Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't open any programs except photoshop not even OTL

Started by neataznyam , Mar 21 2012 10:25 PM

  • Please log in to reply

#1
neataznyam
Posted 21 March 2012 - 10:25 PM

neataznyam

    Member

  • Member
  • PipPipPip
  • 150 posts
I was watching family guy then the computer auto restarted and after that I couldn't open any programs, I tried a system restore and that didn't help, OTL won't even open.
  • 0

Advertisements

#2
neataznyam
Posted 24 March 2012 - 10:27 PM

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
well i got otl to work

OTL logfile created on: 1/1/2012 8:06:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\henry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.52 Gb Available Physical Memory | 81.55% Memory free
16.00 Gb Paging File | 14.59 Gb Available in Paging File | 91.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 285.94 Gb Free Space | 61.40% Space Free | Partition Type: NTFS
Drive D: | 379.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.45 Gb Total Space | 0.60 Gb Free Space | 8.06% Space Free | Partition Type: FAT32

Computer Name: BLACKMONSTER | User Name: henry | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/01 20:06:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\henry\Desktop\OTL.exe
PRC - [2011/12/21 13:39:15 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/02 05:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/08/15 05:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/07/21 13:59:08 | 001,101,960 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/21 13:39:15 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/12/14 00:49:09 | 006,276,768 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/25 18:00:58 | 000,204,288 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/26 13:06:56 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/05/04 09:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/15 08:13:06 | 000,127,272 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/07/15 08:13:02 | 005,414,184 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011/12/14 13:03:55 | 003,316,000 | ---- | M] () [Auto | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/09/02 05:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/10 14:13:41 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/04/18 03:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/25 19:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/25 17:21:58 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/21 13:59:08 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/06/06 14:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/19 00:27:01 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/07/28 23:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/05/15 03:11:48 | 001,327,520 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/04/16 08:33:36 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/17 10:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 10:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/24 21:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009/07/15 19:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/02/16 11:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/02/15 16:11:26 | 000,012,976 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2011/12/04 20:20:42 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2011/08/09 22:34:44 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2011/06/24 11:35:48 | 000,045,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\GunboundIS\Gun64.sys -- (Gun)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 5C D3 74 3D BA CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolba...={searchTerms}"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=WLEM&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://mp3tubetoolba...removelink2&q="

FF - user.js..keyword.URL: "http://mp3tubetoolba...removelink2&q="
FF - user.js..keyword.enabled: 1

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\ProgramData\Nexon\NGM\npNxGame.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\henry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/21 13:39:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/21 13:39:16 | 000,000,000 | ---D | M]

[2010/12/01 19:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\henry\AppData\Roaming\Mozilla\Extensions
[2011/12/31 15:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\n3y4pmk6.default\extensions
[2011/10/31 00:11:46 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\n3y4pmk6.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2011/08/02 14:33:20 | 000,002,176 | ---- | M] () -- C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\n3y4pmk6.default\searchplugins\bing.xml
[2011/01/19 00:26:59 | 000,002,059 | ---- | M] () -- C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\n3y4pmk6.default\searchplugins\daemon-search.xml
[2011/08/09 19:57:48 | 000,001,211 | ---- | M] () -- C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\n3y4pmk6.default\searchplugins\Mp3Tube.xml
[2011/12/31 15:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/03 02:12:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/07 23:01:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/08/24 01:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/12/24 09:51:15 | 000,000,884 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 94.63.240.127 www.google.com
O1 - Hosts: 94.63.240.128 www.bing.com
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.11.9.dll (BitComet)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [devicemob] C:\ProgramData\devicemob.exe File not found
O4 - HKLM..\Run: [dplaysvr] C:\Users\henry\AppData\Local\dplaysvr.exe File not found
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [xmlimig] C:\Users\henry\AppData\Roaming\xmlimig.exe File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\henry\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [devicemob] C:\ProgramData\devicemob.exe File not found
O4 - HKCU..\Run: [dplaysvr] C:\Users\henry\AppData\Local\dplaysvr.exe File not found
O4 - HKCU..\Run: [EPSON Stylus Photo 1400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBUA.EXE /FU "C:\Windows\TEMP\E_S6141.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [HydraVisionMDEngine] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe (AMD)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [xmlimig] C:\Users\henry\AppData\Roaming\xmlimig.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.11.9.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 76.14.0.8 76.14.0.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86E1ABD9-2324-4ED3-B82C-12BD956108CA}: DhcpNameServer = 76.14.0.8 76.14.0.9
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/11/25 06:05:10 | 000,000,046 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{43d62b6c-5fdc-11e0-a6de-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4c0dbbc3-2349-11e0-9f21-20cf30c8a524}\Shell - "" = AutoRun
O33 - MountPoints2\{4c0dbbc3-2349-11e0-9f21-20cf30c8a524}\Shell\AutoRun\command - "" = E:\INSTALL.EXE
O33 - MountPoints2\{946806a7-e96e-11df-bc27-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{946806a7-e96e-11df-bc27-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Install.exe -- [2009/05/11 13:57:48 | 000,509,414 | R--- | M] (Adobe Systems, Inc.)
O33 - MountPoints2\H\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/01 20:06:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\henry\Desktop\OTL.exe
[2012/01/01 19:57:09 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{D26DACB6-791E-4BDA-A2D2-F7E9D441689A}
[2012/01/01 19:51:04 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{3A7005B7-5564-4452-B23D-EE8A4910FAB2}
[2012/01/01 19:48:19 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{832160E0-C870-40BC-9CE3-E4504D59C94E}
[2012/01/01 18:16:35 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{B4E90E13-CB58-4833-BA00-311232726C53}
[2011/12/31 15:47:27 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{26535F0A-7E3B-4082-A0A7-C76A7828DB02}
[2011/12/31 15:47:16 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{6D4078B0-41B8-4301-9595-1B759BC10469}
[2011/12/31 15:44:13 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\PackageAware
[2011/12/31 15:44:02 | 002,374,968 | ---- | C] (iMesh Inc. ) -- C:\Users\henry\Desktop\iMeshV10.exe
[2011/12/31 15:44:02 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Users\henry\Desktop\WinsockxpFix.exe
[2011/12/31 15:38:01 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{2B42C1EE-B492-4F3A-8DFE-6A65BA6A990D}
[2011/12/31 15:34:34 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{FDE44FEB-CAA9-4294-AF5D-3780D0A0D798}
[2011/12/31 15:32:08 | 000,319,552 | ---- | C] (Softonic) -- C:\Users\henry\Desktop\SoftonicDownloader_for_winsockfix.exe
[2011/12/31 15:17:36 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{47200F5C-D338-4481-B619-8E4F36C10FAF}
[2011/12/31 13:53:31 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{ECA6E214-ED96-46C2-B390-BC19102B44D8}
[2011/12/31 13:42:46 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{73BBAFC3-FDCD-4DB8-9C53-A6D710F96A32}
[2011/12/30 15:31:17 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{5034D79C-9576-422B-BE53-AA9F93620F21}
[2011/12/30 15:31:06 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{8A8A835A-2798-47DE-A848-8DCE26E0C103}
[2011/12/30 15:28:36 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\henry\Desktop\TDSSKiller.exe
[2011/12/30 15:08:49 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{C8C4AEFB-281C-4EA6-8222-5FD9B8A4F0CD}
[2011/12/30 00:53:13 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{FE3EEA4C-4FB2-41AA-9524-1DD664A37163}
[2011/12/29 21:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2011/12/29 21:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/12/29 21:14:21 | 000,000,000 | ---D | C] -- C:\Users\henry\Desktop\Adobe CS3
[2011/12/29 16:40:11 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pen Tablet
[2011/12/29 12:52:51 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{2DB6B466-1462-42D4-B9E0-54F681DCA9DF}
[2011/12/29 12:52:40 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{40075942-3BC9-4733-B5CC-C9511CF812C5}
[2011/12/29 00:52:17 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{7A15578F-3F51-4269-A420-6767A4969F9D}
[2011/12/29 00:52:07 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{4CD87E7C-2190-4FCD-B1B3-DD336C3CE189}
[2011/12/28 12:51:37 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{9ED8AB7B-FA92-4785-986E-B28680F3C0F4}
[2011/12/28 12:51:26 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{0DF7718A-A21B-41CF-B0C1-9CCD100DECE6}
[2011/12/28 00:47:00 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{F28CB793-59B0-48B0-81A6-5A1918204D78}
[2011/12/28 00:46:49 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{52CB640D-A152-4B92-A83B-F5E11750DEC8}
[2011/12/27 12:46:25 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{EB3A7215-1F9F-4603-9B21-1678C9E2CB18}
[2011/12/27 12:46:15 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{5D218EAD-FF7F-458B-8FE4-BFE45F674F72}
[2011/12/27 00:45:50 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{2B07EB49-0A73-45DE-885F-7C0094DB3DBE}
[2011/12/27 00:45:39 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{FA8A7C94-7EA0-4BAB-B34C-C41313ABAB98}
[2011/12/26 12:45:13 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{E48F0A2C-53EF-4C18-9616-812C58E7BBC5}
[2011/12/26 12:45:02 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{7581E001-7025-4490-BB1D-7B97D7D00CE5}
[2011/12/25 12:15:05 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{A122BD91-8755-42AC-8CBF-F25FA925287C}
[2011/12/25 12:14:55 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{75DDC04A-EBF1-43F4-86E3-0317EA583F1F}
[2011/12/24 13:41:50 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{5817DC05-71FA-422E-8722-1104BB207C54}
[2011/12/24 13:41:39 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{5E20348F-431C-4A97-A78F-0A402D20D2F6}
[2011/12/24 01:41:16 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{9CDDD22A-8E25-4480-AEB6-E1FC396D99F4}
[2011/12/23 13:40:53 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{363292E8-4A51-46B7-BADA-5ECF8506A031}
[2011/12/23 13:40:42 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{D193E99B-080F-44BB-A7CB-895E76832EFA}
[2011/12/23 01:40:17 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{6277E96D-1741-4F4B-8622-7A510DD5CB69}
[2011/12/23 01:40:07 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{07880716-774F-49EA-A436-9ACF01DFF2F5}
[2011/12/22 13:39:42 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{908651CC-1FB5-414A-9C8E-4B9306E00B11}
[2011/12/22 13:39:31 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{D883FA1D-54A8-44B6-AC8C-704237DA4B71}
[2011/12/22 01:39:06 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{F1398A05-3DA2-4563-834C-DDB964819810}
[2011/12/22 01:38:56 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{9A7EF9BC-5849-401D-B71C-F01E1C2C2052}
[2011/12/21 13:38:28 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{2AE15F43-C4B2-4BC2-96A4-4C0A23635289}
[2011/12/21 13:38:18 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{2266409A-B9EC-4349-AC7D-1425ACA2EE05}
[2011/12/20 20:50:06 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{592283AA-94BD-4354-883B-991DCD094E1D}
[2011/12/20 20:49:48 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{207785CE-875F-45B8-BC1D-61EA4A1CD8F4}
[2011/12/20 03:12:50 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{3C055FD7-025B-4903-AF0B-5F0D8356B17F}
[2011/12/20 03:12:39 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{CE87F2FE-7BC2-4B20-9999-C03D2D9CCAA1}
[2011/12/19 15:12:10 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{FDCFBB7E-900F-4BE1-BF50-B15598EFFCF3}
[2011/12/19 15:11:59 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{09C18E8B-C83C-4397-82B6-1A92E602F5BC}
[2011/12/19 03:11:32 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{5B5D4CA6-D21D-425A-9552-A0FD46B530FF}
[2011/12/18 19:07:10 | 000,000,000 | ---D | C] -- C:\Users\henry\Desktop\sky
[2011/12/18 15:11:08 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{AA06EC78-5E75-489A-B330-1B36B50F9300}
[2011/12/18 15:10:55 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{009ED1FE-9C2B-47F8-BAD2-0A2F8A1D9E55}
[2011/12/17 23:46:08 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{719C039C-EFA3-471B-846F-A22FE7C323C1}
[2011/12/17 11:45:44 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{7C1597E4-E4C6-4C16-856E-878636408B48}
[2011/12/16 23:45:21 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{092258A0-1078-4B21-8BE7-447D81E1D9AB}
[2011/12/16 20:12:19 | 000,000,000 | ---D | C] -- C:\Users\henry\Desktop\real final
[2011/12/16 11:44:51 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{98CC8151-0DAC-460B-BBE0-13B30B16B661}
[2011/12/16 11:44:39 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{01EC0B33-459F-4646-AF81-AFE756E16150}
[2011/12/15 22:35:10 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{CBCB74BD-DCC8-48BA-838D-53B2B0A57890}
[2011/12/15 22:34:58 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{3029ACA3-07B8-4DEB-A2D7-D17F7DDE0467}
[2011/12/15 04:34:05 | 000,000,000 | ---D | C] -- C:\Users\henry\Desktop\adv perspective
[2011/12/14 13:44:27 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{0AD35C7E-D27F-49AB-B5C7-53E8532CB596}
[2011/12/14 13:44:17 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{E609AE6B-2401-4D80-9196-3B96B5838434}
[2011/12/14 01:43:51 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{FA33F81C-6518-448E-896E-8BD429E4227E}
[2011/12/13 13:43:29 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{77FFCAEE-4ED9-4799-A603-78B684351510}
[2011/12/13 13:43:18 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{9FD0DEA6-1D78-40EF-A02A-70BEB2271875}
[2011/12/13 01:42:55 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{8EDF21E2-0CE5-40E4-9AE5-7EC16355E006}
[2011/12/12 22:13:28 | 000,000,000 | ---D | C] -- C:\Users\henry\Desktop\close up
[2011/12/12 13:42:33 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{AB36BA6F-D459-4434-B6F0-22F3002851DF}
[2011/12/12 13:42:23 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{35773C31-A7FF-4A78-8999-27A2F71AF54F}
[2011/12/12 01:41:56 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{56B69E78-5CA9-4834-94E9-A8E737579CBB}
[2011/12/11 13:41:24 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{821CFA0E-8F7F-4A4C-947A-401F20CA14B3}
[2011/12/11 13:41:10 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{083E85B5-0D22-4DBF-892E-702418BCCE0E}
[2011/12/10 18:14:06 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{80358041-186B-4455-9D28-57F4CAB43F7F}
[2011/12/10 18:13:54 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{D9BEB169-6B38-483E-B5DE-144BAD12E266}
[2011/12/10 00:58:39 | 000,000,000 | ---D | C] -- C:\Users\henry\Desktop\final final
[2011/12/09 18:50:08 | 005,429,372 | ---- | C] (Phyxion.net ) -- C:\Users\henry\Desktop\DriverSweeper_3.2.0.exe
[2011/12/09 18:47:06 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{C2662384-F1B3-4930-B69D-39073725F774}
[2011/12/09 18:46:45 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{A5092359-AA54-4001-B31C-C006D72A4C09}
[2011/12/09 18:35:10 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\ElevatedDiagnostics
[2011/12/09 18:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/12/09 18:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/12/09 17:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phyxion.net
[2011/12/09 17:58:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2011/12/09 17:58:20 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Roaming\OpenCandy
[2011/12/09 13:35:09 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{75F8D8E9-1C09-43CC-A6A4-949583E71CFE}
[2011/12/09 13:34:59 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{3F9132FB-B1E1-4992-944C-DDA6B95E0E0B}
[2011/12/09 01:34:34 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{FCAA89E8-6A25-46E8-8861-16E06B91D3FA}
[2011/12/09 01:34:23 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{92315A5E-2E4D-418F-9CB2-FA359158F3B0}
[2011/12/08 13:33:58 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{56287DB6-D1F4-4B1B-A1B6-E22682F11C69}
[2011/12/08 13:33:47 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{7071E995-E611-47EF-B556-0C04942A92B5}
[2011/12/08 01:33:22 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{0489198A-80C4-460E-8FBB-9C6B957EA1BA}
[2011/12/08 01:33:11 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{71328691-35AE-4FF3-A94B-D11409F10281}
[2011/12/07 13:32:44 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{87D17429-4A58-4009-A4F5-188980C04786}
[2011/12/07 13:32:34 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{7118D9B9-3898-40D5-B0D5-1C6F43454A3A}
[2011/12/07 01:32:09 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{57272337-0AB5-4F46-B038-ABCCBB009CB3}
[2011/12/07 01:31:58 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{0DD294BC-CB4B-497F-AB23-740B7A1380A4}
[2011/12/06 13:31:27 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{BFD9C67E-C66B-4B32-A025-DDA085DC5095}
[2011/12/06 13:31:12 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{1D9327E4-CEE1-4260-933C-EB7DB4D22327}
[2011/12/06 01:00:54 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{DB37C01C-306B-470A-9659-58F84C28F005}
[2011/12/06 01:00:41 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{FE45E2EE-B397-47D6-8814-0484131C4149}
[2011/12/05 13:00:14 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{C870E4F5-8398-45B7-B325-A73D2DA54C0A}
[2011/12/05 13:00:00 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{91124501-8162-4AA7-9D69-07DFF600650B}
[2011/12/05 12:52:10 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{39B204BD-9125-4F53-9591-5053DA82CDDD}
[2011/12/04 20:20:42 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2011/12/04 20:20:42 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\eSupport.com
[2011/12/04 20:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
[2011/12/04 20:16:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverTuner
[2011/12/04 20:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/12/04 19:26:04 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{67F4D077-F265-4E56-9C78-DD11A04A17E3}
[2011/12/04 19:25:53 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{4B90CF47-4198-4D69-A5B8-CEC2B38BEF59}
[2011/12/04 00:02:03 | 000,000,000 | ---D | C] -- C:\Users\henry\Desktop\adv perpectve
[2011/12/03 23:18:50 | 000,000,000 | ---D | C] -- C:\AMD
[2011/12/03 20:39:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/12/03 19:42:41 | 000,792,704 | ---- | C] (AMD) -- C:\Users\henry\Desktop\amddriverdownloader.exe
[2011/12/03 19:10:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/12/03 19:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Problem Report Wizard
[2011/12/03 19:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/12/03 19:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/12/03 19:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/12/03 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{06CF5469-18FD-4654-B2E5-66F1DED01577}
[2011/12/03 18:19:22 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{0FD64352-26D2-451C-8AEE-18C3EBE185DC}
[2011/12/03 01:25:48 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{DCA77C36-9341-411C-B331-EEADD2A28851}
[2009/11/19 21:08:02 | 003,749,224 | ---- | C] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\adlmint_libFNP.dll
[2009/11/19 21:08:02 | 002,941,288 | ---- | C] (Autodesk, Inc.) -- C:\Program Files (x86)\Common Files\adlmint.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/01 20:08:13 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/01/01 20:06:38 | 000,780,156 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/01 20:06:38 | 000,660,732 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/01 20:06:38 | 000,121,402 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/01 20:06:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\henry\Desktop\OTL.exe
[2012/01/01 20:02:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/01 20:02:06 | 2146,873,343 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/01 20:01:22 | 000,016,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/01 20:01:22 | 000,016,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/01 03:22:48 | 000,319,552 | ---- | M] (Softonic) -- C:\Users\henry\Desktop\SoftonicDownloader_for_winsockfix.exe
[2011/12/31 20:04:06 | 000,773,880 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/31 15:44:44 | 000,000,145 | ---- | M] () -- C:\Users\henry\Desktop\Continue iMesh installation.url
[2011/12/31 15:44:10 | 002,374,968 | ---- | M] (iMesh Inc. ) -- C:\Users\henry\Desktop\iMeshV10.exe
[2011/12/31 15:44:06 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Users\henry\Desktop\WinsockxpFix.exe
[2011/12/30 23:34:32 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/12/30 23:34:32 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/12/30 15:28:21 | 001,558,406 | ---- | M] () -- C:\Users\henry\Desktop\tdsskiller.zip
[2011/12/29 03:22:45 | 000,029,989 | ---- | M] () -- C:\Users\henry\Desktop\32110_445388931123_692166123_5882715_6949756_n.jpg
[2011/12/29 01:54:30 | 003,869,000 | ---- | M] () -- C:\Users\henry\Desktop\raz.jpg
[2011/12/28 13:07:21 | 001,916,843 | ---- | M] () -- C:\Users\henry\Desktop\imahes.jpg
[2011/12/25 18:59:43 | 000,010,752 | ---- | M] () -- C:\Users\henry\Desktop\exefix_xp.com
[2011/12/25 17:58:19 | 000,000,242 | ---- | M] () -- C:\Windows\wininit.ini
[2011/12/24 13:20:42 | 000,183,544 | ---- | M] () -- C:\Users\henry\Desktop\ryu.jpg
[2011/12/24 12:44:23 | 000,112,857 | ---- | M] () -- C:\Users\henry\Desktop\SFXT-Box-Art-Reveal.jpg
[2011/12/24 09:51:18 | 000,033,280 | -HS- | M] () -- C:\Users\henry\AppData\Local\dplayx.dll
[2011/12/24 02:24:45 | 000,265,382 | ---- | M] () -- C:\Users\henry\Desktop\Untitled-1.jpg
[2011/12/23 14:52:26 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\henry\Desktop\TDSSKiller.exe
[2011/12/22 13:16:54 | 000,054,110 | ---- | M] () -- C:\Users\henry\Desktop\Tekken_6_BR_Nina.jpg
[2011/12/18 03:52:27 | 003,735,257 | ---- | M] () -- C:\Users\henry\Desktop\Henry_Ong_Resume_kabam.pdf
[2011/12/18 01:01:34 | 013,748,889 | ---- | M] () -- C:\Users\henry\Desktop\1_-_More_Revealing_Redesigns-759-1-2.zip
[2011/12/18 01:00:21 | 017,089,678 | ---- | M] () -- C:\Users\henry\Desktop\4_-_Amazing_Nocturnal_Robes_Pack-759-1-2.zip
[2011/12/18 00:15:05 | 000,836,939 | ---- | M] () -- C:\Users\henry\Desktop\Fire_Dog-3487-1.rar
[2011/12/17 23:21:05 | 000,000,648 | ---- | M] () -- C:\Users\henry\Desktop\Hroki_Wife_Companion-3983--8.rar
[2011/12/17 22:54:51 | 000,475,538 | ---- | M] () -- C:\Users\henry\Desktop\SkyrimDance-2658-1.7z
[2011/12/17 22:54:17 | 000,155,848 | ---- | M] () -- C:\Users\henry\Desktop\DragonBorn_Shuffle-2658-1.7z
[2011/12/17 17:07:55 | 000,907,073 | ---- | M] () -- C:\Users\henry\Desktop\IMG_2836.JPG
[2011/12/17 17:07:53 | 001,008,311 | ---- | M] () -- C:\Users\henry\Desktop\IMG_2841.JPG
[2011/12/17 17:07:53 | 000,866,135 | ---- | M] () -- C:\Users\henry\Desktop\IMG_2839.JPG
[2011/12/17 17:07:53 | 000,820,874 | ---- | M] () -- C:\Users\henry\Desktop\IMG_2840.JPG
[2011/12/17 17:07:47 | 000,953,069 | ---- | M] () -- C:\Users\henry\Desktop\IMG_2838.JPG
[2011/12/17 07:58:52 | 009,330,207 | ---- | M] () -- C:\Users\henry\Desktop\page 1.jpg
[2011/12/17 06:59:42 | 259,862,759 | ---- | M] () -- C:\Users\henry\Desktop\page2.psd
[2011/12/17 04:40:49 | 400,328,363 | ---- | M] () -- C:\Users\henry\Desktop\page 1.psd
[2011/12/16 22:12:51 | 000,912,809 | ---- | M] () -- C:\Users\henry\Desktop\number 16.jpg
[2011/12/14 13:03:19 | 004,836,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/12 04:22:18 | 038,855,475 | ---- | M] () -- C:\Users\henry\Desktop\new guy.psd
[2011/12/11 15:37:38 | 000,095,484 | ---- | M] () -- C:\Users\henry\Desktop\painted-stucco-texture-600x400.jpg
[2011/12/11 15:37:16 | 000,000,000 | ---- | M] () -- C:\Users\henry\Desktop\Rough_Stucco_Texture_by_GrungeTextures.jpg
[2011/12/11 13:38:36 | 334,445,123 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/09 18:50:11 | 005,429,372 | ---- | M] (Phyxion.net ) -- C:\Users\henry\Desktop\DriverSweeper_3.2.0.exe
[2011/12/08 02:36:11 | 020,873,251 | ---- | M] () -- C:\Users\henry\Desktop\thumb2-1.psd
[2011/12/04 20:20:42 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2011/12/03 19:42:42 | 000,792,704 | ---- | M] (AMD) -- C:\Users\henry\Desktop\amddriverdownloader.exe
[2011/12/03 03:03:30 | 064,368,378 | ---- | M] () -- C:\Users\henry\Desktop\final 1.psd
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/01 19:52:44 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/12/31 15:44:44 | 000,000,145 | ---- | C] () -- C:\Users\henry\Desktop\Continue iMesh installation.url
[2011/12/30 15:28:17 | 001,558,406 | ---- | C] () -- C:\Users\henry\Desktop\tdsskiller.zip
[2011/12/29 21:21:13 | 000,001,580 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS3.lnk
[2011/12/29 03:22:45 | 000,029,989 | ---- | C] () -- C:\Users\henry\Desktop\32110_445388931123_692166123_5882715_6949756_n.jpg
[2011/12/29 01:54:28 | 003,869,000 | ---- | C] () -- C:\Users\henry\Desktop\raz.jpg
[2011/12/28 13:07:19 | 001,916,843 | ---- | C] () -- C:\Users\henry\Desktop\imahes.jpg
[2011/12/25 18:59:42 | 000,010,752 | ---- | C] () -- C:\Users\henry\Desktop\exefix_xp.com
[2011/12/25 17:58:18 | 000,000,242 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/24 12:44:23 | 000,112,857 | ---- | C] () -- C:\Users\henry\Desktop\SFXT-Box-Art-Reveal.jpg
[2011/12/24 11:12:24 | 000,033,280 | -HS- | C] () -- C:\Users\henry\AppData\Local\dplayx.dll
[2011/12/24 02:24:43 | 000,265,382 | ---- | C] () -- C:\Users\henry\Desktop\Untitled-1.jpg
[2011/12/22 13:16:54 | 000,054,110 | ---- | C] () -- C:\Users\henry\Desktop\Tekken_6_BR_Nina.jpg
[2011/12/21 02:11:54 | 000,183,544 | ---- | C] () -- C:\Users\henry\Desktop\ryu.jpg
[2011/12/18 03:52:18 | 003,735,257 | ---- | C] () -- C:\Users\henry\Desktop\Henry_Ong_Resume_kabam.pdf
[2011/12/18 01:01:14 | 013,748,889 | ---- | C] () -- C:\Users\henry\Desktop\1_-_More_Revealing_Redesigns-759-1-2.zip
[2011/12/18 00:59:53 | 017,089,678 | ---- | C] () -- C:\Users\henry\Desktop\4_-_Amazing_Nocturnal_Robes_Pack-759-1-2.zip
[2011/12/18 00:15:05 | 000,836,939 | ---- | C] () -- C:\Users\henry\Desktop\Fire_Dog-3487-1.rar
[2011/12/17 23:21:05 | 000,000,648 | ---- | C] () -- C:\Users\henry\Desktop\Hroki_Wife_Companion-3983--8.rar
[2011/12/17 22:54:50 | 000,475,538 | ---- | C] () -- C:\Users\henry\Desktop\SkyrimDance-2658-1.7z
[2011/12/17 22:54:15 | 000,155,848 | ---- | C] () -- C:\Users\henry\Desktop\DragonBorn_Shuffle-2658-1.7z
[2011/12/17 17:07:55 | 000,907,073 | ---- | C] () -- C:\Users\henry\Desktop\IMG_2836.JPG
[2011/12/17 17:07:53 | 001,008,311 | ---- | C] () -- C:\Users\henry\Desktop\IMG_2841.JPG
[2011/12/17 17:07:53 | 000,866,135 | ---- | C] () -- C:\Users\henry\Desktop\IMG_2839.JPG
[2011/12/17 17:07:53 | 000,820,874 | ---- | C] () -- C:\Users\henry\Desktop\IMG_2840.JPG
[2011/12/17 17:07:47 | 000,953,069 | ---- | C] () -- C:\Users\henry\Desktop\IMG_2838.JPG
[2011/12/17 07:58:41 | 009,330,207 | ---- | C] () -- C:\Users\henry\Desktop\page 1.jpg
[2011/12/17 05:49:48 | 259,862,759 | ---- | C] () -- C:\Users\henry\Desktop\page2.psd
[2011/12/17 04:34:12 | 400,328,363 | ---- | C] () -- C:\Users\henry\Desktop\page 1.psd
[2011/12/14 04:17:14 | 000,912,809 | ---- | C] () -- C:\Users\henry\Desktop\number 16.jpg
[2011/12/11 21:35:42 | 038,855,475 | ---- | C] () -- C:\Users\henry\Desktop\new guy.psd
[2011/12/11 15:37:38 | 000,095,484 | ---- | C] () -- C:\Users\henry\Desktop\painted-stucco-texture-600x400.jpg
[2011/12/11 15:37:16 | 000,000,000 | ---- | C] () -- C:\Users\henry\Desktop\Rough_Stucco_Texture_by_GrungeTextures.jpg
[2011/12/03 19:22:35 | 334,445,123 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/03 03:03:29 | 064,368,378 | ---- | C] () -- C:\Users\henry\Desktop\final 1.psd
[2011/10/25 21:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/25 17:38:38 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/10/25 17:38:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/12 14:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/03 21:33:50 | 000,110,592 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/08/12 22:33:35 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/08/12 22:33:35 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/05/24 22:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/04/02 17:09:32 | 000,000,026 | ---- | C] () -- C:\ProgramData\DigiCel.ini
[2011/04/01 23:00:54 | 000,000,246 | ---- | C] () -- C:\Windows\kaillera.ini
[2011/03/21 21:47:31 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/02/08 11:41:57 | 000,773,880 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/04 13:13:46 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/12/04 13:13:46 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/12/04 13:13:46 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/12/04 13:13:46 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/12/04 13:13:46 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/12/04 13:13:46 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/12/04 13:13:46 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/12/04 13:13:46 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/12/04 13:13:46 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/12/04 13:13:46 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/12/04 13:13:46 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/12/04 13:13:46 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/12/04 13:13:46 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/12/04 13:13:46 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/12/04 13:13:46 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/12/04 13:13:46 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/12/04 13:12:12 | 000,000,083 | ---- | C] () -- C:\Windows\EPSP1400.ini
[2010/12/01 19:17:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/04 22:12:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/10/04 21:57:51 | 000,031,042 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/10/04 21:57:06 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2010/10/04 21:56:04 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/10/04 21:55:58 | 000,023,465 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 17:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 04:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2010/12/01 19:18:36 | 000,000,000 | ---D | M] -- C:\Users\henry\AppData\Roaming\acccore
[2011/01/10 14:30:02 | 000,000,000 | ---D | M] -- C:\Users\henry\AppData\Roaming\Autodesk
[2011/12/30 03:13:47 | 000,000,000 | ---D | M] -- C:\Users\henry\AppData\Roaming\BitComet
[2011/06/13 23:28:02 | 000,000,000 | ---D | M] -- C:\Users\henry\AppData\Roaming\com.doubleperfect.ggpo
[2011/01/19 00:33:54 | 000,000,000 | ---D | M] -- C:\Users\henry\AppData\Roaming\DAEMON Tools Lite
[2011/04/02 17:09:32 | 000,000,000 | ---D | M] -- C:\Users\henry\AppData\Roaming\DigiCel
[2010/12/04 13:16:35 | 000,000,000 | ---D | M] -- C:\Users\henry\AppData\Roaming\Leadertech
[2011/03/14 12:28:11 | 000,000,000 | ---D | M] -- C:\Users\henry\AppData\Roaming\LolClient
[2011/12/09 17:58:23 | 000,000,000 | ---D | M] -- C:\Users\henry\AppData\Roaming\OpenCandy
[2010/12/16 12:37:11 | 000,000,000 | ---D | M] -- C:\Users\henry\AppData\Roaming\Opera
[2011/01/30 01:09:19 | 000,000,000 | ---D | M] -- C:\Users\henry\AppData\Roaming\Sega
[2011/03/14 00:17:15 | 000,000,000 | ---D | M] -- C:\Users\henry\AppData\Roaming\Smith Micro
[2011/12/22 03:42:29 | 000,000,000 | ---D | M] -- C:\Users\henry\AppData\Roaming\SoftGrid Client
[2010/12/10 23:45:35 | 000,000,000 | ---D | M] -- C:\Users\henry\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/02/10 02:14:26 | 000,000,000 | ---D | M] -- C:\Users\henry\AppData\Roaming\Supercade
[2011/02/08 11:42:40 | 000,000,000 | ---D | M] -- C:\Users\henry\AppData\Roaming\TP
[2010/12/22 21:07:07 | 000,000,000 | ---D | M] -- C:\Users\henry\AppData\Roaming\WindSolutions
[2011/06/01 13:42:12 | 000,000,000 | ---D | M] -- C:\Users\henry\AppData\Roaming\WTouch
[2012/01/01 20:08:13 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/12/03 20:29:36 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#3
maliprog
Posted 28 March 2012 - 02:35 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello neataznyam and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

We need to disable malware processes on your system first
  • Download TheKiller to your Desktop
  • Double click to run it
  • Press OK button after program finish
  • Do not restart your system after this step
NOTE: If malware blocks TheKiller from running please try to run it several more times

Step 2

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [devicemob] C:\ProgramData\devicemob.exe File not found
    O4 - HKLM..\Run: [dplaysvr] C:\Users\henry\AppData\Local\dplaysvr.exe File not found
    O4 - HKLM..\Run: [xmlimig] C:\Users\henry\AppData\Roaming\xmlimig.exe File not found
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O4 - HKCU..\Run: [devicemob] C:\ProgramData\devicemob.exe File not found
    O4 - HKCU..\Run: [dplaysvr] C:\Users\henry\AppData\Local\dplaysvr.exe File not found
    O33 - MountPoints2\{43d62b6c-5fdc-11e0-a6de-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{4c0dbbc3-2349-11e0-9f21-20cf30c8a524}\Shell - "" = AutoRun
    O33 - MountPoints2\{4c0dbbc3-2349-11e0-9f21-20cf30c8a524}\Shell\AutoRun\command - "" = E:\INSTALL.EXE
    O33 - MountPoints2\{946806a7-e96e-11df-bc27-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{946806a7-e96e-11df-bc27-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Install.exe -- [2009/05/11 13:57:48 | 000,509,414 | R--- | M] (Adobe Systems, Inc.)
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
    [2012/01/01 19:57:09 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{D26DACB6-791E-4BDA-A2D2-F7E9D441689A}
    [2012/01/01 19:51:04 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{3A7005B7-5564-4452-B23D-EE8A4910FAB2}
    [2012/01/01 19:48:19 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{832160E0-C870-40BC-9CE3-E4504D59C94E}
    [2012/01/01 18:16:35 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{B4E90E13-CB58-4833-BA00-311232726C53}
    [2011/12/31 15:47:27 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{26535F0A-7E3B-4082-A0A7-C76A7828DB02}
    [2011/12/31 15:47:16 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{6D4078B0-41B8-4301-9595-1B759BC10469}
    [2011/12/31 15:38:01 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{2B42C1EE-B492-4F3A-8DFE-6A65BA6A990D}
    [2011/12/31 15:34:34 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{FDE44FEB-CAA9-4294-AF5D-3780D0A0D798}
    [2011/12/31 15:17:36 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{47200F5C-D338-4481-B619-8E4F36C10FAF}
    [2011/12/31 13:53:31 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{ECA6E214-ED96-46C2-B390-BC19102B44D8}
    [2011/12/31 13:42:46 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{73BBAFC3-FDCD-4DB8-9C53-A6D710F96A32}
    [2011/12/30 15:31:17 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{5034D79C-9576-422B-BE53-AA9F93620F21}
    [2011/12/30 15:31:06 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{8A8A835A-2798-47DE-A848-8DCE26E0C103}
    [2011/12/30 15:08:49 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{C8C4AEFB-281C-4EA6-8222-5FD9B8A4F0CD}
    [2011/12/30 00:53:13 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{FE3EEA4C-4FB2-41AA-9524-1DD664A37163}
    [2011/12/29 12:52:51 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{2DB6B466-1462-42D4-B9E0-54F681DCA9DF}
    [2011/12/29 12:52:40 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{40075942-3BC9-4733-B5CC-C9511CF812C5}
    [2011/12/29 00:52:17 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{7A15578F-3F51-4269-A420-6767A4969F9D}
    [2011/12/29 00:52:07 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{4CD87E7C-2190-4FCD-B1B3-DD336C3CE189}
    [2011/12/28 12:51:37 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{9ED8AB7B-FA92-4785-986E-B28680F3C0F4}
    [2011/12/28 12:51:26 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{0DF7718A-A21B-41CF-B0C1-9CCD100DECE6}
    [2011/12/28 00:47:00 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{F28CB793-59B0-48B0-81A6-5A1918204D78}
    [2011/12/28 00:46:49 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{52CB640D-A152-4B92-A83B-F5E11750DEC8}
    [2011/12/27 12:46:25 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{EB3A7215-1F9F-4603-9B21-1678C9E2CB18}
    [2011/12/27 12:46:15 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{5D218EAD-FF7F-458B-8FE4-BFE45F674F72}
    [2011/12/27 00:45:50 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{2B07EB49-0A73-45DE-885F-7C0094DB3DBE}
    [2011/12/27 00:45:39 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{FA8A7C94-7EA0-4BAB-B34C-C41313ABAB98}
    [2011/12/26 12:45:13 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{E48F0A2C-53EF-4C18-9616-812C58E7BBC5}
    [2011/12/26 12:45:02 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{7581E001-7025-4490-BB1D-7B97D7D00CE5}
    [2011/12/25 12:15:05 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{A122BD91-8755-42AC-8CBF-F25FA925287C}
    [2011/12/25 12:14:55 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{75DDC04A-EBF1-43F4-86E3-0317EA583F1F}
    [2011/12/24 13:41:50 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{5817DC05-71FA-422E-8722-1104BB207C54}
    [2011/12/24 13:41:39 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{5E20348F-431C-4A97-A78F-0A402D20D2F6}
    [2011/12/24 01:41:16 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{9CDDD22A-8E25-4480-AEB6-E1FC396D99F4}
    [2011/12/23 13:40:53 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{363292E8-4A51-46B7-BADA-5ECF8506A031}
    [2011/12/23 13:40:42 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{D193E99B-080F-44BB-A7CB-895E76832EFA}
    [2011/12/23 01:40:17 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{6277E96D-1741-4F4B-8622-7A510DD5CB69}
    [2011/12/23 01:40:07 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{07880716-774F-49EA-A436-9ACF01DFF2F5}
    [2011/12/22 13:39:42 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{908651CC-1FB5-414A-9C8E-4B9306E00B11}
    [2011/12/22 13:39:31 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{D883FA1D-54A8-44B6-AC8C-704237DA4B71}
    [2011/12/22 01:39:06 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{F1398A05-3DA2-4563-834C-DDB964819810}
    [2011/12/22 01:38:56 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{9A7EF9BC-5849-401D-B71C-F01E1C2C2052}
    [2011/12/21 13:38:28 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{2AE15F43-C4B2-4BC2-96A4-4C0A23635289}
    [2011/12/21 13:38:18 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{2266409A-B9EC-4349-AC7D-1425ACA2EE05}
    [2011/12/20 20:50:06 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{592283AA-94BD-4354-883B-991DCD094E1D}
    [2011/12/20 20:49:48 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{207785CE-875F-45B8-BC1D-61EA4A1CD8F4}
    [2011/12/20 03:12:50 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{3C055FD7-025B-4903-AF0B-5F0D8356B17F}
    [2011/12/20 03:12:39 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{CE87F2FE-7BC2-4B20-9999-C03D2D9CCAA1}
    [2011/12/19 15:12:10 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{FDCFBB7E-900F-4BE1-BF50-B15598EFFCF3}
    [2011/12/19 15:11:59 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{09C18E8B-C83C-4397-82B6-1A92E602F5BC}
    [2011/12/19 03:11:32 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{5B5D4CA6-D21D-425A-9552-A0FD46B530FF}
    [2011/12/18 15:11:08 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{AA06EC78-5E75-489A-B330-1B36B50F9300}
    [2011/12/18 15:10:55 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{009ED1FE-9C2B-47F8-BAD2-0A2F8A1D9E55}
    [2011/12/17 23:46:08 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{719C039C-EFA3-471B-846F-A22FE7C323C1}
    [2011/12/17 11:45:44 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{7C1597E4-E4C6-4C16-856E-878636408B48}
    [2011/12/16 23:45:21 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{092258A0-1078-4B21-8BE7-447D81E1D9AB}
    [2011/12/16 11:44:51 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{98CC8151-0DAC-460B-BBE0-13B30B16B661}
    [2011/12/16 11:44:39 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{01EC0B33-459F-4646-AF81-AFE756E16150}
    [2011/12/15 22:35:10 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{CBCB74BD-DCC8-48BA-838D-53B2B0A57890}
    [2011/12/15 22:34:58 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{3029ACA3-07B8-4DEB-A2D7-D17F7DDE0467}
    [2011/12/14 13:44:27 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{0AD35C7E-D27F-49AB-B5C7-53E8532CB596}
    [2011/12/14 13:44:17 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{E609AE6B-2401-4D80-9196-3B96B5838434}
    [2011/12/14 01:43:51 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{FA33F81C-6518-448E-896E-8BD429E4227E}
    [2011/12/13 13:43:29 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{77FFCAEE-4ED9-4799-A603-78B684351510}
    [2011/12/13 13:43:18 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{9FD0DEA6-1D78-40EF-A02A-70BEB2271875}
    [2011/12/13 01:42:55 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{8EDF21E2-0CE5-40E4-9AE5-7EC16355E006}
    [2011/12/12 13:42:33 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{AB36BA6F-D459-4434-B6F0-22F3002851DF}
    [2011/12/12 13:42:23 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{35773C31-A7FF-4A78-8999-27A2F71AF54F}
    [2011/12/12 01:41:56 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{56B69E78-5CA9-4834-94E9-A8E737579CBB}
    [2011/12/11 13:41:24 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{821CFA0E-8F7F-4A4C-947A-401F20CA14B3}
    [2011/12/11 13:41:10 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{083E85B5-0D22-4DBF-892E-702418BCCE0E}
    [2011/12/10 18:14:06 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{80358041-186B-4455-9D28-57F4CAB43F7F}
    [2011/12/10 18:13:54 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{D9BEB169-6B38-483E-B5DE-144BAD12E266}
    [2011/12/09 18:47:06 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{C2662384-F1B3-4930-B69D-39073725F774}
    [2011/12/09 18:46:45 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{A5092359-AA54-4001-B31C-C006D72A4C09}
    [2011/12/09 13:35:09 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{75F8D8E9-1C09-43CC-A6A4-949583E71CFE}
    [2011/12/09 13:34:59 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{3F9132FB-B1E1-4992-944C-DDA6B95E0E0B}
    [2011/12/09 01:34:34 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{FCAA89E8-6A25-46E8-8861-16E06B91D3FA}
    [2011/12/09 01:34:23 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{92315A5E-2E4D-418F-9CB2-FA359158F3B0}
    [2011/12/08 13:33:58 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{56287DB6-D1F4-4B1B-A1B6-E22682F11C69}
    [2011/12/08 13:33:47 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{7071E995-E611-47EF-B556-0C04942A92B5}
    [2011/12/08 01:33:22 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{0489198A-80C4-460E-8FBB-9C6B957EA1BA}
    [2011/12/08 01:33:11 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{71328691-35AE-4FF3-A94B-D11409F10281}
    [2011/12/07 13:32:44 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{87D17429-4A58-4009-A4F5-188980C04786}
    [2011/12/07 13:32:34 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{7118D9B9-3898-40D5-B0D5-1C6F43454A3A}
    [2011/12/07 01:32:09 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{57272337-0AB5-4F46-B038-ABCCBB009CB3}
    [2011/12/07 01:31:58 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{0DD294BC-CB4B-497F-AB23-740B7A1380A4}
    [2011/12/06 13:31:27 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{BFD9C67E-C66B-4B32-A025-DDA085DC5095}
    [2011/12/06 13:31:12 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{1D9327E4-CEE1-4260-933C-EB7DB4D22327}
    [2011/12/06 01:00:54 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{DB37C01C-306B-470A-9659-58F84C28F005}
    [2011/12/06 01:00:41 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{FE45E2EE-B397-47D6-8814-0484131C4149}
    [2011/12/05 13:00:14 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{C870E4F5-8398-45B7-B325-A73D2DA54C0A}
    [2011/12/05 13:00:00 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{91124501-8162-4AA7-9D69-07DFF600650B}
    [2011/12/05 12:52:10 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{39B204BD-9125-4F53-9591-5053DA82CDDD}
    [2011/12/04 19:26:04 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{67F4D077-F265-4E56-9C78-DD11A04A17E3}
    [2011/12/04 19:25:53 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{4B90CF47-4198-4D69-A5B8-CEC2B38BEF59}
    [2011/12/03 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{06CF5469-18FD-4654-B2E5-66F1DED01577}
    [2011/12/03 18:19:22 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{0FD64352-26D2-451C-8AEE-18C3EBE185DC}
    [2011/12/03 01:25:48 | 000,000,000 | ---D | C] -- C:\Users\henry\AppData\Local\{DCA77C36-9341-411C-B331-EEADD2A28851}

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#4
neataznyam
Posted 28 March 2012 - 01:52 PM

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
im trying to run the killer but its not opening. At the moment I'm trying it in safe mode. Should I still do the OTL and GMER without running the killer first?
  • 0

#5
maliprog
Posted 29 March 2012 - 02:56 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi neataznyam,

Skip TheKiller then and try to run OTL and GMER.
  • 0

#6
neataznyam
Posted 29 March 2012 - 03:17 AM

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
otl won't open anymore
  • 0

#7
maliprog
Posted 29 March 2012 - 03:44 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi neataznyam,

Can you try to rename TheKiller.scr to svchost.exe and try to run it. Please note that you also must change extension from .scr to .exe
  • 0

#8
neataznyam
Posted 29 March 2012 - 03:46 AM

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
Killer still wouldn't open, want me to try the same thing to otl?
  • 0

#9
maliprog
Posted 29 March 2012 - 03:47 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Yes. You can try that with OTL too. Let me know results.
  • 0

#10
neataznyam
Posted 29 March 2012 - 03:49 AM

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
same
  • 0

Advertisements

#11
maliprog
Posted 29 March 2012 - 03:53 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please download exeHelper to your desktop.

Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
  • 0

#12
neataznyam
Posted 29 March 2012 - 03:55 AM

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
O by the way, I'm downloading the file from a laptop then transfer onto the infect computer if that's ok
  • 0

#13
neataznyam
Posted 29 March 2012 - 03:59 AM

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
I ran it but nothing opened at the end
  • 0

#14
maliprog
Posted 29 March 2012 - 03:59 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
In that case we need to disinfect your USB memory so you can transfer files and not get infected.

Do this on the clean computer:

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

  • 0

#15
maliprog
Posted 29 March 2012 - 04:00 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
If you run exeHelper then try to run OTL Fix now.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP