:OTL
O4 - HKU\S-1-5-21-375859105-3073260222-753941328-1001..\Run: [Adobe] C:\Users\Michael\AppData\Local\Ahead\Adobe\weiplhyp.dll (Microsoft® Corporation)
O4 - HKU\S-1-5-21-375859105-3073260222-753941328-1001..\Run: [Macrovision] C:\Users\Michael\AppData\Local\Macrovision\qwdxeftr.dll (Cyberlink)
O4 - HKU\S-1-5-21-375859105-3073260222-753941328-1001..\Run: [slauif] C:\Users\Michael\AppData\Local\Temp\slauif.dll (DT Soft Ltd)

O7 - HKU\S-1-5-21-375859105-3073260222-753941328-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-375859105-3073260222-753941328-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1

[2011/12/30 08:57:29 | 000,009,196 | -HS- | C] () -- C:\Users\Michael\AppData\Local\4nib871auvkdccie4owlw317wm8k0
[2011/12/30 08:57:29 | 000,009,196 | -HS- | C] () -- C:\ProgramData\4nib871auvkdccie4owlw317wm8k0

[2011/08/28 17:25:50 | 000,000,120 | ---- | C] () -- C:\Users\Michael\AppData\Local\Esilucowoziqip.dat
[2011/08/28 17:25:50 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Local\Nwusev.bin

[2011/08/17 07:40:26 | 000,010,150 | -HS- | C] () -- C:\Users\Michael\AppData\Local\33i86405bjib25ot2p4dg33624h37qko7qjfyw1ifx74
[2011/08/17 07:40:26 | 000,001,546 | -HS- | C] () -- C:\ProgramData\33i86405bjib25ot2p4dg33624h37qko7qjfyw1ifx74
[2011/08/17 07:40:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\yric.exe
[2011/08/17 07:40:25 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Local\ydhv.exe
[2011/08/17 07:40:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\wplf.exe
[2011/08/17 07:40:25 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Local\wkmy.exe
[2011/08/17 07:40:25 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Local\rlih.exe
[2011/08/17 07:40:25 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Local\kkpw.exe
[2011/08/17 07:40:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\hvtj.exe

[2012/04/30 09:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E85B3E000CE037006584C7B4EB2331

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]