Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Several threats that can't be removed. PWS:Win32/Zbot.gen!Y /


  • This topic is locked This topic is locked

#16
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

  • Save this file to your desktop: Attached File  fix.txt   25.1KB   117 downloads
  • Run OTL.
  • Drag and drop fix.txt into the Custom Scans and Fixes box.
  • If you cannot drag and drop for some reason then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your desktop.
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Step 2

Please run the MS Fixit here to reset the TCP/IP.


Step 3

  • Open OTL again and check the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt

  • 0

Advertisements


#17
Grayfox23

Grayfox23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OTL Fix Log

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2964945071-228226090-1184030744-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C7C11DCF-C9C2-4677-8A00-911F0BD2EC27}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7C11DCF-C9C2-4677-8A00-911F0BD2EC27}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2964945071-228226090-1184030744-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2964945071-228226090-1184030744-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\Users\Jordan.Jordan-PC\AppData\Local\_\PQR.exe_Url_hputfi1igehzfmsiz2pzskmdfrwqn1ev\2.0.0.0 folder moved successfully.
C:\Users\Jordan.Jordan-PC\AppData\Local\_\PQR.exe_Url_hputfi1igehzfmsiz2pzskmdfrwqn1ev folder moved successfully.
C:\Users\Jordan.Jordan-PC\AppData\Local\_ folder moved successfully.
C:\Users\Jordan.Jordan-PC\AppData\Local\15f57215gifh67ld4m6jc81738x18gxu0iqowb6mto53 moved successfully.
C:\ProgramData\15f57215gifh67ld4m6jc81738x18gxu0iqowb6mto53 moved successfully.
C:\ProgramData\pcch.exe moved successfully.
C:\ProgramData\nact.exe moved successfully.
C:\ProgramData\cpbv.exe moved successfully.
C:\ProgramData\brwy.exe moved successfully.
C:\Users\Jordan.Jordan-PC\AppData\Roaming\Fiudmy folder moved successfully.
C:\Users\Jordan.Jordan-PC\AppData\Roaming\Ytqixu folder moved successfully.
C:\Windows\SysWow64\睟 folder moved successfully.
Folder C:\Windows\SysWow64\睟\ not found.
C:\Windows\SysWow64\矌 folder moved successfully.
Folder C:\Windows\SysWow64\矌\ not found.
C:\Windows\SysWow64\眑 folder moved successfully.
Folder C:\Windows\SysWow64\眑\ not found.
C:\Windows\SysWow64\盺 folder moved successfully.
Folder C:\Windows\SysWow64\盺\ not found.
C:\Windows\SysWow64\睿 folder moved successfully.
Folder C:\Windows\SysWow64\睿\ not found.
C:\Windows\SysWow64\瞪 folder moved successfully.
Folder C:\Windows\SysWow64\瞪\ not found.
C:\Windows\SysWow64\矒 folder moved successfully.
Folder C:\Windows\SysWow64\矒\ not found.
C:\Windows\SysWow64\瞙 folder moved successfully.
Folder C:\Windows\SysWow64\瞙\ not found.
C:\Windows\SysWow64\眖 folder moved successfully.
Folder C:\Windows\SysWow64\眖\ not found.
C:\Windows\SysWow64\矄 folder moved successfully.
Folder C:\Windows\SysWow64\矄\ not found.
C:\Windows\SysWow64\睜 folder moved successfully.
Folder C:\Windows\SysWow64\睜\ not found.
C:\Windows\SysWow64\睇 folder moved successfully.
Folder C:\Windows\SysWow64\睇\ not found.
C:\Windows\SysWow64\睖 folder moved successfully.
Folder C:\Windows\SysWow64\睖\ not found.
C:\Windows\SysWow64\睼 folder moved successfully.
Folder C:\Windows\SysWow64\睼\ not found.
C:\Windows\SysWow64\矦 folder moved successfully.
Folder C:\Windows\SysWow64\矦\ not found.
C:\Windows\SysWow64\眈 folder moved successfully.
Folder C:\Windows\SysWow64\眈\ not found.
C:\Windows\SysWow64\瞀 folder moved successfully.
Folder C:\Windows\SysWow64\瞀\ not found.
C:\Windows\SysWow64\矗 folder moved successfully.
Folder C:\Windows\SysWow64\矗\ not found.
C:\Windows\SysWow64\眘 folder moved successfully.
Folder C:\Windows\SysWow64\眘\ not found.
C:\Windows\SysWow64\瞏 folder moved successfully.
Folder C:\Windows\SysWow64\瞏\ not found.
C:\Windows\SysWow64\矠 folder moved successfully.
Folder C:\Windows\SysWow64\矠\ not found.
C:\Windows\SysWow64\睢 folder moved successfully.
Folder C:\Windows\SysWow64\睢\ not found.
C:\Windows\SysWow64\睭 folder moved successfully.
Folder C:\Windows\SysWow64\睭\ not found.
C:\Windows\SysWow64\矩 folder moved successfully.
Folder C:\Windows\SysWow64\矩\ not found.
C:\Windows\SysWow64\瞥 folder moved successfully.
Folder C:\Windows\SysWow64\瞥\ not found.
C:\Windows\SysWow64\瞟 folder moved successfully.
Folder C:\Windows\SysWow64\瞟\ not found.
C:\Windows\SysWow64\睯 folder moved successfully.
Folder C:\Windows\SysWow64\睯\ not found.
C:\Windows\SysWow64\盫 folder moved successfully.
Folder C:\Windows\SysWow64\盫\ not found.
C:\Windows\SysWow64\眓 folder moved successfully.
Folder C:\Windows\SysWow64\眓\ not found.
C:\Windows\SysWow64\睃 folder moved successfully.
Folder C:\Windows\SysWow64\睃\ not found.
C:\Windows\SysWow64\矚 folder moved successfully.
Folder C:\Windows\SysWow64\矚\ not found.
C:\Windows\SysWow64\睻 folder moved successfully.
Folder C:\Windows\SysWow64\睻\ not found.
C:\Windows\SysWow64\睾 folder moved successfully.
Folder C:\Windows\SysWow64\睾\ not found.
C:\Windows\SysWow64\眬 folder moved successfully.
Folder C:\Windows\SysWow64\眬\ not found.
C:\Windows\SysWow64\瞇 folder moved successfully.
Folder C:\Windows\SysWow64\瞇\ not found.
C:\Windows\SysWow64\矟 folder moved successfully.
Folder C:\Windows\SysWow64\矟\ not found.
C:\Windows\SysWow64\眙 folder moved successfully.
Folder C:\Windows\SysWow64\眙\ not found.
C:\Windows\SysWow64\睽 folder moved successfully.
Folder C:\Windows\SysWow64\睽\ not found.
C:\Windows\SysWow64\矢 folder moved successfully.
Folder C:\Windows\SysWow64\矢\ not found.
C:\Windows\SysWow64\眇 folder moved successfully.
Folder C:\Windows\SysWow64\眇\ not found.
C:\Windows\SysWow64\眒 folder moved successfully.
Folder C:\Windows\SysWow64\眒\ not found.
C:\Windows\SysWow64\眄 folder moved successfully.
Folder C:\Windows\SysWow64\眄\ not found.
C:\Windows\SysWow64\瞱 folder moved successfully.
Folder C:\Windows\SysWow64\瞱\ not found.
C:\Windows\SysWow64\眨 folder moved successfully.
Folder C:\Windows\SysWow64\眨\ not found.
C:\Windows\SysWow64\瞔 folder moved successfully.
Folder C:\Windows\SysWow64\瞔\ not found.
C:\Windows\SysWow64\矡 folder moved successfully.
Folder C:\Windows\SysWow64\矡\ not found.
C:\Windows\SysWow64\睋 folder moved successfully.
Folder C:\Windows\SysWow64\睋\ not found.
C:\Windows\SysWow64\矔 folder moved successfully.
Folder C:\Windows\SysWow64\矔\ not found.
C:\Windows\SysWow64\眜 folder moved successfully.
Folder C:\Windows\SysWow64\眜\ not found.
C:\Windows\SysWow64\睗 folder moved successfully.
Folder C:\Windows\SysWow64\睗\ not found.
C:\Windows\SysWow64\瞩 folder moved successfully.
Folder C:\Windows\SysWow64\瞩\ not found.
C:\Windows\SysWow64\矡 folder moved successfully.
Folder C:\Windows\SysWow64\矡\ not found.
C:\Windows\SysWow64\�矊 folder moved successfully.
Folder C:\Windows\SysWow64\�矊\ not found.
C:\Windows\SysWow64\盯 folder moved successfully.
Folder C:\Windows\SysWow64\盯\ not found.
C:\Windows\SysWow64\睬 folder moved successfully.
Folder C:\Windows\SysWow64\睬\ not found.
C:\Windows\msdownld.tmp folder deleted successfully.
========== FILES ==========
File\Folder C:\Users\Jordan.Jordan-PC\AppData\Local\Temp\0.4310279220364035.exe not found.
File\Folder C:\Users\Jordan.Jordan-PC\AppData\Local\Temp\8545.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jordan
->Temp folder emptied: 0 bytes

User: Jordan.Jordan-PC
->Temp folder emptied: 303860857 bytes
->Temporary Internet Files folder emptied: 85304231 bytes
->Java cache emptied: 12236172 bytes
->FireFox cache emptied: 125814898 bytes
->Flash cache emptied: 71024 bytes

User: JORDAN~1~JOR
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 604914 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 83570 bytes
RecycleBin emptied: 1111 bytes

Total Files Cleaned = 504.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.36.3 log created on 03142012_200842

Files\Folders moved on Reboot...
C:\Users\Jordan.Jordan-PC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jordan.Jordan-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z650JITI\addons-tracker-v4[1].htm moved successfully.
C:\Users\Jordan.Jordan-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z650JITI\addons-v4[2].htm moved successfully.
C:\Users\Jordan.Jordan-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IPB79XE8\300x250iframeusa[4].htm moved successfully.

Registry entries deleted on Reboot...


OTL

OTL logfile created on: 3/14/2012 8:18:27 PM - Run 2
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Jordan.Jordan-PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.97 Gb Total Physical Memory | 6.44 Gb Available Physical Memory | 80.79% Memory free
15.93 Gb Paging File | 14.14 Gb Available in Paging File | 88.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 870.40 Gb Total Space | 392.70 Gb Free Space | 45.12% Space Free | Partition Type: NTFS
Drive E: | 48.83 Gb Total Space | 6.23 Gb Free Space | 12.75% Space Free | Partition Type: NTFS
Drive K: | 7.23 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JORDAN-PC | User Name: Jordan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/11 17:24:24 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Jordan.Jordan-PC\Desktop\OTL.exe
PRC - [2012/02/17 16:47:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/15 19:27:14 | 000,075,136 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/13 14:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 14:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/01/13 14:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/10/02 15:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 15:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/30 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/17 18:07:58 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/17 16:47:41 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/15 15:40:15 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012/02/14 16:08:08 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/02/14 16:07:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/14 16:07:49 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/02/14 16:07:39 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/14 16:07:34 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/14 16:07:33 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/02/14 16:07:25 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/14 16:07:21 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/14 16:07:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/14 16:07:17 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/11/01 09:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 09:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/14 05:22:07 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/01/13 14:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2011/01/13 14:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/01/13 14:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2011/01/13 14:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2011/01/13 14:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2011/01/13 14:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2011/01/13 14:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2011/01/13 14:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2011/01/13 14:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2011/01/13 14:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 18:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/17 17:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/29 17:49:35 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/11/15 19:27:14 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/12/24 01:55:04 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/24 01:49:14 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/02 15:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/09/30 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/26 13:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/28 22:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/09/07 23:19:59 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/06/15 04:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/05/17 17:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/17 16:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/08 03:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/02/26 19:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 09:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/10/16 07:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/10/02 16:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/16 07:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/17 23:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/09/01 00:31:44 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\Jordan.Jordan-PC\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2010/07/27 12:35:02 | 000,327,368 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 12:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {40CE7EAA-1ABB-4873-BA9E-538BFFD6D69A}
IE:64bit: - HKLM\..\SearchScopes\{40CE7EAA-1ABB-4873-BA9E-538BFFD6D69A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {C7C11DCF-C9C2-4677-8A00-911F0BD2EC27}
IE - HKLM\..\SearchScopes\{C7C11DCF-C9C2-4677-8A00-911F0BD2EC27}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2964945071-228226090-1184030744-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/23
IE - HKU\S-1-5-21-2964945071-228226090-1184030744-1000\..\SearchScopes,DefaultScope = {40CE7EAA-1ABB-4873-BA9E-538BFFD6D69A}
IE - HKU\S-1-5-21-2964945071-228226090-1184030744-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2964945071-228226090-1184030744-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/02 08:21:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/17 16:47:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/02 08:21:19 | 000,000,000 | ---D | M]

[2011/08/15 17:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\mozilla\Extensions
[2012/01/07 03:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\mozilla\Firefox\Profiles\ew1uhpm4.default\extensions
[2011/12/26 15:47:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\mozilla\Firefox\Profiles\ew1uhpm4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/01/05 20:23:25 | 000,000,000 | ---D | M] (English (Australian) Dictionary) -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\mozilla\Firefox\Profiles\ew1uhpm4.default\extensions\[email protected]
[2012/03/07 19:20:49 | 000,001,210 | ---- | M] () -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\ew1uhpm4.default\searchplugins\search.xml
[2011/08/15 17:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/02 08:21:20 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\JORDAN.JORDAN-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EW1UHPM4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JORDAN.JORDAN-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EW1UHPM4.DEFAULT\EXTENSIONS\[email protected]
[2012/02/17 16:47:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/11 08:25:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/11 08:25:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/14 20:08:45 | 000,000,098 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-2964945071-228226090-1184030744-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2964945071-228226090-1184030744-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Jordan.Jordan-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Jordan.Jordan-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2964945071-228226090-1184030744-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDB7D157-9446-4D5F-B147-AE42E1DF425A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F89F91CF-2CB4-4650-A9E9-A473E57EFC12}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/01 13:36:21 | 000,726,248 | R--- | M] (BioWare) - K:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/11/15 18:48:02 | 000,000,057 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2964945071-228226090-1184030744-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/14 20:08:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/14 10:13:49 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Malwarebytes
[2012/03/14 10:13:42 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2012/03/14 10:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/14 10:13:37 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/14 10:13:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/14 05:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2012/03/13 06:09:45 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mass Effect 2
[2012/03/13 05:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012/03/13 05:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/03/13 05:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect 2
[2012/03/11 17:24:21 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Jordan.Jordan-PC\Desktop\OTL.exe
[2012/03/10 17:12:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/09 12:34:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Motive
[2012/03/09 12:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2012/03/09 05:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/03/09 05:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/08 00:21:26 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\Desktop\Anti-Malware
[2012/03/07 23:50:38 | 000,000,000 | ---D | C] -- C:\2bf5cc9db56229ce132bcd61
[2012/03/07 23:49:45 | 000,000,000 | ---D | C] -- C:\a6c597d93b02a542f92d5f5044b35c
[2012/03/07 23:48:01 | 000,000,000 | ---D | C] -- C:\179984771dfc281042313e689b59cea0
[2012/03/07 20:01:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/07 19:35:17 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\Documents\BioWare
[2012/03/07 19:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2012/03/07 19:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect
[2012/03/07 19:34:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2012/03/07 19:27:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect
[2012/03/06 20:48:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/06 20:48:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/06 20:48:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/05 20:48:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/05 20:47:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/04 04:11:15 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/03/04 03:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/03/04 03:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/03/04 03:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/03/04 03:09:13 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\TestApp
[2012/03/04 01:19:54 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Google Inc
[2012/03/03 22:42:17 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Opera
[2012/03/03 22:09:16 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Sun
[2012/03/03 21:58:16 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Apple
[2012/03/03 21:47:16 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\TeamViewer
[2012/03/03 21:11:16 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Google
[2012/03/03 21:03:53 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Local\ElevatedDiagnostics
[2012/03/03 20:29:02 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Windows Search
[2012/03/03 20:16:02 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\ICQ
[2012/03/03 19:50:32 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Media Player Classic
[2012/03/03 19:45:32 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Dropbox
[2012/03/03 19:44:32 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Microsoft Corporation
[2012/03/02 08:26:45 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Local\DDMSettings
[2012/03/02 08:21:10 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\DivX
[2012/03/02 08:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/03/02 08:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/03/02 08:20:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012/03/02 08:14:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012/03/02 08:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/02/28 19:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CL-Eye Driver
[2012/02/28 19:47:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Code Laboratories
[2012/02/27 14:39:19 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\.worldoflogs
[2012/02/21 23:24:46 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Help

========== Files - Modified Within 30 Days ==========

[2012/03/14 20:19:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/03/14 20:16:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/14 20:16:15 | 2120,736,767 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/14 20:15:25 | 000,018,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 20:15:25 | 000,018,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 20:10:56 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/03/14 20:08:45 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/03/14 16:50:14 | 000,000,990 | ---- | M] () -- C:\Users\Jordan.Jordan-PC\Desktop\World of Warcraft.lnk
[2012/03/14 05:26:41 | 000,782,702 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/14 05:26:41 | 000,666,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/14 05:26:41 | 000,126,296 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/14 05:19:31 | 000,454,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/13 06:11:59 | 000,007,886 | ---- | M] () -- C:\Users\Jordan.Jordan-PC\Documents\MassEffectConfigReport2012-03-13.xml
[2012/03/13 06:09:46 | 000,001,205 | ---- | M] () -- C:\Users\Jordan.Jordan-PC\Desktop\Mass Effect 2.lnk
[2012/03/13 06:09:31 | 000,001,002 | ---- | M] () -- C:\Users\Jordan.Jordan-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mass Effect 2.lnk
[2012/03/11 17:24:24 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Jordan.Jordan-PC\Desktop\OTL.exe
[2012/03/09 05:56:35 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/09 05:56:26 | 000,788,104 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/08 08:12:42 | 000,001,439 | ---- | M] () -- C:\Users\Jordan.Jordan-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/08 07:22:52 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/08 07:22:52 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/07 19:38:29 | 000,001,654 | ---- | M] () -- C:\Users\Jordan.Jordan-PC\Desktop\Mass Effect.lnk
[2012/03/07 19:34:52 | 000,001,104 | ---- | M] () -- C:\Users\Jordan.Jordan-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mass Effect.lnk
[2012/02/28 19:48:04 | 000,001,248 | ---- | M] () -- C:\Users\Public\Desktop\CL-Eye Test.lnk
[2012/02/28 19:48:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2012/02/20 01:01:38 | 000,069,952 | ---- | M] () -- C:\Windows\SysNative\CLEyeDevices.dll

========== Files Created - No Company Name ==========

[2012/03/13 06:11:59 | 000,007,886 | ---- | C] () -- C:\Users\Jordan.Jordan-PC\Documents\MassEffectConfigReport2012-03-13.xml
[2012/03/13 06:09:46 | 000,001,205 | ---- | C] () -- C:\Users\Jordan.Jordan-PC\Desktop\Mass Effect 2.lnk
[2012/03/13 06:09:31 | 000,001,002 | ---- | C] () -- C:\Users\Jordan.Jordan-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mass Effect 2.lnk
[2012/03/09 05:56:20 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/08 07:22:52 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/08 07:22:52 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/07 19:38:29 | 000,001,654 | ---- | C] () -- C:\Users\Jordan.Jordan-PC\Desktop\Mass Effect.lnk
[2012/03/07 19:34:52 | 000,001,104 | ---- | C] () -- C:\Users\Jordan.Jordan-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mass Effect.lnk
[2012/03/06 20:48:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/06 20:48:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/06 20:48:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/05 20:48:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/05 20:48:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/03 19:34:08 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/02/28 19:48:04 | 000,001,248 | ---- | C] () -- C:\Users\Public\Desktop\CL-Eye Test.lnk
[2012/02/28 19:48:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2012/02/20 01:01:38 | 000,069,952 | ---- | C] () -- C:\Windows\SysNative\CLEyeDevices.dll
[2012/02/07 00:48:46 | 000,045,866 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/02/07 00:47:43 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/02/07 00:47:42 | 000,032,590 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/11/15 19:27:20 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/15 19:27:14 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/11/09 22:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/09 22:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/05 15:30:50 | 000,008,186 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/08/23 04:22:34 | 000,788,104 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/15 17:56:46 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/12/24 03:42:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/24 03:17:39 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/24 01:55:39 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/12/24 01:55:39 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/12/24 01:55:39 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010/12/24 01:55:39 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010/12/24 01:55:39 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini

========== LOP Check ==========

[2012/03/13 17:40:08 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Azureus
[2011/09/07 23:20:55 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\DAEMON Tools Lite
[2012/03/03 23:04:17 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Dropbox
[2012/01/07 04:40:06 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\DVDVideoSoft
[2012/03/03 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\ICQ
[2011/08/16 15:51:25 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\MotioninJoy
[2012/03/14 03:09:23 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Mumble
[2012/03/03 22:42:17 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Opera
[2011/08/27 09:06:57 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\PCDr
[2011/11/15 19:27:13 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\PunkBuster
[2011/09/07 22:09:04 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\SoftGrid Client
[2012/03/03 21:47:16 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\TeamViewer
[2012/03/04 03:09:13 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\TestApp
[2011/08/23 04:23:10 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\TP
[2012/03/03 20:29:02 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Windows Search
[2012/03/14 20:19:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/30 04:26:48 | 000,025,372 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/14 20:10:56 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Attached Files


  • 0

#18
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

How is your system running? What are your current symptoms?
  • 0

#19
Grayfox23

Grayfox23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Well I've been using it for the past day and I can't see any symptoms. Everything is running fine, I'm not seeing Internet Security 2012 popping up randomly, and Microsoft Security Essentials isn't detecting any threats. It all looks good, I can't thank you guys enough :happy: I really appreciate all the help!
  • 0

#20
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Your very welcome!!!
We now only have to do a sweep for any leftover malware.


Step 1

Posted Image
  • Run Malwarebytes' Anti-Malware.
  • Update Malwarebytes' Anti-Malware.
  • Once the program has updated, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 2

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
  • Click Scan. (This scan can take several hours, so please be patient).
  • Once the scan is completed, you may close the window.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Things I want to see in your next reply

  • MBAM Log
  • log.txt

  • 0

#21
Grayfox23

Grayfox23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.14.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jordan :: JORDAN-PC [administrator]

18/03/2012 11:38:15 AM
mbam-log-2012-03-18 (11-38-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218282
Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=680b35608a3ec147a209092c00dc2a05
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-18 04:50:20
# local_time=2012-03-18 12:50:20 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 16173322 83629179 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=189641
# found=1
# cleaned=1
# scan_time=3691
E:\Kaspersky Anti-Virus Personal 2011 11.0.2.556 Final Incl crack\Kaspersky.2011.Crack.v.1.53\Kaspersky 2011 Crack.exe Win32/HackTool.Kiser.ZV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

I couldn't get ESET to run in Internet Explorer, even with allowing Active X or whatever it is. Firefox worked just fine.
  • 0

#22
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello! :wave:
Congratultions your logs look clean! :thumbsup: :yeah: :woot:
Please follow the steps below to make your computer more secure.


First, re-enable any anti-virus/anti-malware programs we have disabled during the removal process!


Combofix Uninstall

Click START then RUN.
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Posted Image


Cleanup

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands
    [emptytemp]
    [CLEARALLRESTOREPOINTS] 
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator").
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, press the CLEANUP button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
Note: If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


Updates

Windows Update - This site is a Microsoft site that will scan your computer for any patches or updates that are missing from your computer. You should check this website regularly to keep windows up to date. This will ensure your computer has all of the latest security updates installed on your computer and is secure from any known security holes. Windows Updates are constantly being revised to combat the newest hacks and threats.
It is best if you have these set to download automatically.

How to turn on Automatic Updates:

  • Click on Start.
  • Right-click My Computer.
  • Select Properties.
  • Click on the Automatic Updates Tab.
  • Place a checkmark in the circle next to Automatic (recommended) near the green shield.
  • Click Apply > OK.

Posted Image
Adobe Reader - Your version of Adobe Reader is outdated. It's important to keep Adobe Reader updated because many security problems are fixed with updates.

How to check for Adobe Reader updates:

  • Open Adobe Reader.
  • On the menu bar click on Help then Check For Updates.
  • The program will then tell you if updates are available.

Make sure you have the latest Adobe Flash Player (11.1.102.63) and Adobe Shockwave Player (11.6.4.634) so you can view all of the latest content on websites.


Make Internet Explorer more secure

  • Click Start > Run.
  • Type Inetcpl.cpl & click OK.
  • Click on the Security tab.
  • Click Reset all zones to default level.
  • Make sure the Internet Zone is selected & Click Custom level.
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Recommended Programs

Make sure you update your security programs regularly so they know about new infections so they can protect your computer against them.
Here are a list of programs/tools that I like to recommend to users to reduce the risk of infection in the future:



Anti-Spyware Programs

MBAM - MalwareBytes Anti Malware is an excellent tool program to detect and get rid of malware. This program should be updated and run often.

SpywareBlaster - Prevents spyware from installing on your system and stops you from getting infected. It protects against bad ActiveX and immunizes your PC against them.

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. It offers realtime protection from spyware installation attempts.
Note: Make sure you are only running one real-time anti-spyware protection program (eg: TeaTimer, Windows Defender) or there will be a conflict.


Alternate Browsers

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. Hijackers like to attack Internet Explorer more than FireFox. If you are interested, Firefox may be downloaded from here.

Add-ons

NoScript - Blocks ads and other potential website attacks.

AdBlockPlus - Adblock Plus gets rid of ads and banners on the internet.

DrWeb Anti-Virus Link Checker - Allows you to check any file you are about to download, any page you are about to visit with online version of Dr.Web anti-virus.

Other browsers include:

Google Chrome
Safari
Opera


Other Programs

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go.
Yellow for caution.
Red to stop.
WOT has an addon available for both Firefox and IE.


ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.


IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It prevents Cookies etc from downloading, from these websites, onto your computer.


MVPS Hosts File replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.


FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Google Toolbar - Get the free google toolbar to help stop pop ups.


Finally...

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Please respond one last time so we can consider the thread resolved and close it, thank-you.
Good luck and stay safe!!! :thumbsup:
  • 0

#23
Grayfox23

Grayfox23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Okay everything is good to go. I can't thank you enough, I am extremely satisfied with all that you've done for me. I've taken a look at the programs you've suggested so hopefully I won't get infected to this degree again. Thanks a lot, you're the best!
  • 0

#24
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Your very welcome!!!
Your thanks is very much appreciated!!!
  • 0

#25
NeonFx

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP