system infected with security suite

Status
Not open for further replies.
Its still there ....

Hi,

I ran the bat file. but still the entries are not removed from the msconfig. There are no EXE files in the folder. But still msconfig shows those entries.:sad:
 
Boot to safemode

  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
    this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode



Go to Start > All Programs > Startup and delete anything starting with LVG...OHI. ok your way out....reboot, take another peak and see if there gone
 
No entries in Startup menu

Hi,

I booted in safe mode. There are no entries inside the Startup items so I couldnt delete anything from there.
 
disabled entries in registry

Hi,

I am attaching the exported registy entries containing the item that we are looking for. Has the removal tools missed this one or do we have some other tool to remove these entries?
 
Good Morning,

Nope, those did not show up on any of the scans, this junk is getting harder to remove all the time. I was about to ask you for that export but you beat me to it.

I need you to back up your registry one more time with ERUNT, make sure you do this before proceeding.


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ewmxnrosca.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlkc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlpe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlpsc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LvgciejlqMc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlud]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ohjxnxxw]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\sppobv]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YXE7DXCQ37]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{890DE1E0-19A6-7968-FF53-7863AEE79968}]

:Files
C:\Users\Home\AppData\Local\vpwkxpvvr
C:\Users\Home\AppData\Local\Temp\mskpwvmx.dll
C:\Users\Home\AppData\Local\Temp\Bwh.exe
C:\Users\Home\AppData\Roaming\Soaxl
C:\Users\Home\AppData\Local\Temp\ewmxnrosca.exe



:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )


Then reboot your system and post a new start up reg import like you did, or you can plug this into SystemLook

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
OTL Run fix log

OTL logfile created on: 11/8/2010 9:06:24 PM - Run 8
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 175.82 Gb Free Space | 62.04% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.84 Gb Free Space | 53.51% Space Free | Partition Type: NTFS

Computer Name: MANJULA-HOME | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys (Trend Micro Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (OA008Ufd) -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (OA008Vid) -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/31 18:27:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/31 18:27:59 | 000,000,000 | ---D | M]

[2010/10/19 20:49:13 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\mozilla\Extensions
[2010/11/07 16:50:47 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\zsd7rz7f.default\extensions
[2010/10/22 06:48:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\zsd7rz7f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/19 20:23:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/14 21:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/14 21:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/14 21:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/14 21:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/11/01 22:29:21 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.co.uk/s/v/63.16/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://inchnm03.tcs.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/02 13:25:10 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\tdsskiller
[2010/11/01 23:17:14 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/11/01 23:12:46 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2010/11/01 23:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010/11/01 23:10:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2010/11/01 23:10:28 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/11/01 23:10:28 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/11/01 23:10:27 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/11/01 23:10:27 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/11/01 23:08:54 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Windows Live
[2010/11/01 23:07:40 | 001,103,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webservices.dll
[2010/11/01 23:07:40 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webservices.dll
[2010/11/01 22:24:23 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\erunt
[2010/10/31 13:47:52 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\London Trip
[2010/10/28 21:03:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/10/28 21:01:53 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Uk Expenses
[2010/10/28 20:59:55 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Java runtime error logs
[2010/10/27 19:13:33 | 000,000,000 | ---D | C] -- C:\_OTS
[2010/10/26 19:15:21 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/10/26 19:15:21 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/10/26 19:15:20 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/10/26 19:15:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/10/26 19:15:19 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/10/26 19:15:19 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/10/20 02:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2010/10/20 02:20:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010/10/20 02:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/10/20 02:03:41 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2010/10/20 02:03:41 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2010/10/20 02:03:41 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2010/10/20 02:03:40 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010/10/20 02:03:39 | 001,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2010/10/20 02:03:39 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2010/10/20 02:03:39 | 000,981,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2010/10/20 02:03:39 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2010/10/20 02:03:39 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2010/10/20 02:03:39 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2010/10/20 02:03:39 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2010/10/20 02:03:39 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe
[2010/10/20 02:03:39 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2010/10/20 02:03:39 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2010/10/20 02:03:39 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2010/10/20 02:03:39 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2010/10/20 02:03:39 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2010/10/20 02:03:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2010/10/20 02:03:39 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2010/10/20 02:03:39 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecsExt.dll
[2010/10/20 02:03:39 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2010/10/20 02:03:39 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2010/10/20 02:03:38 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2010/10/20 02:03:38 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2010/10/20 02:03:38 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2010/10/20 02:03:38 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2010/10/20 02:03:38 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2010/10/20 02:03:38 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2010/10/20 02:03:38 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2010/10/20 02:03:38 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10level9.dll
[2010/10/20 02:03:38 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxgi.dll
[2010/10/20 02:03:38 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2010/10/20 02:03:38 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2010/10/20 02:03:38 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2010/10/20 02:03:38 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2010/10/20 02:03:38 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10core.dll
[2010/10/20 02:03:37 | 003,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2010/10/20 02:03:37 | 001,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2010/10/20 02:03:37 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2010/10/20 02:03:37 | 001,269,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2010/10/20 02:03:37 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2010/10/20 02:03:37 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10.dll
[2010/10/20 02:03:37 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2010/10/20 02:03:37 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2010/10/20 02:03:37 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2010/10/20 02:02:48 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe
[2010/10/20 02:02:48 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe
[2010/10/20 02:02:47 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll
[2010/10/20 02:02:36 | 002,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2010/10/20 02:02:36 | 002,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdshext.dll
[2010/10/20 02:02:36 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2010/10/20 02:02:36 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll
[2010/10/20 02:02:36 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtpUS.dll
[2010/10/20 02:02:36 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WpdUsb.sys
[2010/10/20 02:02:36 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdConns.dll
[2010/10/20 02:02:35 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2010/10/20 02:02:35 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2010/10/20 02:02:35 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2010/10/20 02:02:35 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll
[2010/10/20 02:02:35 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtp.dll
[2010/10/20 02:02:35 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll
[2010/10/20 02:02:35 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll
[2010/10/20 02:02:35 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll
[2010/10/20 02:02:35 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceTypes.dll
[2010/10/20 02:02:35 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll
[2010/10/20 02:02:35 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2010/10/20 02:02:35 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll
[2010/10/20 02:02:35 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll
[2010/10/20 02:00:30 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2010/10/20 02:00:30 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2010/10/20 02:00:30 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2010/10/20 02:00:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2010/10/20 02:00:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2010/10/19 20:49:08 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Mozilla
[2010/10/19 20:49:08 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Mozilla
[2010/10/19 20:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/10/14 23:42:08 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2010/10/14 23:42:08 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2010/10/14 23:42:07 | 003,815,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2010/10/14 23:42:07 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2010/10/14 23:42:07 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2010/10/14 23:42:07 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2010/10/14 22:14:33 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 22:14:33 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/14 22:13:40 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/10/14 22:13:40 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2010/10/14 22:13:40 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2010/10/14 22:13:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/14 22:13:33 | 001,915,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/14 22:13:30 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 22:13:30 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 22:13:27 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 22:13:27 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 22:13:25 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 22:13:14 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2010/10/14 22:13:14 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/10/14 22:12:59 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 22:12:58 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 22:12:58 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 22:12:58 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/14 22:12:58 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 22:12:58 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 22:12:58 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/14 22:12:58 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/14 22:12:57 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/10/14 22:12:57 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/10/14 22:12:57 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 22:12:57 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/10/14 22:12:57 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/14 22:12:57 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/10/14 22:12:57 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/10/14 22:12:56 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/10/14 22:12:56 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 22:12:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/10/14 22:12:56 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/14 22:12:56 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/10/14 22:12:56 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/10/14 22:12:56 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/10/14 22:12:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/10/14 22:12:56 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/10/14 22:12:56 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/10/14 22:12:56 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/10/14 22:12:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/14 22:12:56 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/14 22:12:38 | 013,426,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/14 22:12:34 | 010,627,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 22:12:31 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 22:12:31 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 22:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/10/10 22:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2010/10/10 22:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2010/10/10 22:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2010/10/10 22:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2010/10/10 22:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2010/10/10 22:57:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2010/10/10 15:55:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders

========== Files - Modified Within 30 Days ==========

[2010/11/08 21:08:20 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/08 21:08:20 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/08 21:08:20 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/08 21:05:42 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A65F5209-7875-4623-BD41-CEFBD59CC1B4}.job
[2010/11/08 21:05:42 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7FBA0C7D-C412-4974-BE03-F7065C3D79FB}.job
[2010/11/08 21:01:44 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/08 21:01:05 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/08 21:01:05 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/08 21:00:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/08 21:00:50 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/07 20:18:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/07 19:36:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1000UA.job
[2010/11/07 19:31:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001UA.job
[2010/11/07 02:36:59 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1000Core.job
[2010/11/06 15:53:37 | 000,000,040 | ---- | M] () -- C:\Users\Home\Desktop\temp.bat
[2010/11/06 11:35:17 | 000,002,039 | ---- | M] () -- C:\Users\Home\Desktop\Google Chrome.lnk
[2010/11/06 11:35:17 | 000,002,001 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/04 21:31:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001Core.job
[2010/11/02 13:24:55 | 001,207,026 | ---- | M] () -- C:\Users\Home\Desktop\tdsskiller.zip
[2010/11/02 13:06:25 | 000,385,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/28 23:34:57 | 000,075,264 | ---- | M] () -- C:\Users\Home\Desktop\SystemLook.exe
[2010/10/28 21:39:13 | 000,004,608 | ---- | M] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/28 21:34:18 | 000,183,641 | ---- | M] () -- C:\Users\Home\Desktop\OTL.zip
[2010/10/28 20:57:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/10/20 02:20:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/10/20 02:19:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/10/19 20:23:47 | 000,001,804 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/19 20:23:47 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/14 22:34:33 | 000,446,499 | ---- | M] () -- C:\Users\Home\Desktop\large-print-tube-map.pdf

========== Files Created - No Company Name ==========

[2010/11/07 01:13:31 | 4251,828,224 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/06 15:53:37 | 000,000,040 | ---- | C] () -- C:\Users\Home\Desktop\temp.bat
[2010/11/02 13:25:05 | 001,207,026 | ---- | C] () -- C:\Users\Home\Desktop\tdsskiller.zip
[2010/10/28 23:35:14 | 000,075,264 | ---- | C] () -- C:\Users\Home\Desktop\SystemLook.exe
[2010/10/28 21:34:18 | 000,183,641 | ---- | C] () -- C:\Users\Home\Desktop\OTL.zip
[2010/10/23 20:41:43 | 000,004,608 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/20 02:20:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/10/20 02:19:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/10/19 20:23:47 | 000,001,804 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/19 20:23:47 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/14 22:34:33 | 000,446,499 | ---- | C] () -- C:\Users\Home\Desktop\large-print-tube-map.pdf
[2010/01/10 13:49:04 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/01/10 13:45:51 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/31 18:16:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/20 16:52:55 | 009,771,742 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog2AA9.txt
[2009/09/20 16:51:25 | 000,037,039 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_MSDN_vs_90.txt
[2009/09/20 16:51:14 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_msdn_vs_90.txt
[2009/09/20 16:51:13 | 000,258,736 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_msdn_vs_90.txt
[2009/09/20 16:48:16 | 000,188,218 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SqlPubWiz.msi271A.txt
[2009/09/20 16:48:08 | 000,283,760 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_RefInt_x64_MSI2700.txt
[2009/09/20 16:47:51 | 000,549,116 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI26C9.txt
[2009/09/20 16:47:36 | 000,440,290 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI2698.txt
[2009/09/20 16:46:24 | 005,358,798 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Build_x64_MSI25AD.txt
[2009/09/20 16:46:06 | 000,653,338 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Tools_x64_MSI2572.txt
[2009/09/20 16:45:06 | 002,501,282 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_x64_MSI24AE.txt
[2009/09/20 16:40:43 | 004,652,682 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_MSI2153.txt
[2009/09/20 16:40:20 | 001,222,686 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_RDBG_AMD64_MSI2108.txt
[2009/09/20 16:38:48 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/20 16:33:11 | 000,488,718 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_64bitEmulator_MSI1B8F.txt
[2009/09/20 16:32:10 | 005,155,436 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMSP_5_0_MSI1AC8.txt
[2009/09/20 16:30:43 | 007,073,050 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMPPC_5_0_MSI19AC.txt
[2009/09/20 16:30:24 | 000,739,886 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCEDeviceRuntime_MSI196E.txt
[2009/09/20 16:30:16 | 000,331,702 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SQLCEToolsForVS2007_MSI1953.txt
[2009/09/20 16:30:07 | 000,357,614 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCERuntime_MSI1936.txt
[2009/09/20 16:29:20 | 000,842,960 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VSTOR_MSI189D.txt
[2009/09/20 16:28:45 | 001,049,088 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv35_MSI182A.txt
[2009/09/20 16:28:09 | 001,293,660 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv2_MSI17B5.txt
[2009/09/20 16:00:05 | 053,868,066 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog0239.txt
[2009/09/20 15:55:45 | 002,870,540 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_Dexplorer90_retMSI7EE8.txt
[2009/09/20 15:55:35 | 000,347,944 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_PreReq_AMD64_MSI7EC8.txt
[2009/09/20 15:54:04 | 001,864,064 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NET_Framework35_x64_MSI7D9F.txt
[2009/09/20 15:53:05 | 000,175,713 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/09/20 15:53:01 | 000,131,474 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35install.txt
[2009/09/20 15:53:01 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35error.txt
[2009/09/20 15:52:41 | 000,837,792 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VC_MinRed_MSI7C90.txt
[2009/09/20 15:50:28 | 000,191,477 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2009/09/20 15:50:18 | 000,621,994 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_vs_procore_90.txt
[2009/09/20 15:50:18 | 000,037,810 | ---- | C] () -- C:\Users\Home\AppData\Local\uxeventlog.txt
[2009/09/20 15:50:18 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_vs_procore_90.txt
[2009/09/17 17:19:54 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/29 07:11:44 | 000,568,850 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009/08/29 07:11:43 | 000,856,064 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/08/29 07:11:43 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/08/29 07:11:42 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/08/29 07:11:35 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/08/03 19:05:19 | 000,000,200 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wklnhst.dat
[2009/07/31 01:45:20 | 000,000,680 | ---- | C] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2008/01/21 02:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

< End of report >
 
OTl Runfix log

Hi
Sorry, the previous post was the OTL log after runing the RUN FIX.

The below post is the RUN FIX log: It seems that OTL is not able to find the entries. It says they are not found. But the entries are still there!!!:confused:
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ewmxnrosca.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlkc\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlpe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlpsc\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LvgciejlqMc\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlud\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ohjxnxxw\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\sppobv\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YXE7DXCQ37\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{890DE1E0-19A6-7968-FF53-7863AEE79968}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{890DE1E0-19A6-7968-FF53-7863AEE79968}\ not found.
========== FILES ==========
File\Folder C:\Users\Home\AppData\Local\vpwkxpvvr not found.
File\Folder C:\Users\Home\AppData\Local\Temp\mskpwvmx.dll not found.
File\Folder C:\Users\Home\AppData\Local\Temp\Bwh.exe not found.
File\Folder C:\Users\Home\AppData\Roaming\Soaxl not found.
File\Folder C:\Users\Home\AppData\Local\Temp\ewmxnrosca.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Home
->Temp folder emptied: 37106 bytes
->Temporary Internet Files folder emptied: 316981 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44691760 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 3652 bytes

User: Public

User: vijay

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 44.00 mb


OTL by OldTimer - Version 3.2.17.1 log created on 11082010_205923

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
reg export

The entries are still there.
System Lookup seems to search the entries in the WOW6432Node and hence it doenst produce the registry export as we thought. So I am manually exporting as I did in the earlier post.

Note: I didnt tick the Purity and LOP checkboxes in any of the OTL scans/fixes I did in this last post. I thought the code which I copied and pasted had the option to enable/disable them. So I left them unticked and just copy-pasted the code which you gave into the box. Is that causing the problem? Should I tick the LOP and purity while running the Run Fix in OTL.
 
Hi,

Got it thank you. I am going to have someone else look at this because this appears to be a simple fix and not sure why there not being removed
 
Have you rebooted your computer after the fix and prior to posting ?

Its showing in the fix that the reg entries and files are not found

Take a peek and see if these are present
C:\Users\Home\AppData\Local\vpwkxpvvr
C:\Users\Home\AppData\Local\Temp\mskpwvmx.dll
C:\Users\Home\AppData\Local\Temp\Bwh.exe

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
 
Last edited:
No temp files

Hi ,

Yes, the system rebooted itself when the Run fix was completed. so the OTL log was after the system reboot. I again restarted it manually and then exported the regitry entries.

I couldnt find any of that those files in the folders. There were no such files in the temp directory. I ran the TFC and rebooted the system.

The registry entries are still there....I want to keep you informed that I dont face any other open issues in my system. Other than these entries there are nothing unusual. So are we ok if we remove this thing somehow?

Will they be left out in anyother such places in the system??:fear:
 
Dont know why there showing in the reg import as OTL is showing that there not found.

Looking into another method.
 
We may be looking in the wrong place since this is 64bit

Open OTL,
Mark all the modules to NONE

Then copy and paste this into Custom Scans/Fixes

msconfig

Then click the Run Fix Button.

Post the results please
 
no entries

Hi,

I just pasted the line 'msconfig' in the custom scan box and ran Run fx. I got the following log immediately.


-----------------------------------------------------------------------------
Error: Unable to interpret <msconfig> in the current context!

OTL by OldTimer - Version 3.2.17.1 log created on 11102010_202548
 
Lets try this in Safemode, make sure you run ERUNT once again to back up the current registry settings

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ewmxnrosca.exe]
[-key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlkc]
[-key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlpe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlpsc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LvgciejlqMc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlud]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ohjxnxxw]
[-key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\sppobv]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YXE7DXCQ37]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{890DE1E0-19A6-7968-FF53-7863AEE79968}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{890DE1E0-19A6-7968-FF53-7863AEE79968}]
Click to expand...

Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

If you saved the file correctly it should look like this
reg.jpg
 
Run the above fix that I posted, reboot and then run OTL this way. Sorry for the confusion but things are a bit different with 64Bit and some tools act differently.

Open OTL, check each and every radio button to NONE. Then copy and paste msconfig into the Custom Scans/ Fixes box but this time click on Run Scan...Not Run Fix and post the log.
 
Status
Not open for further replies.
Back
Top