRZPQGaFqZLaXtQXv1j7i6RiluMYcspyjf3kVx/f/jBCNN9pcKiB not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\0ob7hSBHXbhQp8uK2N1RA61noXxN3q/JrkvWN3HA2boRw12nZTtDyG2VNULi/yulQ5bzbTFXz9WI not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MM86zXhRwz5FjbPxxF9++q7iXx2poTQyj3BSoqGzpUcnQjMMRmzGKddV6XwiYlb9WmIXt1HsRLfj not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\nkNwliW6RaZANUOBQ4gCuJ0BB0JbIc/aPNgaP+wuUybTDsSo9B8S2kV/fcLW15Y3ksFF6l0KDNbU not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\/4oWJi0BBWs4K1+/3pQe4CWHaeIx4JlQwz2UfC8tXOrQpphEorvJjEg5ZJHcROSe+IlFik3BVtcM not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\JCLBZa11/pLId5gXJrFY5mQeKZ/vfHWgTzEtgQmE0WRudJ4BpmYr3KuL6ii2RqDtjTbUg+MSsfQk not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\EBFqLVVkTMNGk6wwnY1EavskFiOzmzLqDVg/HMyksNe1CnmwJ+aqSNGw17zaTc9m0/MVH+PFH4/o not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\x4dL4uBJrGY2wdEshYBK5W2C6KauqO518KJYrUDGPeGtzlgGeklOrnbMn4GLR99qJbcwpZ6tcOtd not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vGxNw0wmI/uNzVuKYo9HPEbB7hlmYL55CvYiFf+kxXyFLXl7ndNwtBFiTu+aL9mnPmukxik9TWla not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AqZKyuJChnHLe2q76Oh65Cj5pJBW7xnJyPIZp52FsTiqs+gaY8S+8/iSnwKJZL8CKtI4jlJCJL3M not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ej4JS6hJM1u+q0gmYag2RSGGLKey2y49pC2XZYlE00INOJE3sBv1sGaaotfJSlS5rh4ufe5RKdNy not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lxuBMDBixMQNTN1CtcXQi2QuEWk2M5azYm1meO7hKlBDtFegVnSrrOOmQmF60XSSxIBAm85QgdSR not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dZK1jgqMH7KMUrijhUh/xwkSODdHsZ9WTGLOYpFM3Xi1UhbUqeTDmRQ5tCBiMkZSCythXoGqV2n/ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IjCcQVOgV5ckMjJ2lp8/0+BvfeOkij1TgaNFIssGtr8ABbVsYxEmQbOno8jttXn6MdUJ0wLEoU3w not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\p5WbmKE8Z58Lkncln/UcTogTuGO+NFL4IRGRKik0xrGWMhUVqUcrmTq3koifgIwo6aq1Gma+9lx1 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\he9vtTum2sgUag/MkmZ9qT5EWhS1TWKngp00z87OlkbpyhiaYDSWdq6KgvL5bGGna5z0QgsxWVqi not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\iV5aIt5YjyWIzCZM/mJdD3OORzdB5bb+1zKA6kVVQ+oPEQeUrtEI2XArJiJd+zIb8574qJ315pTQ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\p55Ega+vJbMv+FqWHZIqi3xKxeJ4lcXJO9Vm/7gwrmS0GLkvH3sYQlmyDfySWbUVK8dwU2zTZvLG not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Qa2FKlqEIyeOEPQ+Sy44JM7BZzrVytiEmcRrYx7ssZDlxNzs8odBGa+rgkcRTMPOvMVdXnEeS53H not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VnKHuWLymp+blhHpyCQxwgxezAlWuWnZzj4uWA6djNCcwghmOBIojCwNEicKuW2eG2dTJZLeZimV not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ks1WZWcLVKJtgxfY4PImjcSDazWG88UDgjZJ6AqleM1TccZqjLAuOMHeyEnCKvZmpZHju07zjGPM not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lqO0Jdw1onh2kdzdMkSMm2kymdJRSWtPtW3MaICTbdmTYnCTFA2p4MVOe6CuSsHxdkE8dbqfX/87 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DmxcpSWMJ1l1KRuRuxO8bpcx8VnLsdaOaoLKnCm6zAJfJLIrvegHmteweUbNjpEuKJwGyK5X+jZt not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mPtstHwq4BRX0kYf9HTlRLNzGMawqwVDZs2AmSXFK56XcUrtib/mbhFiyB7VNUzW+KXqp+Wrijs6 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\HIEN+dQ64tt/fgtyXemmZ5iBeUlY+Heod/3iofnq0QUOvdbkzpd+j1WmqhQRv8ntzG6zO57AWh+3 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winwjXcZmXQaLj4TmYLA6yTXa+328Jiwk5ziq7/V6yVyFh4m0sQ95/U50ThDHd9ZJPppqtrtx/Iq not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\znoB9BQHTS34OJfW8Q6bbhq1Q7T0iICV8ptWy8NOXOGLi8x2b7H5SWMZ5ZOfn3h3vxw5g2L4Yv0j not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Hda4TPQPHpMyqqDKxmLpl3zyt3RAMnmscXMTNVjrh4DgcX9lNYAyg33rJ3e/Vzdmtl35h30GERAA not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Ow==" not found.
File C:\Users\Home\AppData\Local\Temp\win.exe not found.
[Purity]
Purity scan complete.
[Empty Temp Folders]


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Home
->Temp folder emptied: 9733146 bytes
->Temporary Internet Files folder emptied: 192697400 bytes
->Java cache emptied: 32618 bytes
->FireFox cache emptied: 43313694 bytes
->Google Chrome cache emptied: 10541780 bytes
->Flash cache emptied: 17193 bytes

User: Public

User: vijay

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5975034 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49554 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3887650 bytes

Total Files Cleaned = 254.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.40.0 fix logfile created on 10272010_201333

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
OTS Log

Hi
I have attached the OTS log after running the OTS fix. The fix results are posted in the above post.
 
All that garbage is still there, not sure what it is, never saw entries like that before. Let me check further, be back soon, don't worry I am linked this time so I wont lose you
 
Lets try a different approach, run OTL and post a new log.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"
  • Click the OK button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
 
Those lines of gibberish are not be recognized by the tools properly that we are using , hard to explain, but we have the author going to look them over , you posted a new OTS log , just need a new OTL so we can compare and he can see whats going on.
 
Status
Not open for further replies.
Back
Top