OTL Log
OTL logfile created on: 1/12/2012 8:53:09 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.51% Memory free
6.19 Gb Paging File | 5.08 Gb Available in Paging File | 81.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 326.05 Gb Total Space | 235.74 Gb Free Space | 72.30% Space Free | Partition Type: NTFS
Drive D: | 9.30 Gb Total Space | 1.25 Gb Free Space | 13.49% Space Free | Partition Type: NTFS
Drive E: | 335.35 Gb Total Space | 334.83 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
Drive K: | 7.45 Gb Total Space | 7.37 Gb Free Space | 98.90% Space Free | Partition Type: FAT32
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/12 20:46:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/20 17:17:39 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/12/20 17:16:31 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/08/25 10:35:18 | 001,584,472 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/11 18:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/01/11 18:04:04 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/09/14 13:03:58 | 000,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/09/14 11:45:30 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/04/14 02:58:40 | 000,488,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2009/04/14 02:58:04 | 000,703,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/31 16:03:12 | 001,398,024 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2009/01/31 16:03:08 | 000,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2008/02/15 06:36:06 | 000,333,064 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2008/01/15 03:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/20 13:36:25 | 001,454,592 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
PRC - [2007/05/07 09:35:56 | 001,273,856 | ---- | M] () -- C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
PRC - [2007/04/18 07:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 03:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
========== Modules (No Company Name) ==========
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2007/05/07 09:35:56 | 001,273,856 | ---- | M] () -- C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
========== Win32 Services (SafeList) ==========
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/20 17:17:39 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/12/20 17:16:31 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/11 18:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/09/14 11:45:30 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/04/14 02:58:40 | 000,488,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/04/14 02:58:04 | 000,703,008 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/01/31 16:03:08 | 000,648,456 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/02/15 06:36:06 | 000,333,064 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2011/12/20 17:16:53 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/01/11 18:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/01/11 18:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/11/26 18:02:28 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/07/05 14:20:02 | 000,050,256 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/05 14:19:56 | 000,050,256 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/05 14:19:50 | 000,154,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/12/04 15:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/12/04 15:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/12/04 15:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2009/02/26 09:11:02 | 000,299,520 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr70.sys -- (rt70x86)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/02/15 06:37:50 | 000,234,512 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2008/02/15 06:37:50 | 000,141,840 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2008/02/15 06:37:50 | 000,065,936 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2008/01/10 10:57:00 | 008,237,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/12/07 07:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/12/07 07:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/11/17 11:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/15 13:36:07 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/10/15 13:36:07 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/10/12 07:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2005/12/12 08:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-419807706-895616609-190428675-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-419807706-895616609-190428675-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-419807706-895616609-190428675-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-419807706-895616609-190428675-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/02 13:45:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\gcffxtbr@WeatherBlink.com: C:\Program Files\WeatherBlink\bar\1.bin
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/02 13:45:29 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2012/01/12 19:06:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HughesNetTools_McciTrayApp] C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Manager.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-419807706-895616609-190428675-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-419807706-895616609-190428675-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-419807706-895616609-190428675-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3EEC59CC-1F1E-42AC-9E9D-32BAC3D126D1}
http://phughescw.hughes.motive.com/wizlet/spaceway/static/controls/Mcci_6-1-0.cab (McciEventStatRetriever Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.142.165.10 67.142.165.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39FA1E33-520C-4EDD-9377-B6BBF16F7A49}: DhcpNameServer = 66.82.4.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FFC7F1D-16AC-4FA1-BA20-8EBE0B8FCC68}: DhcpNameServer = 67.142.165.10 67.142.165.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC73F33B-2631-48E4-A30D-B941FC2B0C7F}: DhcpNameServer = 66.82.4.8
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/17 10:59:37 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/01/12 20:50:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/01/12 19:12:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/12 19:06:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/12 18:26:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/12 18:26:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/12 18:26:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/12 18:26:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/12 18:26:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/12 18:26:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/12 18:24:15 | 004,381,975 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2012/01/10 23:49:00 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2012/01/10 19:30:03 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\user\Desktop\dds.scr
[2012/01/07 11:08:14 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2012/01/07 11:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/07 11:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/07 11:08:07 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/07 11:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/06 20:53:27 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\IObit
[2012/01/06 20:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2012/01/06 20:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/01/06 16:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/06 16:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/05 20:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
[2012/01/05 20:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/01/12 20:47:43 | 000,004,912 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 20:47:43 | 000,004,912 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 20:47:42 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/12 20:47:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/12 20:47:34 | 3219,525,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/12 20:46:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/01/12 19:36:12 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/12 19:11:47 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/12 19:11:47 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/12 19:06:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/12 17:40:30 | 004,381,975 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2012/01/10 23:51:19 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
[2012/01/10 21:58:38 | 000,044,607 | ---- | M] () -- C:\Users\user\Desktop\bootkit_remover.zip
[2012/01/10 21:56:02 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2012/01/10 19:17:56 | 411,204,892 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/10 17:00:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\user\Desktop\dds.scr
[2012/01/10 16:50:10 | 000,302,592 | ---- | M] () -- C:\Users\user\Desktop\x2cxlfql.exe
[2012/01/07 11:11:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/07 11:09:39 | 000,001,356 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2012/01/06 20:53:26 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2012/01/06 16:42:34 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/05 21:41:33 | 000,020,480 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/05 21:07:41 | 000,002,034 | ---- | M] () -- C:\Users\user\Desktop\QuickBooks Pro 2009.lnk
[2012/01/05 20:00:54 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012/01/01 15:28:32 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForuser.job
[2011/12/23 20:08:30 | 000,002,627 | ---- | M] () -- C:\Users\user\Desktop\Microsoft Office Word 2007.lnk
[2011/12/20 17:16:53 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2011/12/20 17:16:35 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2011/12/20 17:16:33 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2011/12/15 09:50:22 | 000,327,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/01/12 18:26:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/12 18:26:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/12 18:26:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/12 18:26:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/12 18:26:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/10 23:52:48 | 000,044,607 | ---- | C] () -- C:\Users\user\Desktop\bootkit_remover.zip
[2012/01/10 23:51:19 | 000,000,512 | ---- | C] () -- C:\Users\user\Desktop\MBR.dat
[2012/01/10 19:12:41 | 000,302,592 | ---- | C] () -- C:\Users\user\Desktop\x2cxlfql.exe
[2012/01/07 12:40:56 | 3219,525,632 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/07 12:36:23 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\HughesNetTools.lnk
[2012/01/07 12:36:23 | 000,001,978 | ---- | C] () -- C:\Users\Public\Desktop\QuickBooks Pro 2009.lnk
[2012/01/07 12:36:23 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/07 12:36:23 | 000,001,630 | ---- | C] () -- C:\Users\Public\Desktop\Windows Media Center.lnk
[2012/01/07 12:36:23 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012/01/07 12:36:23 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Delivery Manager.lnk
[2012/01/07 12:36:23 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\StreetSmart Pro Readme.lnk
[2012/01/07 12:36:23 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012/01/07 12:36:23 | 000,000,874 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2012/01/07 12:36:23 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\StreetSmart Pro.lnk
[2012/01/07 12:36:22 | 000,000,945 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/07 12:36:22 | 000,000,940 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/07 12:36:22 | 000,000,258 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/01/07 12:36:22 | 000,000,240 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/01/07 11:11:35 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/06 20:53:27 | 000,025,944 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2012/01/06 20:53:27 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2012/01/06 20:53:26 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2012/01/05 21:07:41 | 000,002,034 | ---- | C] () -- C:\Users\user\Desktop\QuickBooks Pro 2009.lnk
[2011/11/26 10:29:10 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2010/02/02 13:45:05 | 000,023,111 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/02/02 13:34:40 | 000,077,350 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/10/20 12:44:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 12:44:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/27 05:42:13 | 000,170,160 | ---- | C] () -- C:\Windows\hpqins00.dat
[2008/11/19 11:29:09 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2008/10/08 12:27:04 | 000,008,364 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2008/09/26 15:40:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/26 14:33:16 | 000,179,964 | ---- | C] () -- C:\Windows\hpwins14.dat
[2008/09/26 13:24:55 | 000,012,998 | R--- | C] () -- C:\Windows\hpwscr14.dat
[2008/09/26 13:09:29 | 000,020,480 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/17 10:50:29 | 000,102,451 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/04/17 10:46:14 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2008/04/17 10:43:41 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/04/17 10:43:41 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/11/16 08:12:18 | 000,001,108 | R--- | C] () -- C:\Windows\hpwmdl14.dat
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,327,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,607,168 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,104,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2009/01/16 09:22:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\7Wonders
[2008/09/26 12:21:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\C&S Publishing
[2010/07/29 15:19:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/09 09:21:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\funkitron
[2012/01/06 20:53:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IObit
[2009/08/03 09:04:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Magic Academy
[2009/01/16 06:42:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayFirst
[2008/10/21 14:51:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Snapfish
[2008/10/08 13:03:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template
[2011/01/15 08:31:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vu360
[2008/09/17 15:47:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent
[2012/01/12 19:39:25 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/07/14 08:29:11 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5A1AD0B9-C638-4788-A68E-6DACE4AF03E2}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2011/09/02 12:31:21 | 000,001,024 | ---- | M] () -- C:\.rnd
[2008/04/17 10:59:37 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 22:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/04/17 11:35:22 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/01/12 19:12:20 | 000,012,425 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/01/12 20:47:34 | 3219,525,632 | -HS- | M] () -- C:\hiberfil.sys
[2008/09/30 09:17:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/09/30 09:17:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/01/12 20:47:32 | 3533,451,264 | -HS- | M] () -- C:\pagefile.sys
[2012/01/07 11:01:14 | 000,000,370 | ---- | M] () -- C:\rkill.log
[2012/01/05 20:52:14 | 000,073,502 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_05.01.2012_20.51.21_log.txt
[2012/01/06 21:32:27 | 000,075,554 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_06.01.2012_21.31.52_log.txt
[2012/01/07 11:01:57 | 000,076,180 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_07.01.2012_11.01.39_log.txt
[2009/07/27 06:46:12 | 000,000,909 | ---- | M] () -- C:\updatedatfix.log
< %systemroot%\Fonts\*.com >
[2006/11/02 04:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 04:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 04:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/05/18 06:08:24 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/09/18 13:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/03/15 14:32:10 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2006/11/02 04:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2011/12/20 17:16:46 | 000,052,096 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\system32\spool\prtprocs\w32x86\LMIproc.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2008/01/20 18:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2008/01/20 19:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 19:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 19:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/07/14 08:09:06 | 000,000,286 | -HS- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2012/01/10 21:56:02 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\user\Desktop\boot_cleaner.exe
[2012/01/12 17:40:30 | 004,381,975 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2012/01/12 20:46:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/01/10 16:50:10 | 000,302,592 | ---- | M] () -- C:\Users\user\Desktop\x2cxlfql.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2008/08/28 10:13:42 | 000,000,402 | -HS- | M] () -- C:\Users\user\Favorites\desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
[2010/02/02 13:46:05 | 000,003,608 | ---- | M] () -- C:\ProgramData\hpzinstall.log
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >