Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Virus and msiexec.exe problem

Started by Tylerkrebsbach123 , Jun 24 2011 12:44 AM

  • Please log in to reply

#1
Tylerkrebsbach123
Posted 24 June 2011 - 12:44 AM

Tylerkrebsbach123

    New Member

  • Member
  • Pip
  • 3 posts
Hello! I'm new to this forum and created this account to ask for some help regarding two problems...

First I've noticed two other topics regarding The Google Redirect Virus, and I'm fairly certain my computer has this also. I'm using Mozilla Firefox and every time I type in a search request the links lead to add sites, the yellow pages, and other sites of that kind. I can only find other sites by typing the URL in directly. I downloaded OTL and will post the log at the end of this if it's any help. (I've tried a scan with webroot and nothing has come up)

Second I keep receiving pop ups from "msiexec.exe" which whenever I pull up onto the screen will not allow me to cancel them, and freeze up the computer. At the moment three have appeared sense I've booted the computer up but I've avoided clicking on them so far.I'm not sure if the problems are connected or what, but I would very much appreciate any help available, I have very little computer knowledge.

OTL logfile created on: 6/24/2011 2:22:31 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Cicely\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 67.21% Memory free
7.60 Gb Paging File | 5.96 Gb Available in Paging File | 78.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 1.25 Gb Free Space | 1.25% Space Free | Partition Type: NTFS
Drive D: | 350.66 Gb Total Space | 293.25 Gb Free Space | 83.63% Space Free | Partition Type: NTFS

Computer Name: CICELY-PC | User Name: Cicely | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/06/23 22:12:51 | 000,565,248 | ---- | M] () -- C:\Users\Cicely\AppData\Local\Temp\0.8532980777556454.exe
PRC - [2011/06/22 20:54:12 | 000,545,280 | ---- | M] (CrypKey Inc.) -- C:\Users\Cicely\0.40784594667201746.exe
PRC - [2011/06/22 12:49:51 | 000,561,664 | ---- | M] () -- C:\Users\Cicely\0.7131146526782262.exe
PRC - [2011/06/22 12:14:39 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/19 02:07:48 | 000,783,360 | ---- | M] () -- C:\Windows\SysWOW64\UserAccountControlSettings32.exe
PRC - [2011/06/19 02:07:48 | 000,783,360 | ---- | M] () -- C:\ProgramData\iprtprio32.exe
PRC - [2011/05/16 16:50:06 | 001,378,352 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/05/16 16:32:07 | 003,276,136 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/04/24 00:30:44 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/04/18 18:04:58 | 003,900,032 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2011/03/30 09:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/12 04:02:40 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/12/14 03:17:48 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/12/04 03:59:28 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/11/20 16:49:14 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2009/11/11 00:21:36 | 000,717,312 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/06 21:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/09/30 08:01:32 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 08:01:30 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/16 07:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe


========== Modules (SafeList) ==========

MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/06/19 02:07:48 | 000,783,360 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\UserAccountControlSettings32.exe -- (wscsvc32)
SRV - [2011/05/16 16:32:07 | 003,276,136 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/04/18 18:04:58 | 003,900,032 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2011/03/15 22:27:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/30 08:01:32 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 08:01:30 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/18 18:05:08 | 000,137,760 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2011/04/18 18:05:06 | 000,058,480 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/28 19:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/23 04:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/25 23:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/27 09:15:14 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/11/20 02:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/06 16:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/26 16:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/09 23:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/28 05:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 02:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/05/18 17:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/11/19 23:49:12 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/01/22 19:44:12] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 97 83 03 4E 5D 8A 4F 94 E5 E6 BC 7A 20 2A CE [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/22 12:14:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/22 12:14:40 | 000,000,000 | ---D | M]

[2011/01/17 02:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cicely\AppData\Roaming\Mozilla\Extensions
[2011/06/23 21:55:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions
[2011/06/20 22:33:53 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions\{69c79524-5fcf-4649-b011-95d5b9df2703}
[2011/04/22 15:52:14 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/02/26 01:59:55 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions\[email protected]
[2011/05/31 15:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/31 15:01:15 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/01/23 03:41:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/23 03:41:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/06/21 00:46:39 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {03839793-5D4E-4F8A-94E5-E6BC7A202ACe} - C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-032.dll (wpcubed GmbH)
O2 - BHO: (206da9d8) - {05CA11F1-CA16-2364-3347-AD4AF88D65C9} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {08B2A21C-6624-2E11-2837-42E757D81498} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (no name) - {0E0E5E4F-5D4E-4F8A-94E5-E6BC7A202ACe} - C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-032.dll (wpcubed GmbH)
O2 - BHO: (206da9d8) - {10487C95-D323-2177-516A-8F7E8911F290} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {1CE549D5-9584-D533-AD5C-573F30CE4FAB} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {257AABF5-070E-09AA-45F7-63822B8FFAE5} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {297EE0E5-8206-20C1-226B-9248139944BC} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (206da9d8) - {310D8618-7806-AA44-8775-0A637E67F1B4} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {66481EA3-B7EA-4173-83AA-A0F01553C560} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {795026D0-63A3-EFDD-2954-B88FF5358FE3} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {7BF4D4B3-BBDF-EE3C-E7C2-11F48AF46092} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (206da9d8) - {B5B7DE37-344E-7B1F-40D3-2115D438D97D} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {BBF47915-2330-0649-AFC4-499E6183CE03} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (206da9d8) - {C18F67D7-699B-15DD-257F-C42BC0578455} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (206da9d8) - {E5325D24-8926-9D5C-9E7D-A883CE87F97F} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {E9EE9097-7BEB-33B5-643E-1A3603AB38F0} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [APLangApp] C:\Program Files (x86)\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKCU..\Run: [1344207245] C:\Users\Cicely\AppData\Local\Temp\0.8532980777556454.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Cicely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Cicely\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Cicely\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Cicely\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Cicely\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll) - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O30:64bit: - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
O30:64bit: - LSA: Security Packages - (ᘀ堀㄀) - File not found
O30 - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
O30 - LSA: Security Packages - (ᘀ堀㄀) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{05d81cd7-7512-11e0-a52c-002454787644}\Shell - "" = AutoRun
O33 - MountPoints2\{05d81cd7-7512-11e0-a52c-002454787644}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/24 02:20:02 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Cicely\Desktop\OTL.exe
[2011/06/24 02:19:28 | 000,000,000 | ---D | C] -- C:\Users\Cicely\Desktop\Remember to uninstall
[2011/06/24 02:01:49 | 000,000,000 | ---D | C] -- C:\Trend Micro
[2011/06/24 02:01:49 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/22 20:54:11 | 000,545,280 | ---- | C] (CrypKey Inc.) -- C:\Users\Cicely\0.40784594667201746.exe
[2011/06/21 01:21:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/06/21 01:21:28 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/21 01:13:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/06/21 01:13:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/06/21 01:13:34 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/06/21 01:07:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/21 00:54:36 | 004,131,325 | R--- | C] (Swearware) -- C:\Users\Cicely\Desktop\ComboFix.exe
[2011/06/20 14:11:08 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{FCCFDB30-E236-480E-A14D-44C9D99870B2}
[2011/06/20 02:09:34 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{86EA107E-2A47-4700-A35F-A9C7E0B8F2E8}
[2011/06/20 02:00:24 | 000,350,208 | ---- | C] (wpcubed GmbH) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll
[2011/06/18 11:55:57 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{CE13BF6D-FCD4-4553-9EFC-03A6BDC53D5A}
[2011/06/13 17:12:13 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
[2011/06/13 14:30:01 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{919497B1-0000-459F-8A87-8667DA99DA89}
[2011/06/12 03:36:26 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{AEA45712-A31F-4653-A632-642A69DA4E03}
[2011/06/11 01:11:11 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{4353B720-53CF-465F-8FC3-EB3FE29F3B39}
[2011/06/07 11:41:26 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{800B6571-F64B-4830-BB21-4339F6B975C9}
[2011/06/05 11:00:43 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{68D44D3D-EF19-4485-80EA-5DBBEF4C8C0E}
[2011/06/04 14:42:36 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{8CB908EC-524B-403D-BF31-07E78A725FF1}
[2011/06/04 00:08:30 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{36FC81DE-1B97-4FB3-92A7-6F62CF01B717}
[2011/06/02 16:04:49 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{3EF2A443-FE1E-4C90-A9C7-B9F07FC88703}
[2011/05/31 15:07:17 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Roaming\skypePM
[2011/05/31 15:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/31 15:02:12 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Roaming\Skype
[2011/05/31 14:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/31 14:59:42 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/05/31 14:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/05/31 14:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/05/28 21:58:28 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{8B23A3C4-FB84-482B-A601-C4BBFC2A3F00}
[2011/05/25 11:52:56 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{BE4DE228-E689-4744-92F5-88150A3E9014}
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Cicely\Desktop\*.tmp files -> C:\Users\Cicely\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/24 02:20:03 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Cicely\Desktop\OTL.exe
[2011/06/24 01:52:49 | 000,000,043 | ---- | M] () -- C:\ProgramData\9efe8a
[2011/06/24 01:25:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/06/22 20:54:12 | 000,545,280 | ---- | M] (CrypKey Inc.) -- C:\Users\Cicely\0.40784594667201746.exe
[2011/06/22 19:42:44 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/22 19:42:44 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/22 19:34:49 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/22 12:49:51 | 000,561,664 | ---- | M] () -- C:\Users\Cicely\0.7131146526782262.exe
[2011/06/21 00:54:45 | 004,131,325 | R--- | M] (Swearware) -- C:\Users\Cicely\Desktop\ComboFix.exe
[2011/06/20 03:14:51 | 000,740,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/06/20 03:14:51 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/06/20 03:14:51 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/06/20 02:00:28 | 000,000,105 | ---- | M] () -- C:\windows\SysWow64\716238586
[2011/06/20 02:00:27 | 000,184,320 | ---- | M] () -- C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll
[2011/06/20 02:00:24 | 000,350,208 | ---- | M] (wpcubed GmbH) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll
[2011/06/19 02:07:48 | 000,783,360 | ---- | M] () -- C:\windows\SysWow64\UserAccountControlSettings32.exe
[2011/06/19 02:07:48 | 000,783,360 | ---- | M] () -- C:\Users\Cicely\msiexec.exe
[2011/06/19 02:07:48 | 000,783,360 | ---- | M] () -- C:\ProgramData\iprtprio32.exe
[2011/06/19 02:07:48 | 000,783,360 | ---- | M] () -- C:\Users\Cicely\0.36728567855500527.exe
[2011/06/18 11:54:32 | 004,988,928 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/06/13 17:12:13 | 000,001,229 | ---- | M] () -- C:\Users\Cicely\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/06/13 17:12:13 | 000,001,205 | ---- | M] () -- C:\Users\Cicely\Desktop\FrostWire 4.21.8.lnk
[2011/05/31 15:07:24 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011/05/31 14:59:43 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Cicely\Desktop\*.tmp files -> C:\Users\Cicely\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/22 12:49:49 | 000,561,664 | ---- | C] () -- C:\Users\Cicely\0.7131146526782262.exe
[2011/06/21 01:18:11 | 000,000,043 | ---- | C] () -- C:\ProgramData\9efe8a
[2011/06/21 01:13:42 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/06/21 01:13:42 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/06/21 01:13:42 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/06/21 01:13:42 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/06/21 01:13:42 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/06/20 02:00:28 | 000,783,360 | ---- | C] () -- C:\ProgramData\iprtprio32.exe
[2011/06/20 02:00:27 | 000,184,320 | ---- | C] () -- C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll
[2011/06/20 02:00:26 | 000,783,360 | ---- | C] () -- C:\windows\SysWow64\UserAccountControlSettings32.exe
[2011/06/20 02:00:26 | 000,000,105 | ---- | C] () -- C:\windows\SysWow64\716238586
[2011/06/19 02:07:49 | 000,783,360 | ---- | C] () -- C:\Users\Cicely\msiexec.exe
[2011/06/19 02:07:47 | 000,783,360 | ---- | C] () -- C:\Users\Cicely\0.36728567855500527.exe
[2011/06/13 17:12:13 | 000,001,229 | ---- | C] () -- C:\Users\Cicely\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/06/13 17:12:13 | 000,001,205 | ---- | C] () -- C:\Users\Cicely\Desktop\FrostWire 4.21.8.lnk
[2011/05/31 15:07:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/31 14:59:43 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/01/17 19:54:07 | 000,030,424 | ---- | C] () -- C:\windows\SysWow64\wrLZMA.dll
[2010/08/25 23:34:30 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/08/25 23:34:30 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/08/25 23:34:30 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/01/23 00:11:17 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/01/23 00:11:17 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2010/01/22 07:34:04 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/01/22 06:45:23 | 000,000,800 | ---- | C] () -- C:\windows\HotFixList.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 17:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 17:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2006/10/08 06:33:54 | 000,000,000 | ---- | C] () -- C:\windows\R-series.ini

========== LOP Check ==========

[2011/01/17 20:56:32 | 000,000,000 | ---D | M] -- C:\Users\Cicely\AppData\Roaming\AVCWare
[2011/05/20 20:20:27 | 000,000,000 | ---D | M] -- C:\Users\Cicely\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/04/22 15:50:55 | 000,000,000 | ---D | M] -- C:\Users\Cicely\AppData\Roaming\DVDVideoSoft
[2011/01/29 16:45:23 | 000,000,000 | ---D | M] -- C:\Users\Cicely\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/15 01:28:28 | 000,000,000 | ---D | M] -- C:\Users\Cicely\AppData\Roaming\FrostWire
[2011/06/13 17:12:13 | 000,000,000 | ---D | M] -- C:\Users\Cicely\AppData\Roaming\OpenCandy
[2011/05/24 17:05:52 | 000,000,000 | ---D | M] -- C:\Users\Cicely\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/06/24 02:26:05 | 000,000,000 | ---D | M] -- C:\Users\Cicely\AppData\Roaming\uTorrent
[2011/05/22 11:48:15 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 24 June 2011 - 08:12 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************


:OTL
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
[2011/06/20 22:33:53 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions\{69c79524-5fcf-4649-b011-95d5b9df2703}
[2011/02/26 01:59:55 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions\[email protected]
[2011/01/23 03:41:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
O2 - BHO: (no name) - {03839793-5D4E-4F8A-94E5-E6BC7A202ACe} - C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-032.dll (wpcubed GmbH)
O2 - BHO: (206da9d8) - {05CA11F1-CA16-2364-3347-AD4AF88D65C9} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {08B2A21C-6624-2E11-2837-42E757D81498} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (no name) - {0E0E5E4F-5D4E-4F8A-94E5-E6BC7A202ACe} - C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-032.dll (wpcubed GmbH)
O2 - BHO: (206da9d8) - {10487C95-D323-2177-516A-8F7E8911F290} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {1CE549D5-9584-D533-AD5C-573F30CE4FAB} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {257AABF5-070E-09AA-45F7-63822B8FFAE5} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {297EE0E5-8206-20C1-226B-9248139944BC} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (206da9d8) - {310D8618-7806-AA44-8775-0A637E67F1B4} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {66481EA3-B7EA-4173-83AA-A0F01553C560} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {795026D0-63A3-EFDD-2954-B88FF5358FE3} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {7BF4D4B3-BBDF-EE3C-E7C2-11F48AF46092} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {B5B7DE37-344E-7B1F-40D3-2115D438D97D} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {BBF47915-2330-0649-AFC4-499E6183CE03} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (206da9d8) - {C18F67D7-699B-15DD-257F-C42BC0578455} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (206da9d8) - {E5325D24-8926-9D5C-9E7D-A883CE87F97F} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {E9EE9097-7BEB-33B5-643E-1A3603AB38F0} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKCU..\Run: [1344207245] C:\Users\Cicely\AppData\Local\Temp\0.8532980777556454.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O30:64bit: - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
O30:64bit: - LSA: Security Packages - (ᘀ堀㄀) - File not found
O30 - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
O30 - LSA: Security Packages - (ᘀ堀㄀) - File not found
[2011/06/24 01:52:49 | 000,000,043 | ---- | M] () -- C:\ProgramData\9efe8a
[2011/06/22 12:49:51 | 000,561,664 | ---- | M] () -- C:\Users\Cicely\0.7131146526782262.exe
[2011/06/20 02:00:28 | 000,000,105 | ---- | M] () -- C:\windows\SysWow64\716238586
[2011/06/20 02:00:27 | 000,184,320 | ---- | M] () -- C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll
[2011/06/20 02:00:24 | 000,350,208 | ---- | M] (wpcubed GmbH) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll
[2011/06/19 02:07:48 | 000,783,360 | ---- | M] () -- C:\Users\Cicely\msiexec.exe
[2011/06/19 02:07:48 | 000,783,360 | ---- | M] () -- C:\ProgramData\iprtprio32.exe
[2011/06/19 02:07:48 | 000,783,360 | ---- | M] () -- C:\Users\Cicely\0.36728567855500527.exe
[2011/06/13 17:12:13 | 000,001,229 | ---- | M] () -- C:\Users\Cicely\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/06/13 17:12:13 | 000,001,205 | ---- | M] () -- C:\Users\Cicely\Desktop\FrostWire 4.21.8.lnk
[2011/06/19 02:07:48 | 000,783,360 | ---- | M] () -- C:\windows\SysWow64\UserAccountControlSettings32.exe

:Commands
[purity]
[emptytemp]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.



Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it from the download page:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled (NOT THE FIXMBR BUTTON!)and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Ron
  • 0

#3
Tylerkrebsbach123
Posted 24 June 2011 - 09:14 PM

Tylerkrebsbach123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks!

Heres the notepad that came up after OTL Rebooted the computer

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
C:\Program Files (x86)\uTorrentBar\tbuTor.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files (x86)\uTorrentBar\tbuTor.dll not found.
C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions\{69c79524-5fcf-4649-b011-95d5b9df2703}\defaults\preferences folder moved successfully.
C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions\{69c79524-5fcf-4649-b011-95d5b9df2703}\defaults folder moved successfully.
C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions\{69c79524-5fcf-4649-b011-95d5b9df2703}\chrome folder moved successfully.
C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions\{69c79524-5fcf-4649-b011-95d5b9df2703} folder moved successfully.
C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions\[email protected]\searchplugin folder moved successfully.
C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions\[email protected]\lib folder moved successfully.
C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions\[email protected]\DualPackage folder moved successfully.
C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions\[email protected] folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03839793-5D4E-4F8A-94E5-E6BC7A202ACe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03839793-5D4E-4F8A-94E5-E6BC7A202ACe}\ deleted successfully.
C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-032.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05CA11F1-CA16-2364-3347-AD4AF88D65C9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05CA11F1-CA16-2364-3347-AD4AF88D65C9}\ deleted successfully.
C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08B2A21C-6624-2E11-2837-42E757D81498}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B2A21C-6624-2E11-2837-42E757D81498}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E0E5E4F-5D4E-4F8A-94E5-E6BC7A202ACe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E0E5E4F-5D4E-4F8A-94E5-E6BC7A202ACe}\ deleted successfully.
File C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10487C95-D323-2177-516A-8F7E8911F290}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10487C95-D323-2177-516A-8F7E8911F290}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CE549D5-9584-D533-AD5C-573F30CE4FAB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CE549D5-9584-D533-AD5C-573F30CE4FAB}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{257AABF5-070E-09AA-45F7-63822B8FFAE5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{257AABF5-070E-09AA-45F7-63822B8FFAE5}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{297EE0E5-8206-20C1-226B-9248139944BC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{297EE0E5-8206-20C1-226B-9248139944BC}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{310D8618-7806-AA44-8775-0A637E67F1B4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{310D8618-7806-AA44-8775-0A637E67F1B4}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66481EA3-B7EA-4173-83AA-A0F01553C560}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66481EA3-B7EA-4173-83AA-A0F01553C560}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{795026D0-63A3-EFDD-2954-B88FF5358FE3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{795026D0-63A3-EFDD-2954-B88FF5358FE3}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7BF4D4B3-BBDF-EE3C-E7C2-11F48AF46092}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BF4D4B3-BBDF-EE3C-E7C2-11F48AF46092}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5B7DE37-344E-7B1F-40D3-2115D438D97D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5B7DE37-344E-7B1F-40D3-2115D438D97D}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBF47915-2330-0649-AFC4-499E6183CE03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBF47915-2330-0649-AFC4-499E6183CE03}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files (x86)\uTorrentBar\tbuTor.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C18F67D7-699B-15DD-257F-C42BC0578455}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C18F67D7-699B-15DD-257F-C42BC0578455}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5325D24-8926-9D5C-9E7D-A883CE87F97F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5325D24-8926-9D5C-9E7D-A883CE87F97F}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9EE9097-7BEB-33B5-643E-1A3603AB38F0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9EE9097-7BEB-33B5-643E-1A3603AB38F0}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files (x86)\uTorrentBar\tbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
File C:\Program Files (x86)\uTorrentBar\tbuTor.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\1344207245 deleted successfully.
C:\Users\Cicely\AppData\Local\Temp\0.8532980777556454.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:椀渀搀漀眀猀 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:ᘀ堀㄀ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:椀渀搀漀眀猀 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:ᘀ堀㄀ deleted successfully.
C:\ProgramData\9efe8a moved successfully.
C:\Users\Cicely\0.7131146526782262.exe moved successfully.
C:\Windows\SysWOW64\716238586 moved successfully.
File C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll not found.
File C:\windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll not found.
C:\Users\Cicely\msiexec.exe moved successfully.
C:\ProgramData\iprtprio32.exe moved successfully.
C:\Users\Cicely\0.36728567855500527.exe moved successfully.
C:\Users\Cicely\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk moved successfully.
C:\Users\Cicely\Desktop\FrostWire 4.21.8.lnk moved successfully.
C:\Windows\SysWOW64\UserAccountControlSettings32.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Cicely
->Temp folder emptied: 518503617 bytes
->Temporary Internet Files folder emptied: 13672335 bytes
->Java cache emptied: 1833802 bytes
->FireFox cache emptied: 113173330 bytes
->Flash cache emptied: 141681 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 79778 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 78381397 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 692.00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 06242011_225053

Files\Folders moved on Reboot...
C:\Users\Cicely\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\windows\temp\WFV71A.tmp moved successfully.

Registry entries deleted on Reboot...

---------------------------------------------
And here is the one that came up after the "all scan thing"
---------------------------------------------

OTL logfile created on: 6/24/2011 11:00:02 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Cicely\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 60.89% Memory free
7.60 Gb Paging File | 6.02 Gb Available in Paging File | 79.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 1.59 Gb Free Space | 1.59% Space Free | Partition Type: NTFS
Drive D: | 350.66 Gb Total Space | 293.25 Gb Free Space | 83.63% Space Free | Partition Type: NTFS

Computer Name: CICELY-PC | User Name: Cicely | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/24 02:20:03 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Cicely\Desktop\OTL.exe
PRC - [2011/05/16 16:50:06 | 001,378,352 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/05/16 16:32:07 | 003,276,136 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/04/24 00:30:44 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/04/18 18:04:58 | 003,900,032 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/12 04:02:40 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/12/14 03:17:48 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/12/04 03:59:28 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/11/20 16:49:14 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2009/11/20 03:35:38 | 000,013,312 | ---- | M] (DoctorSoft) -- C:\Program Files (x86)\AnyPC Client\APLangApp.exe
PRC - [2009/11/11 00:21:36 | 000,717,312 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/06 21:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/09/30 08:01:32 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 08:01:30 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/16 07:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe


========== Modules (SafeList) ==========

MOD - [2011/06/24 02:20:03 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Cicely\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/05/16 16:32:07 | 003,276,136 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/04/18 18:04:58 | 003,900,032 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2011/03/15 22:27:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/30 08:01:32 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 08:01:30 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/18 18:05:08 | 000,137,760 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2011/04/18 18:05:06 | 000,058,480 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/28 19:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/23 04:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/25 23:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/27 09:15:14 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/11/20 02:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/06 16:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/26 16:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/09 23:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/28 05:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 02:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/05/18 17:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/11/19 23:49:12 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/01/22 19:44:12] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 97 83 03 4E 5D 8A 4F 94 E5 E6 BC 7A 20 2A CE [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/22 12:14:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/22 12:14:40 | 000,000,000 | ---D | M]

[2011/01/17 02:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cicely\AppData\Roaming\Mozilla\Extensions
[2011/06/24 22:52:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions
[2011/04/22 15:52:14 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/06/24 22:52:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/31 15:01:15 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/01/23 03:41:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/06/21 00:46:39 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [APLangApp] C:\Program Files (x86)\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Cicely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Cicely\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Cicely\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Cicely\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Cicely\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O30:64bit: - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
O30:64bit: - LSA: Security Packages - (ᘀ堀㄀) - File not found
O30 - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
O30 - LSA: Security Packages - (ᘀ堀㄀) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{05d81cd7-7512-11e0-a52c-002454787644}\Shell - "" = AutoRun
O33 - MountPoints2\{05d81cd7-7512-11e0-a52c-002454787644}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/24 22:56:20 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{4EF0E96A-2261-4702-AA01-7CA678BAD147}
[2011/06/24 22:50:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/24 02:20:02 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Cicely\Desktop\OTL.exe
[2011/06/24 02:19:28 | 000,000,000 | ---D | C] -- C:\Users\Cicely\Desktop\Remember to uninstall
[2011/06/24 02:01:49 | 000,000,000 | ---D | C] -- C:\Trend Micro
[2011/06/24 02:01:49 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/22 20:54:11 | 000,545,280 | ---- | C] (CrypKey Inc.) -- C:\Users\Cicely\0.40784594667201746.exe
[2011/06/21 01:21:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/06/21 01:21:28 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/21 01:13:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/06/21 01:13:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/06/21 01:13:34 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/06/21 01:07:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/21 00:54:36 | 004,131,325 | R--- | C] (Swearware) -- C:\Users\Cicely\Desktop\ComboFix.exe
[2011/06/20 14:11:08 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{FCCFDB30-E236-480E-A14D-44C9D99870B2}
[2011/06/20 02:09:34 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{86EA107E-2A47-4700-A35F-A9C7E0B8F2E8}
[2011/06/18 11:55:57 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{CE13BF6D-FCD4-4553-9EFC-03A6BDC53D5A}
[2011/06/16 18:58:51 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2011/06/16 18:58:51 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeeds.dll
[2011/06/16 18:58:49 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2011/06/16 18:58:49 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2011/06/16 18:58:49 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2011/06/16 18:58:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2011/06/16 18:58:49 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2011/06/16 18:58:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2011/06/16 18:58:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2011/06/16 18:58:48 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2011/06/16 18:58:47 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2011/06/16 18:58:47 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2011/06/16 18:58:47 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2011/06/16 18:58:46 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2011/06/16 18:58:29 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll
[2011/06/16 18:58:29 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d10_1.dll
[2011/06/16 18:58:26 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2011/06/13 17:12:13 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
[2011/06/13 14:30:01 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{919497B1-0000-459F-8A87-8667DA99DA89}
[2011/06/12 03:36:26 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{AEA45712-A31F-4653-A632-642A69DA4E03}
[2011/06/11 01:11:11 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{4353B720-53CF-465F-8FC3-EB3FE29F3B39}
[2011/06/07 11:41:26 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{800B6571-F64B-4830-BB21-4339F6B975C9}
[2011/06/05 11:00:43 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{68D44D3D-EF19-4485-80EA-5DBBEF4C8C0E}
[2011/06/04 14:42:36 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{8CB908EC-524B-403D-BF31-07E78A725FF1}
[2011/06/04 00:08:30 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{36FC81DE-1B97-4FB3-92A7-6F62CF01B717}
[2011/06/02 16:04:49 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{3EF2A443-FE1E-4C90-A9C7-B9F07FC88703}
[2011/05/31 15:07:17 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Roaming\skypePM
[2011/05/31 15:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/31 15:02:12 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Roaming\Skype
[2011/05/31 14:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/31 14:59:42 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/05/31 14:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/05/31 14:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/05/28 21:58:28 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{8B23A3C4-FB84-482B-A601-C4BBFC2A3F00}
[1 C:\Users\Cicely\Desktop\*.tmp files -> C:\Users\Cicely\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/24 23:02:30 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/24 23:02:30 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/24 22:54:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/06/24 22:54:37 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/24 02:20:03 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Cicely\Desktop\OTL.exe
[2011/06/22 20:54:12 | 000,545,280 | ---- | M] (CrypKey Inc.) -- C:\Users\Cicely\0.40784594667201746.exe
[2011/06/21 00:54:45 | 004,131,325 | R--- | M] (Swearware) -- C:\Users\Cicely\Desktop\ComboFix.exe
[2011/06/20 03:14:51 | 000,740,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/06/20 03:14:51 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/06/20 03:14:51 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/06/18 11:54:32 | 004,988,928 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/05/31 15:07:24 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011/05/31 14:59:43 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Users\Cicely\Desktop\*.tmp files -> C:\Users\Cicely\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/21 01:13:42 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/06/21 01:13:42 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/06/21 01:13:42 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/06/21 01:13:42 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/06/21 01:13:42 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/05/31 15:07:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/31 14:59:43 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/01/17 19:54:07 | 000,030,424 | ---- | C] () -- C:\windows\SysWow64\wrLZMA.dll
[2010/08/25 23:34:30 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/08/25 23:34:30 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/08/25 23:34:30 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/01/23 00:11:17 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/01/23 00:11:17 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2010/01/22 07:34:04 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/01/22 06:45:23 | 000,000,800 | ---- | C] () -- C:\windows\HotFixList.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 17:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 17:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2006/10/08 06:33:54 | 000,000,000 | ---- | C] () -- C:\windows\R-series.ini

< End of report >
  • 0

#4
RKinner
Posted 24 June 2011 - 10:57 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
After you finish the other things:


Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************

:OTL
O4 - Startup: C:\Users\Cicely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll) - File not found
[2011/06/22 20:54:12 | 000,545,280 | ---- | M] (CrypKey Inc.) -- C:\Users\Cicely\0.40784594667201746.exe
O33 - MountPoints2\{05d81cd7-7512-11e0-a52c-002454787644}\Shell - "" = AutoRun
O33 - MountPoints2\{05d81cd7-7512-11e0-a52c-002454787644}\Shell\AutoRun\command - "" = F:\setup.exe -a

:Commands
[purity]
[emptytemp]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP