I was sent from the windows 7 area. i thought i had resolved my infection but the problems persist. Logs are included. I followed the instructions from the sticky to the best of my ability but i fail GMER. Tried several scans but all said nothing was found and the rootkit/malware tab is blank. I saved it anyway and obviously got a gmer.log file that is completely blank. I can't work out if I'm doing something wrong or if a clean scan results in no log (which would be nice to know if it's the case.)


Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 8235

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

25-Nov-11 957 AM
mbam-log-2011-11-25 (09-21-57).txt

Scan type: Full scan (C:\|)
Objects scanned: 317747
Time elapsed: 38 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
************************************************** *****************

DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by HoloKost at 10:58:20 on 2011-11-25
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2197 [GMT 11:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\mqsvc.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ThreatFire\TFTray.exe
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\PROGRA~1\MICROS~2\msseces.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: {127AD70F-B2B7-4f6a-ACD9-C7B1FE48C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRunOnce: [GrpConv] grpconv -o
uPolicies-explorer: DisallowRun = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
TCP: Interfaces\{CCEBAB7E-665E-4E12-AD42-B53D4FB9ED2A} : DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
TCP: Interfaces\{F3715CB5-FF56-4A8A-BBE9-9BEAE279BAB3} : NameServer = 123.200.191.17 123.200.191.18
BHO-X64: {127AD70F-B2B7-4f6a-ACD9-C7B1FE48C8C0} - No File
BHO-X64: {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB-X64: {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
mRunOnce-x64: [GrpConv] grpconv -o
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 SMR210;Symantec SMR Utility Service 2.1.0;C:\Windows\system32\drivers\SMR210.SYS --> C:\Windows\system32\drivers\SMR210.SYS [?]
R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMo n.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?]
R0 TfSysMon;TfSysMon;C:\Windows\system32\drivers\TfSy sMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-19 1153368]
R2 ThreatFire;ThreatFire;C:\Program Files (x86)\ThreatFire\TFService.exe service --> C:\Program Files (x86)\ThreatFire\TFService.exe service [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-28 288272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-2 2214504]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\system32\DRIVERS\Rtnic64.sys --> C:\Windows\system32\DRIVERS\Rtnic64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SAlphamHid;SteelHIDSvc;C:\Windows\system32\DRIVERS \SAlpham64.sys --> C:\Windows\system32\DRIVERS\SAlpham64.sys [?]
R3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\ TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?]
RUnknown 0783157drv;0783157drv; [x]
RUnknown 86309692;86309692; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S3 Cepstral License Server;Cepstral License Server;C:\Program Files (x86)\Cepstral\bin\CepstralLicSrv.exe [2007-3-15 57344]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system3 2\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-3-27 366152]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\nmwcdcx64.sys --> C:\Windows\system32\drivers\nmwcdcx64.sys [?]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.s ys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\nmwcdx64.sys --> C:\Windows\system32\drivers\nmwcdx64.sys [?]
S3 PRESONUS_AUDIOBOX_MIDI;Presonus AudioBox WDM MIDI Device;C:\Windows\system32\drivers\psabusbm.sys --> C:\Windows\system32\drivers\psabusbm.sys [?]
S3 PRESONUS_AUDIOBOX_USB;Presonus AudioBox USB driver;C:\Windows\system32\Drivers\psabusbu.sys --> C:\Windows\system32\Drivers\psabusbu.sys [?]
S3 PRESONUS_AUDIOBOX_WDM;Presonus AudioBox USB WDM;C:\Windows\system32\drivers\psabusba.sys --> C:\Windows\system32\drivers\psabusba.sys [?]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sy s --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sy s --> C:\Windows\system32\pwdspio.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominipor t.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsus bflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2011-11-24 23:34:52 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F57590F-8032-4F06-A0D0-236E6D117ED2}\offreg.dll
2011-11-24 23:34:49 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F57590F-8032-4F06-A0D0-236E6D117ED2}\mpengine.dll
2011-11-24 03:59:51 -------- d-----w- C:\Users\HoloKost\AppData\Roaming\QuickScan
2011-11-23 21:54:59 388096 ----a-r- C:\Users\HoloKost\AppData\Roaming\Microsoft\Instal ler\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-23 19:20:57 24984 ----a-w- C:\Windows\SysWow64\drivers\BC.sys
2011-11-22 03:45:29 -------- d-----w- C:\Users\HoloKost\AppData\Roaming\LockHunter
2011-11-22 03:43:01 -------- d-----w- C:\Program Files\LockHunter
2011-11-20 16:30:58 3584 ----a-r- C:\Users\HoloKost\AppData\Roaming\Microsoft\Instal ler\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-11-20 16:30:58 -------- d-----w- C:\Program Files (x86)\Windows Installer Clean Up
2011-11-20 16:30:23 -------- d-----w- C:\Program Files (x86)\MSECACHE
2011-11-19 04:13:07 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-19 04:13:07 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-18 22:15:36 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2011-11-18 22:04:31 290304 ----a-w- C:\subinacl.exe
2011-11-18 19:38:36 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2011-11-18 03:58:05 -------- d-----w- C:\ProgramData\Safe
2011-11-17 20:26:34 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-11-17 05:07:34 184797 ----a-w- C:\Windows\System32\reg.dll.bat
2011-11-17 05:04:15 0 ----a-w- C:\Windows\System32\regdll.bat
2011-11-16 14:14:54 -------- d-----w- C:\SafeRecycle
2011-11-16 14:02:41 -------- d-----w- C:\Users\HoloKost\AppData\Local\KSafe
2011-11-16 14:00:36 -------- d-----w- C:\Users\HoloKost\AppData\Roaming\kingsoft
2011-11-16 13:52:14 -------- d-----w- C:\KRSHistory
2011-11-16 13:50:06 -------- d-sh--w- C:\ProgramData\KRSHistory
2011-11-16 13:49:41 -------- d-----w- C:\ProgramData\kingsoft
2011-11-16 13:30:05 -------- d-----w- C:\Program Files (x86)\Kingsoft
2011-11-15 22:09:28 -------- d-----w- C:\Users\HoloKost\AppData\Roaming\DriverCure
2011-11-15 22:09:27 -------- d-----w- C:\Users\HoloKost\AppData\Roaming\SpeedyPC Software
2011-11-15 20:11:29 2441403 ----a-w- C:\regdll.bat
2011-11-15 14:52:00 -------- d-----w- C:\Program Files (x86)\Ss-Tools
2011-11-14 01:23:30 232448 ----a-w- C:\Windows\SysWow64\mp3fhg.acm
2011-11-14 01:23:30 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2011-11-14 01:23:29 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2011-11-14 01:23:29 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2011-11-14 01:23:25 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2011-11-13 17:43:09 -------- d-----w- C:\Users\HoloKost\AppData\Roaming\ID3 renamer
2011-11-09 11:00:26 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 11:00:26 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 11:00:26 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 11:00:25 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-08 14:31:47 -------- d-----w- C:\Program Files (x86)\Audacity
2011-11-07 06:46:54 -------- d-----w- C:\Users\HoloKost\AppData\Roaming\pdfforge
2011-11-07 06:46:47 87040 ----a-w- C:\Windows\System32\pdfcmnnt.dll
2011-11-07 06:46:47 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX
2011-11-07 06:46:45 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
2011-11-07 06:46:45 -------- d-----w- C:\Program Files (x86)\PDFCreator
.
==================== Find3M ====================
.
2011-10-16 13:38:16 23035392 ----a-w- C:\Program Files (x86)\NaturalReader95.msi
2011-10-13 20:38:06 16 ----a-w- C:\Windows\SysWow64\msvcsv60.dll
2011-10-02 18:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-16 15:00:30 34944 ----a-w- C:\Windows\System32\drivers\SAlpham64.sys
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-01 00:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
.
============= FINISH: 11:00:37.08 ===============
************************************************** *****************

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 27-Mar-11 2:08:59 AM
System Uptime: 24-Nov-11 8:37:56 AM (27 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | G41MT-ES2L
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | Socket 775 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 118 GiB total, 54.017 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is FIXED (NTFS) - 1863 GiB total, 908.28 GiB free.
H: is FIXED (NTFS) - 115 GiB total, 70.767 GiB free.
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP189: 24-Nov-11 8:54:38 AM - Installed HiJackThis
RP190: 25-Nov-11 8:46:14 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
AAA Logo Business Edition 3.10
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Any Video Converter 3.2.7
AoA Audio Extractor
Audacity 1.3.13 (Unicode)
AVS Cover Editor 2.0.1.3
Bigasoft MKV Converter 2.5.7.3987
BurnAware Free 3.3.1
CCleaner (remove only)
Cepstral Amy 4.2.0
Cepstral Callie 4.2.0
Cepstral Damien 4.2.0
Cepstral David 4.2.0
Cepstral Duchess 4.2.0
Cepstral Isabelle 4.2.0
Cepstral Katrin 4.2.0
Cepstral Marta 4.2.0
Cepstral Matthias 4.2.0
Cepstral Robin 4.2.0
Champions Online
Curse Client
DivX Setup
Dramatica Pro 4.0
Final Draft 6
Final Draft v6.0.2.5 Update
Free RAR Extract Frog
Glary Utilities 2.39.0.1310
Google Chrome
Heather
HiJackThis
IK Multimedia Authorization Manager version 1.02
Infovox Desktop 2.2
Java(TM) 6 Update 22
Java(TM) 6 Update 29
K-Lite Mega Codec Pack 7.9.0
LADSPA_plugins-win-0.4.15
LAME v3.98.3 for Audacity
Malwarebytes' Anti-Malware version 1.51.2.1300
MediaFeed
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ Run Time Lib Setup
MiniTool Partition Wizard Home Edition 5.2
MixMeister Fusion 7.4.4
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NaturalReader95
newnovelist
NextUp-Acapela Elan Graham22 UK English Voice
NextUp-Acapela Elan Lucy22 UK English Voice
NextUp.com-NeoSpeech Japanese Miyu16 Voice
NVIDIA PhysX
PDFCreator
Peter
Rachel
Realtek High Definition Audio Driver
SampleTank FREE
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Soundplant 39
Spybot - Search & Destroy
Ss Registry Fixer 2.0
ThreatFire
Torrent Episode Downloader
Tweaking.com - Windows Repair (All in One)
TweakNow PowerPack 2011
TweakNow PowerPack 2011 SP3a
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
vanBasco's Karaoke Player
Ventrilo Client
Virgin Mobile
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.10
VT-Show-M16-SAPI5
Windows Installer Clean Up
Wondershare DVD Slideshow Builder Deluxe(Build 6.1.0.41)
World of Warcraft
YouTube Downloader 3.4
.
==== Event Viewer Messages From Past Week ========
.
24-Nov-11 8:39:02 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
24-Nov-11 8:38:50 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BC
24-Nov-11 8:38:44 AM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ TrapConfiguration.
24-Nov-11 8:18:20 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BC spldr
24-Nov-11 8:18:01 AM, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: The system cannot find the file specified.
24-Nov-11 8:17:54 AM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
24-Nov-11 8:17:39 AM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
24-Nov-11 7:14:30 AM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
24-Nov-11 5:44:26 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr
24-Nov-11 5:42:49 AM, Error: Ntfs [137] - The default transaction resource manager on volume G: encountered a non-retryable error and could not start. The data contains the error code.
24-Nov-11 5:33:07 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 4 time(s).
24-Nov-11 5:33:07 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147418113.
24-Nov-11 5:32:26 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
24-Nov-11 5:31:56 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
24-Nov-11 5:31:26 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
24-Nov-11 5:30:57 AM, Error: Service Control Manager [7023] - The KSafe service service terminated with the following error: %%-2147221163
24-Nov-11 5:25:29 AM, Error: Service Control Manager [7022] - The Diagnostic System Host service hung on starting.
23-Nov-11 3:38:41 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
23-Nov-11 3:35:39 AM, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
23-Nov-11 1225 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache kmodurl MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
23-Nov-11 1225 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
23-Nov-11 1225 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
23-Nov-11 1225 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
23-Nov-11 1225 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
23-Nov-11 1225 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
23-Nov-11 1225 AM, Error: Service Control Manager [7001] - The Simple TCP/IP Services service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
23-Nov-11 1225 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
23-Nov-11 1225 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
23-Nov-11 1225 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
23-Nov-11 1225 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
23-Nov-11 1225 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
23-Nov-11 1225 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
23-Nov-11 12:37:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
23-Nov-11 12:37:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
23-Nov-11 12:25:58 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
23-Nov-11 1:46:23 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
23-Nov-11 1:43:26 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
23-Nov-11 1:43:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
23-Nov-11 1:43:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
23-Nov-11 1:43:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
23-Nov-11 1:43:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
23-Nov-11 1:43:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
23-Nov-11 1:43:19 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
23-Nov-11 1:43:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
21-Nov-11 5:22:44 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
21-Nov-11 3:58:55 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
21-Nov-11 3:43:16 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
20-Nov-11 8:09:01 PM, Error: volsnap [36] - The shadow copies of volume G: were aborted because the shadow copy storage could not grow due to a user imposed limit.
19-Nov-11 9:22:02 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
19-Nov-11 9:14:06 AM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
19-Nov-11 7:04:13 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
19-Nov-11 2:35:07 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
18-Nov-11 6:38:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
18-Nov-11 6:13:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.2022.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee2 Error description: The operation timed out
18-Nov-11 6:05:08 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.101 did not allow the name to be claimed by this computer.
18-Nov-11 5:59:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
18-Nov-11 2:36:59 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
18-Nov-11 2:35:32 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
18-Nov-11 12:55:22 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================
I was just about to wipe the system drive and reformat so if i can save the OS without doing that I'd be thrilled. Thank you in advance for any help sorting this mess out.

sorry i totally forgot to post one of the logs.
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-25 10:39:53
-----------------------------
10:39:53.383 OS Version: Windows x64 6.1.7601 Service Pack 1
10:39:53.383 Number of processors: 2 586 0xF0D
10:39:53.383 ComputerName: ERRORUNIT UserName: HoloKost
10:40:03.445 Initialize success
10:40:57.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
10:40:57.109 Disk 0 Vendor: ST3250310AS 4.AAA Size: 238475MB BusType: 3
10:40:57.109 Disk 0 MBR read successfully
10:40:57.109 Disk 0 MBR scan
10:40:57.125 Disk 0 Windows 7 default MBR code
10:40:57.125 Service scanning
10:40:58.482 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
10:41:00.604 Modules scanning
10:41:00.604 Disk 0 trace - called modules:
10:41:00.604 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
10:41:00.619 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a846f0]
10:41:00.619 3 CLASSPNP.SYS[fffff88001b8a43f] -> nt!IofCallDriver -> [0xfffffa80048d5860]
10:41:00.619 5 ACPI.sys[fffff88000f817a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004906060]
10:41:00.619 Scan finished successfully
10:41:49.167 Disk 0 MBR has been saved successfully to "C:\Users\HoloKost\Desktop\MBR.dat"
10:41:49.167 The log file has been saved successfully to "C:\Users\HoloKost\Desktop\aswMBR.txt"

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== ============

You're not saying what computer issues are.

My apologies. I didn't realise that mattered for a malware hunt.
Originally there were so many problems but i got rid of most of them. It's just the ones that were originally present are still there. I can't uninstall some programs and get a "can't create temporary files access is denied" error message. I have tried using 3rd party uninstallers like glarys and ccleaner but same result for all of them. I also have limited control over Threatfire. It updates itself and gives me warnings but the GUI is basically unusable. The image doesn't display on it and the buttons do not respond to clicking. I can only close the window by right clicking close from the task bar.
A couple of programs wont even begin as the system can't find the path specified although it recognises the installation and i can see no errors in the path.
Windows defender can't be updated or started. (I don't really use it so it's not a concern but the fact i can't indicates a problem.)
MSE was unable to open unless i used the context menu entry to scan an individual file and then used the results window to navigate to the main window. This problem seems to be ok now but last time i looked i was still getting contradictory entries in event viewer. It may actually only appear to be working.
My MMC snapins all failed with one or two exceptions, though it was event viewer, troubleshooting and the other useful diagnostic tools that were failing. These are up and running again but who knows how long for.
I'm experiencing connectivity issues relating to DNS but they could just be router or config related. And I experience alot of pop ups almost always for online casinos and the occasional dating site. I use chrome exclusively for my browser.
When trying to use backup Windows couldn't find the images I'd saved onto an external drive. All other files on the drive were still accessible. And system restore would not respond to starting and only displays one point sometimes two and though restore points were being created they were not showing up. I did manage to finally get it to restore after running the Kaspersky Virus removal tool which discovered a rootkit and that got me to this point but if i'm still infected then it's probably going to fail again. I thought it was ok but then i got referred to here. Unfortunately I don't recall which virus i had and never found a logfile from the scan I ran.
I think that covers all the current issues.
Thank you

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Hopefully I read your instructions correctly. Here is the combofix log.


ComboFix 11-11-26.04 - HoloKost 27-Nov-11 15:05:26.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2897 [GMT 11:00]
Running from: c:\users\HoloKost\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Safe
c:\programdata\Safe\zsinfo.dat
c:\windows\SysWow64\msvcsv60.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-27 05:00 . 2011-11-27 05:00 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F7885E6-7AC2-495C-898D-844B46AC27E1}\offreg.dll
2011-11-27 04:59 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F7885E6-7AC2-495C-898D-844B46AC27E1}\mpengine.dll
2011-11-25 19:58 . 2011-11-25 20:06 -------- d-----w- c:\program files\ABR Viewer
2011-11-24 03:59 . 2011-11-24 03:59 -------- d-----w- c:\users\HoloKost\AppData\Roaming\QuickScan
2011-11-23 21:54 . 2011-11-23 21:55 388096 ----a-r- c:\users\HoloKost\AppData\Roaming\Microsoft\Instal ler\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-23 19:20 . 2011-10-20 16:11 24984 ----a-w- c:\windows\SysWow64\drivers\BC.sys
2011-11-22 03:45 . 2011-11-22 03:45 -------- d-----w- c:\users\HoloKost\AppData\Roaming\LockHunter
2011-11-22 03:43 . 2011-11-23 18:38 -------- d-----w- c:\program files\LockHunter
2011-11-20 16:30 . 2011-11-23 18:38 -------- d-----w- c:\program files (x86)\Windows Installer Clean Up
2011-11-20 16:30 . 2011-11-20 16:30 3584 ----a-r- c:\users\HoloKost\AppData\Roaming\Microsoft\Instal ler\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-11-20 16:30 . 2011-11-23 18:38 -------- d-----w- c:\program files (x86)\MSECACHE
2011-11-19 16:14 . 2011-11-19 16:14 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-11-19 04:13 . 2011-11-24 23:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-19 04:13 . 2011-11-23 18:38 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-11-18 22:15 . 2011-11-23 21:09 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2011-11-18 22:04 . 2004-06-11 21:33 290304 ----a-w- C:\subinacl.exe
2011-11-18 19:59 . 2011-11-23 21:15 181064 ----a-w- c:\windows\PSEXESVC.EXE
2011-11-18 19:38 . 2011-11-18 19:38 -------- d-----w- c:\program files (x86)\Tweaking.com
2011-11-17 20:26 . 2011-11-17 20:26 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-17 05:07 . 2011-11-17 05:07 184797 ----a-w- c:\windows\system32\reg.dll.bat
2011-11-17 05:04 . 2011-11-17 05:04 0 ----a-w- c:\windows\system32\regdll.bat
2011-11-16 14:14 . 2011-11-16 14:14 -------- d-----w- C:\SafeRecycle
2011-11-16 14:02 . 2011-11-16 14:02 -------- d-----w- c:\users\HoloKost\AppData\Local\KSafe
2011-11-16 14:00 . 2011-11-16 14:00 -------- d-----w- c:\users\HoloKost\AppData\Roaming\kingsoft
2011-11-16 13:52 . 2011-11-16 13:52 -------- d-----w- C:\KRSHistory
2011-11-16 13:50 . 2011-11-16 13:53 -------- d-sh--w- c:\programdata\KRSHistory
2011-11-16 13:49 . 2011-11-23 18:34 -------- d-----w- c:\programdata\kingsoft
2011-11-16 13:30 . 2011-11-16 13:30 -------- d-----w- c:\program files (x86)\Kingsoft
2011-11-15 22:09 . 2011-11-15 22:09 -------- d-----w- c:\users\HoloKost\AppData\Roaming\DriverCure
2011-11-15 22:09 . 2011-11-15 22:09 -------- d-----w- c:\users\HoloKost\AppData\Roaming\SpeedyPC Software
2011-11-15 20:11 . 2011-11-15 20:12 2441403 ----a-w- C:\regdll.bat
2011-11-15 14:52 . 2011-11-15 14:52 -------- d-----w- c:\program files (x86)\Ss-Tools
2011-11-14 01:23 . 2011-07-16 14:17 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-11-14 01:23 . 2006-10-18 18:05 232448 ----a-w- c:\windows\SysWow64\mp3fhg.acm
2011-11-14 01:23 . 2011-10-28 08:00 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-11-14 01:23 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-11-14 01:23 . 2011-11-14 01:24 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2011-11-14 01:06 . 2011-11-14 01:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-11-13 17:43 . 2011-11-13 17:43 -------- d-----w- c:\users\HoloKost\AppData\Roaming\ID3 renamer
2011-11-09 11:00 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 11:00 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 11:00 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 11:00 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:31 . 2011-11-08 14:31 -------- d-----w- c:\program files (x86)\Audacity
2011-11-07 06:46 . 2011-11-07 06:46 -------- d-----w- c:\users\HoloKost\AppData\Roaming\pdfforge
2011-11-07 06:46 . 2005-03-11 14:07 87040 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-11-07 06:46 . 1998-06-23 14:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2011-11-07 06:46 . 2011-11-07 06:47 -------- d-----w- c:\program files (x86)\PDFCreator
2011-11-07 06:46 . 1998-07-05 14:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-11-27 04:19 . 2011-10-25 07:13 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog. bin
2011-10-16 13:38 . 2011-10-16 13:38 23035392 ----a-w- c:\program files (x86)\NaturalReader95.msi
2011-10-11 09:51 . 2011-10-11 09:52 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7A6D8A0-EB17-480E-9354-2B26ABFC4EF9}\gapaengine.dll
2011-10-07 04:16 . 2011-08-25 06:26 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-02 18:06 . 2011-04-25 16:59 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-16 15:00 . 2011-09-16 15:00 34944 ----a-w- c:\windows\system32\drivers\SAlpham64.sys
2011-09-01 05:24 . 2011-10-12 10:17 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 10:17 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 10:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 10:17 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 10:17 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 10:17 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-01 00:00 . 2011-03-27 02:08 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"StartupDelayer"="c:\program files (x86)\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Cepstral License Server;Cepstral License Server;c:\program files (x86)\Cepstral\bin\CepstralLicSrv.exe [2007-03-15 57344]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 ksfmonsys;ksfmonsys;c:\program files (x86)\Kingsoft\PCDoctor\ksfmonsys64.sys [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [x]
R3 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\nmwcdcx64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.s ys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\nmwcdx64.sys [x]
R3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
R3 PRESONUS_AUDIOBOX_MIDI;Presonus AudioBox WDM MIDI Device;c:\windows\system32\drivers\psabusbm.sys [x]
R3 PRESONUS_AUDIOBOX_USB;Presonus AudioBox USB driver;c:\windows\system32\Drivers\psabusbu.sys [x]
R3 PRESONUS_AUDIOBOX_WDM;Presonus AudioBox USB WDM;c:\windows\system32\drivers\psabusba.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominipor t.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\ synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsus bhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 SMR210;Symantec SMR Utility Service 2.1.0;c:\windows\System32\drivers\SMR210.SYS [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMo n.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSy sMon.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS \SAlpham64.sys [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNe tMon.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-27 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-03-27 02:08]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3549127051-2663782950-2037687458-1000Core.job
- c:\users\HoloKost\AppData\Local\Google\Update\Goog leUpdate.exe [2011-04-15 10:26]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3549127051-2663782950-2037687458-1000UA.job
- c:\users\HoloKost\AppData\Local\Google\Update\Goog leUpdate.exe [2011-04-15 10:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
TCP: Interfaces\{F3715CB5-FF56-4A8A-BBE9-9BEAE279BAB3}: NameServer = 123.200.191.17 123.200.191.18
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{127AD70F-B2B7-4f6a-ACD9-C7B1FE48C8C0} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\T hreatFire]
"AlternateImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ThreatFire\TFService.exe
.
************************************************** ************************
.
Completion time: 2011-11-27 16:38:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-27 05:38
.
Pre-Run: 56,601,006,080 bytes free
Post-Run: 62,179,454,976 bytes free
.
- - End Of File - - C1601D3A9A7F1ADBC82AD51CE13DEC65

Looks good now....

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

OTL logfile created on: 28-Nov-11 4:18:57 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\HoloKost\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

4.00 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 52.52% Memory free
9.86 Gb Paging File | 7.81 Gb Available in Paging File | 79.27% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6200 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118.00 Gb Total Space | 55.92 Gb Free Space | 47.39% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.14% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 936.26 Gb Free Space | 50.26% Space Free | Partition Type: NTFS
Drive H: | 114.79 Gb Total Space | 70.77 Gb Free Space | 61.65% Space Free | Partition Type: NTFS

Computer Name: ERRORUNIT | User Name: HoloKost | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-11-28 04:15:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\HoloKost\Desktop\OTL.exe
PRC - [2011-10-03 05:06:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaw.exe
PRC - [2011-03-30 18:55:52 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011-02-23 07:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
PRC - [2011-02-23 07:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
PRC - [2010-11-20 23:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009-03-05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2011-11-15 16:39:54 | 000,420,920 | ---- | M] () -- C:\Users\HoloKost\AppData\Local\Google\Chrome\Appl ication\15.0.874.121\ppgooglenaclpluginchrome.dll
MOD - [2011-11-15 16:39:53 | 003,702,840 | ---- | M] () -- C:\Users\HoloKost\AppData\Local\Google\Chrome\Appl ication\15.0.874.121\pdf.dll
MOD - [2011-11-15 16:38:16 | 000,122,952 | ---- | M] () -- C:\Users\HoloKost\AppData\Local\Google\Chrome\Appl ication\15.0.874.121\avutil-51.dll
MOD - [2011-11-15 16:38:15 | 000,222,280 | ---- | M] () -- C:\Users\HoloKost\AppData\Local\Google\Chrome\Appl ication\15.0.874.121\avformat-53.dll
MOD - [2011-11-15 16:38:14 | 001,746,504 | ---- | M] () -- C:\Users\HoloKost\AppData\Local\Google\Chrome\Appl ication\15.0.874.121\avcodec-53.dll
MOD - [2011-11-15 13:36:18 | 008,593,056 | ---- | M] () -- C:\Users\HoloKost\AppData\Local\Google\Chrome\Appl ication\15.0.874.121\gcswf32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-04-28 1118 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011-04-28 1118 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010-11-21 00:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2009-07-14 12:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 12:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009-07-14 12:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009-07-14 12:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV - [2011-09-01 11:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-05-22 00:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-02-23 07:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2010-11-20 23:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010-11-20 23:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010-11-20 23:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010-11-20 23:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010-03-19 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-07-14 12:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009-06-11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007-03-15 13:54:48 | 000,057,344 | ---- | M] (Cepstral, LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Cepstral\bin\CepstralLicSrv.exe -- (Cepstral License Server)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-09-17 02:00:30 | 000,034,944 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SAlpham64.sys -- (SAlphamHid)
DRV:64bit: - [2011-09-01 11:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011-08-24 21:20:32 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR210.SYS -- (SMR210)
DRV:64bit: - [2011-04-28 09:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011-04-12 01:46:55 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011-04-12 01:46:55 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011-03-11 17:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 17:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-02-23 07:57:58 | 000,074,824 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2011-02-23 07:57:56 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2011-02-23 07:57:54 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2010-12-02 10:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010-12-02 10:36:40 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2010-11-21 00:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 22:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 22:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-09-08 07:08:56 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010-08-17 09:31:18 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2010-08-17 09:31:16 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2009-12-05 02:26:56 | 000,462,968 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psabusbu.sys -- (PRESONUS_AUDIOBOX_USB)
DRV:64bit: - [2009-12-05 02:26:56 | 000,050,808 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psabusba.sys -- (PRESONUS_AUDIOBOX_WDM)
DRV:64bit: - [2009-12-05 02:26:56 | 000,037,496 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psabusbm.sys -- (PRESONUS_AUDIOBOX_MIDI)
DRV:64bit: - [2009-10-22 11:16:54 | 000,243,200 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009-09-11 09:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009-07-23 14:03:10 | 000,052,736 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009-07-14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 11:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009-06-11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-03-02 17:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2007-07-24 01:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007-06-29 05:47:14 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdx64.sys -- (nmwcdx64)
DRV:64bit: - [2007-06-29 05:46:18 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdcx64.sys -- (nmwcdcx64)
DRV:64bit: - [2007-03-21 03:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
DRV:64bit: - [2006-09-20 08:43:54 | 000,018,224 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011-10-21 03:11:18 | 000,024,984 | ---- | M] (Kingsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\system32\Drivers\BC.sys -- (BC)
DRV - [2009-07-14 12:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3549127051-2663782950-2037687458-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, Latest news, Sport, Music, Movies, Money and Cars from MSN UK
IE - HKU\S-1-5-21-3549127051-2663782950-2037687458-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3549127051-2663782950-2037687458-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A F4 A2 FC 55 FB CB 01 [binary data]
IE - HKU\S-1-5-21-3549127051-2663782950-2037687458-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0


FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\HoloKost\AppData\Local\Google\Update\1.3. 21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\HoloKost\AppData\Local\Google\Update\1.3. 21.79\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrial Parameter}{google:instantFieldTrialGroupParameter} sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\HoloKost\AppData\Local\Google\Chrome\Appl ication\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\HoloKost\AppData\Local\Google\Chrome\Appl ication\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\HoloKost\AppData\Local\Google\Chrome\Appl ication\15.0.874.121\pdf.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\HoloKost\AppData\Local\Google\Update\1.3. 21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011-11-27 16:32:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {127AD70F-B2B7-4f6a-ACD9-C7B1FE48C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - HKU\S-1-5-21-3549127051-2663782950-2037687458-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3549127051-2663782950-2037687458-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3549127051-2663782950-2037687458-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-21-3549127051-2663782950-2037687458-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutorun = 12
O7 - HKU\S-1-5-21-3549127051-2663782950-2037687458-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Software\Policies\Microsoft\Internet Explorer\control panel present
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{CCEBAB7E-665E-4E12-AD42-B53D4FB9ED2A}: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{F3715CB5-FF56-4A8A-BBE9-9BEAE279BAB3}: NameServer = 123.200.191.17 123.200.191.18
O18 - Protocol\Handler\gopher - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011-11-28 04:15:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\HoloKost\Desktop\OTL.exe
[2011-11-27 17:42:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011-11-27 16:38:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011-11-27 15:03:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011-11-27 15:03:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011-11-27 15:03:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011-11-27 15:02:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011-11-27 14:58:30 | 004,309,325 | R--- | C] (Swearware) -- C:\Users\HoloKost\Desktop\ComboFix.exe
[2011-11-26 06:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\ABR Viewer
[2011-11-26 00:29:54 | 000,000,000 | ---D | C] -- C:\Users\HoloKost\Documents\Paint.NET User Files
[2011-11-25 21:10:29 | 000,000,000 | ---D | C] -- C:\Users\HoloKost\Documents\ted
[2011-11-25 10:43:47 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\HoloKost\Desktop\dds.pif
[2011-11-24 14:59:51 | 000,000,000 | ---D | C] -- C:\Users\HoloKost\AppData\Roaming\QuickScan
[2011-11-24 12:59:28 | 000,000,000 | ---D | C] -- C:\Users\HoloKost\Documents\Any Video Converter
[2011-11-24 08:55:00 | 000,000,000 | ---D | C] -- C:\Users\HoloKost\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\HiJackThis
[2011-11-24 06:20:57 | 000,024,984 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysWow64\drivers\BC.sys
[2011-11-22 14:45:29 | 000,000,000 | ---D | C] -- C:\Users\HoloKost\AppData\Roaming\LockHunter
[2011-11-22 14:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
[2011-11-22 14:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\LockHunter
[2011-11-21 03:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Installer Clean Up
[2011-11-21 03:30:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECACHE
[2011-11-20 03:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011-11-20 03:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011-11-19 15:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011-11-19 15:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011-11-19 09:19:28 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011-11-19 06:59:08 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2011-11-19 06:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2011-11-19 06:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2011-11-18 14:15:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-11-18 07:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011-11-17 01:14:54 | 000,000,000 | ---D | C] -- C:\SafeRecycle
[2011-11-17 01:02:41 | 000,000,000 | ---D | C] -- C:\Users\HoloKost\AppData\Local\KSafe
[2011-11-17 01:00:36 | 000,000,000 | ---D | C] -- C:\Users\HoloKost\AppData\Roaming\kingsoft
[2011-11-17 00:52:14 | 000,000,000 | ---D | C] -- C:\KRSHistory
[2011-11-17 00:50:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\KRSHistory
[2011-11-17 00:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\kingsoft
[2011-11-17 00:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kingsoft
[2011-11-16 09:09:28 | 000,000,000 | ---D | C] -- C:\Users\HoloKost\AppData\Roaming\DriverCure
[2011-11-16 09:09:27 | 000,000,000 | ---D | C] -- C:\Users\HoloKost\AppData\Roaming\SpeedyPC Software
[2011-11-16 01:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ss-Tools
[2011-11-16 01:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ss-Tools
[2011-11-14 12:23:30 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2011-11-14 12:23:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2011-11-14 12:06:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011-11-14 04:43:09 | 000,000,000 | ---D | C] -- C:\Users\HoloKost\AppData\Roaming\ID3 renamer
[2011-11-09 22:17:24 | 000,000,000 | ---D | C] -- C:\Users\HoloKost\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Curse
[2011-11-09 01:31:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2011-11-07 17:46:54 | 000,000,000 | ---D | C] -- C:\Users\HoloKost\AppData\Roaming\pdfforge
[2011-11-07 17:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator

========== Files - Modified Within 30 Days ==========

[2011-11-28 04:15:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\HoloKost\Desktop\OTL.exe
[2011-11-28 03:57:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3549127051-2663782950-2037687458-1000UA.job
[2011-11-28 01:20:46 | 000,860,280 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-11-28 01:20:46 | 000,719,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-11-28 01:20:46 | 000,141,402 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-11-27 17:43:19 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011-11-27 17:15:03 | 000,017,136 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-11-27 17:15:03 | 000,017,136 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-11-27 17:09:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-11-27 17:09:43 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011-11-27 16:59:00 | 001,008,114 | ---- | M] () -- C:\Users\HoloKost\Desktop\rkill.com
[2011-11-27 16:32:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011-11-27 14:59:30 | 004,309,325 | R--- | M] (Swearware) -- C:\Users\HoloKost\Desktop\ComboFix.exe
[2011-11-26 22:23:39 | 000,096,710 | ---- | M] () -- C:\Users\HoloKost\Documents\RivetzvsRaverz2complet e.mmp
[2011-11-26 08:57:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3549127051-2663782950-2037687458-1000Core.job
[2011-11-26 05:31:24 | 000,001,658 | ---- | M] () -- C:\Users\HoloKost\Desktop\SampleTank2x.hostSetting s
[2011-11-26 05:30:55 | 000,000,016 | ---- | M] () -- C:\Windows\SysWow64\w3data.vss
[2011-11-26 05:30:55 | 000,000,016 | ---- | M] () -- C:\Windows\msocreg32.dat
[2011-11-25 18:31:54 | 000,001,308 | ---- | M] () -- C:\Users\HoloKost\Desktop\PaintDotNet.lnk
[2011-11-25 10:43:50 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\HoloKost\Desktop\dds.pif
[2011-11-25 10:41:49 | 000,000,512 | ---- | M] () -- C:\Users\HoloKost\Desktop\MBR.dat
[2011-11-25 08:40:26 | 000,302,592 | ---- | M] () -- C:\Users\HoloKost\Desktop\lwk36sje.exe
[2011-11-24 09:19:23 | 000,848,046 | ---- | M] () -- C:\Users\HoloKost\AppData\Local\census.cache
[2011-11-24 09:19:05 | 000,111,808 | ---- | M] () -- C:\Users\HoloKost\AppData\Local\ars.cache
[2011-11-24 0853 | 000,000,036 | ---- | M] () -- C:\Users\HoloKost\AppData\Local\housecall.guid.cac he
[2011-11-24 08:55:00 | 000,002,991 | ---- | M] () -- C:\Users\HoloKost\Desktop\HiJackThis.lnk
[2011-11-24 08:17:21 | 000,582,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-11-24 08:16:26 | 000,000,012 | ---- | M] () -- C:\Windows\CUAppUsage.Dat
[2011-11-24 08:15:59 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2011-11-24 08:09:15 | 000,860,280 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-11-24 07:42:38 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011-11-20 01:33:41 | 001,860,225 | ---- | M] () -- C:\Users\HoloKost\Desktop\aggrohoodyfinal.pdn
[2011-11-20 01:26:38 | 002,369,600 | ---- | M] () -- C:\Users\HoloKost\Desktop\aggrohoodie.jpg
[2011-11-20 01:22:38 | 001,319,852 | ---- | M] () -- C:\Users\HoloKost\Desktop\aggrohood.jpg
[2011-11-19 16:37:02 | 000,438,733 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111119-170956.backup
[2011-11-19 15:13:27 | 000,001,262 | ---- | M] () -- C:\Users\HoloKost\Desktop\Spybot - Search & Destroy.lnk
[2011-11-19 09:17:04 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111119-163702.backup
[2011-11-19 06:38:38 | 000,002,271 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2011-11-17 16:07:36 | 000,184,797 | ---- | M] () -- C:\Windows\SysNative\reg.dll.bat
[2011-11-17 16:04:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\regdll.bat
[2011-11-16 13:43:54 | 000,000,884 | ---- | M] () -- C:\Users\HoloKost\AppData\Roaming\burnaware.ini
[2011-11-16 08:26:34 | 000,001,070 | ---- | M] () -- C:\Users\HoloKost\Desktop\Glary Utilities.lnk
[2011-11-16 07:12:32 | 002,441,403 | ---- | M] () -- C:\regdll.bat
[2011-11-16 01:52:03 | 000,001,120 | ---- | M] () -- C:\Users\HoloKost\Desktop\Registry Fixer.lnk
[2011-11-15 01:23:03 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\TweakNow PowerPack 2011.lnk
[2011-11-14 23:36:07 | 000,000,192 | ---- | M] () -- C:\Users\HoloKost\Documents\cc_20111114_233553.reg
[2011-11-14 21:50:06 | 000,002,546 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011-11-14 11:15:19 | 000,000,753 | ---- | M] () -- C:\Users\HoloKost\Desktop\Left4Dead2 2011.lnk
[2011-11-14 03:22:55 | 000,015,704 | ---- | M] () -- C:\Users\HoloKost\Documents\cc_20111114_032250.reg
[2011-11-09 22:17:24 | 000,000,312 | ---- | M] () -- C:\Users\HoloKost\Desktop\Curse Client.appref-ms
[2011-11-07 18:32:21 | 000,003,752 | ---- | M] () -- C:\Users\HoloKost\Documents\cc_20111107_183152.reg
[2011-11-07 17:46:55 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk

========== Files Created - No Company Name ==========

[2011-11-27 16:58:47 | 001,008,114 | ---- | C] () -- C:\Users\HoloKost\Desktop\rkill.com
[2011-11-27 15:03:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011-11-27 15:03:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011-11-27 15:03:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011-11-27 15:03:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011-11-27 15:03:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011-11-26 05:31:24 | 000,001,658 | ---- | C] () -- C:\Users\HoloKost\Desktop\SampleTank2x.hostSetting s
[2011-11-25 18:31:54 | 000,001,308 | ---- | C] () -- C:\Users\HoloKost\Desktop\PaintDotNet.lnk
[2011-11-25 10:41:49 | 000,000,512 | ---- | C] () -- C:\Users\HoloKost\Desktop\MBR.dat
[2011-11-25 08:40:21 | 000,302,592 | ---- | C] () -- C:\Users\HoloKost\Desktop\lwk36sje.exe
[2011-11-25 05:04:13 | 000,096,710 | ---- | C] () -- C:\Users\HoloKost\Documents\RivetzvsRaverz2complet e.mmp
[2011-11-24 09:19:23 | 000,848,046 | ---- | C] () -- C:\Users\HoloKost\AppData\Local\census.cache
[2011-11-24 09:19:05 | 000,111,808 | ---- | C] () -- C:\Users\HoloKost\AppData\Local\ars.cache
[2011-11-24 0853 | 000,000,036 | ---- | C] () -- C:\Users\HoloKost\AppData\Local\housecall.guid.cac he
[2011-11-24 08:55:00 | 000,002,991 | ---- | C] () -- C:\Users\HoloKost\Desktop\HiJackThis.lnk
[2011-11-21 03:30:58 | 000,002,869 | ---- | C] () -- C:\Users\HoloKost\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Windows Install Clean Up.lnk
[2011-11-20 01:26:36 | 002,369,600 | ---- | C] () -- C:\Users\HoloKost\Desktop\aggrohoodie.jpg
[2011-11-20 01:22:36 | 001,319,852 | ---- | C] () -- C:\Users\HoloKost\Desktop\aggrohood.jpg
[2011-11-19 15:13:27 | 000,001,262 | ---- | C] () -- C:\Users\HoloKost\Desktop\Spybot - Search & Destroy.lnk
[2011-11-19 06:38:38 | 000,002,271 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2011-11-17 16:07:34 | 000,184,797 | ---- | C] () -- C:\Windows\SysNative\reg.dll.bat
[2011-11-17 16:04:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\regdll.bat
[2011-11-16 07:11:29 | 002,441,403 | ---- | C] () -- C:\regdll.bat
[2011-11-16 01:52:03 | 000,001,120 | ---- | C] () -- C:\Users\HoloKost\Desktop\Registry Fixer.lnk
[2011-11-14 23:35:55 | 000,000,192 | ---- | C] () -- C:\Users\HoloKost\Documents\cc_20111114_233553.reg
[2011-11-14 21:50:01 | 000,002,546 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011-11-14 12:23:29 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011-11-14 12:23:29 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011-11-14 03:22:52 | 000,015,704 | ---- | C] () -- C:\Users\HoloKost\Documents\cc_20111114_032250.reg
[2011-11-09 22:17:24 | 000,000,312 | ---- | C] () -- C:\Users\HoloKost\Desktop\Curse Client.appref-ms
[2011-11-07 18:31:57 | 000,003,752 | ---- | C] () -- C:\Users\HoloKost\Documents\cc_20111107_183152.reg
[2011-11-07 17:46:55 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011-11-07 17:46:47 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll
[2011-10-17 00:38:41 | 023,035,392 | ---- | C] () -- C:\Program Files (x86)\NaturalReader95.msi
[2011-09-21 23:06:06 | 000,000,012 | ---- | C] () -- C:\Windows\CUAppUsage.Dat
[2011-09-16 04:41:40 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_processtamer_Ins tallInfo.dat
[2011-09-16 04:41:40 | 000,000,046 | ---- | C] () -- C:\Users\HoloKost\AppData\Local\DonationCoder_proc esstamer_InstallInfo.dat
[2011-09-16 01:00:00 | 000,000,020 | ---- | C] () -- C:\Windows\cmm.dat
[2011-08-30 17:15:00 | 000,000,519 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011-08-24 2101 | 000,000,779 | ---- | C] () -- C:\Users\HoloKost\AppData\Roaming\SMRBackup210.dat
[2011-08-23 19:57:10 | 000,860,280 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-06-10 12:52:35 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011-05-09 13:24:18 | 000,000,040 | ---- | C] () -- C:\Users\HoloKost\AppData\Roaming\cdr.ini
[2011-04-25 14:29:28 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011-04-18 02:54:04 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2011-04-16 04:27:29 | 000,001,454 | ---- | C] () -- C:\ProgramData\ss.ini
[2011-04-15 20:44:58 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011-04-13 21:17:04 | 000,000,884 | ---- | C] () -- C:\Users\HoloKost\AppData\Roaming\burnaware.ini
[2011-03-28 13:02:40 | 000,007,644 | ---- | C] () -- C:\Users\HoloKost\AppData\Local\resmon.resmoncfg
[2011-03-28 00:36:06 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009-07-14 16:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 13:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 13:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 11:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-11 08:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009-05-12 13:44:02 | 000,000,587 | ---- | C] () -- C:\Windows\SysWow64\AcaTTS.ini
[2007-11-09 13:53:34 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\AcaTtsSapi5.dll
[2006-03-19 00:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2004-02-28 05:30:12 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\TrustSupport.dll
[2003-08-07 14:01:52 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

========== LOP Check ==========

[2011-05-11 16:57:55 | 000,000,000 | ---D | M] -- C:\Users\aggrotechnician\AppData\Roaming\uTorrent
[2011-10-17 02:34:31 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\Acapela Group
[2011-08-17 03:46:05 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\AnvSoft
[2011-11-24 20:49:37 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\Audacity
[2011-05-17 04:59:47 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\CustomBrushesMin i
[2011-09-16 04:41:40 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\DonationCoder
[2011-08-23 21:23:08 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\Downloaded Installations
[2011-11-16 09:09:28 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\DriverCure
[2011-09-14 1632 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\Final Draft
[2011-06-04 16:38:12 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\flactomp3
[2011-03-28 00:17:55 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\Foxit
[2011-10-25 09:04:03 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\GlarySoft
[2011-11-14 04:43:09 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\ID3 renamer
[2011-04-18 02:57:47 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\IK Multimedia
[2011-11-17 01:00:36 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\kingsoft
[2011-11-22 14:45:29 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\LockHunter
[2011-11-07 17:46:54 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\pdfforge
[2011-07-07 02:37:13 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\Philipp Winterberg
[2011-11-24 14:59:57 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\QuickScan
[2011-11-07 20:22:29 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\Soundplant
[2011-11-16 09:09:27 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\SpeedyPC Software
[2011-04-09 00:54:43 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\Stegisoft
[2011-09-14 11:01:04 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\SystemRequiremen tsLab
[2011-11-28 04:16:45 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\TeraCopy
[2011-11-23 00:33:19 | 000,000,000 | ---D | M] -- C:\Users\HoloKost\AppData\Roaming\TweakNow PowerPack 2011
[2011-11-28 04:28:08 | 000,000,000 | R--D | M] -- C:\Users\HoloKost\AppData\Roaming\uTorrent
[2011-11-27 17:43:19 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011-11-19 07:03:56 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011-11-27 16:38:48 | 000,013,365 | ---- | M] () -- C:\ComboFix.txt
[2011-11-27 17:09:43 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011-11-27 17:09:45 | 1996,488,703 | -HS- | M] () -- C:\pagefile.sys
[2011-11-16 07:12:32 | 002,441,403 | ---- | M] () -- C:\regdll.bat
[2011-11-27 17:48:06 | 000,000,739 | ---- | M] () -- C:\rkill.log
[2004-06-12 08:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe
[2011-11-18 06:24:56 | 000,165,102 | ---- | M] () -- C:\TDSSKiller.2.6.19.0_18.11.2011_06.22.55_log.txt

< %systemroot%\Fonts\*.com >
[2009-07-14 16:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009-07-14 16:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009-07-14 16:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009-07-14 16:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009-06-11 07:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009-07-14 15:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2011-10-17 00:38:16 | 023,035,392 | ---- | M] () -- C:\Program Files (x86)\NaturalReader95.msi

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011-04-29 07:36:06 | 000,000,221 | -HS- | M] () -- C:\Users\HoloKost\AppData\Roaming\Microsoft\Intern et Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011-04-12 08:38:22 | 000,731,000 | ---- | M] (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources) -- C:\Users\HoloKost\Desktop\autoruns.exe
[2011-04-12 08:38:18 | 000,595,320 | ---- | M] (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources) -- C:\Users\HoloKost\Desktop\autorunsc.exe
[2011-11-27 14:59:30 | 004,309,325 | R--- | M] (Swearware) -- C:\Users\HoloKost\Desktop\ComboFix.exe
[2011-11-25 08:40:26 | 000,302,592 | ---- | M] () -- C:\Users\HoloKost\Desktop\lwk36sje.exe
[2011-11-28 04:15:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\HoloKost\Desktop\OTL.exe
[2010-09-30 06:45:56 | 000,552,960 | ---- | M] (IK Multimedia) -- C:\Users\HoloKost\Desktop\SampleTank 2.5.exe
[2010-10-14 16:19:31 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Users\HoloKost\Desktop\utorrent.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2011-03-30 07:18:03 | 047,024,358 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\HoloKost\My Documents\Vista_Win7_R258_x64.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009-06-11 08:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011-10-27 01:22:54 | 000,000,402 | -HS- | M] () -- C:\Users\HoloKost\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011-11-14 21:50:06 | 000,002,546 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011-04-25 14:24:14 | 000,001,454 | ---- | M] () -- C:\ProgramData\ss.ini

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011-11-28 04:05:32 | 000,032,768 | -HS- | M] () -- C:\Users\HoloKost\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >

OTL Extras logfile created on: 28-Nov-11 4:18:57 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\HoloKost\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

4.00 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 52.52% Memory free
9.86 Gb Paging File | 7.81 Gb Available in Paging File | 79.27% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6200 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118.00 Gb Total Space | 55.92 Gb Free Space | 47.39% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.14% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 936.26 Gb Free Space | 50.26% Space Free | Partition Type: NTFS
Drive H: | 114.79 Gb Total Space | 70.77 Gb Free Space | 61.65% Space Free | Partition Type: NTFS

Computer Name: ERRORUNIT | User Name: HoloKost | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]
"PolicyVersion" = 522
"IPSecExempt" = 0
"IPsecTunnelRemoteMachineAuthorizationList" = None
"IPsecTunnelRemoteUserAuthorizationList" = None

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\PrivateProfile]
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\PublicProfile]
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]
"PolicyVersion" = 522
"IPSecExempt" = 0
"IPsecTunnelRemoteMachineAuthorizationList" = None
"IPsecTunnelRemoteUserAuthorizationList" = None

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\PrivateProfile]
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\PublicProfile]
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}" = GEAR driver installer for AMD64 and Intel EM64T
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CutePDF Writer Installation" = CutePDF Writer 2.8
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"USB_AUDIO_DEusb-audio.depresonusAudioBoxUSB" = AudioBox USB driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B67AF59-EF3B-4501-AE24-AD1CA31630C2}" = Cepstral Katrin 4.2.0
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{1C5811AB-B3BD-496E-B0DB-08A306679881}" = Cepstral Duchess 4.2.0
"{1D87A9A8-62B0-486D-BA10-69A1F8963F43}" = NextUp-Acapela Elan Lucy22 UK English Voice
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20625720-424B-4E47-83C7-0A5F6BB02D88}_is1" = Soundplant 39
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{3448AF7B-0FA4-4013-A8FD-5ACD28C9DD04}" = Cepstral Marta 4.2.0
"{385198CD-D735-498A-B8FF-470A11BF9087}" = Cepstral Callie 4.2.0
"{3BED09AD-67DF-4D79-948D-5DBE950D5411}" = VT-Show-M16-SAPI5
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4C2FFF92-0B63-4D18-9690-ED310E3A604D}" = Rachel
"{50D46632-BAB5-490B-808E-9BD71114E329}" = Cepstral Damien 4.2.0
"{52C32940-C538-40CF-8DE9-B91090F49938}" = Infovox Desktop 2.2
"{6559654F-2F38-491F-8411-211517C3E635}" = SampleTank FREE
"{67F7D625-2E32-481B-85E4-2D17F0E6778D}" = NaturalReader95
"{6CD5EEFA-10D5-4D4E-93ED-233E08964CB6}" = Cepstral Amy 4.2.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B166B27-C968-4CF1-ABE6-9AFAB7014347}" = Peter
"{823120C0-8BD4-4387-AFB7-58290F1A5ACD}" = Cepstral Isabelle 4.2.0
"{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1" = IK Multimedia Authorization Manager version 1.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9B20A26E-5233-474D-B83A-027D71D0DC32}" = NextUp-Acapela Elan Graham22 UK English Voice
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AE76D4C2-A1F0-4381-BB13-BE7EE3B05819}" = Heather
"{AF3D4490-FE95-4A0F-9F6E-321A70C06493}" = Cepstral Matthias 4.2.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{cc568376-ddde-45f4-ac88-c39184455b8d}_is1" = Bigasoft MKV Converter 2.5.7.3987
"{CC8B19D1-91D2-4D5B-B331-F885F432745E}" = Final Draft 6
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{DD9FD141-CDD6-4ADE-9C89-5ECEF4953448}" = NextUp.com-NeoSpeech Japanese Miyu16 Voice
"{E794C2B6-CDF7-41BF-86B0-A2143E490E07}" = Cepstral David 4.2.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F359B3B0-6FA7-4B5F-ABAA-AC5C9A58BED4}" = Cepstral Robin 4.2.0
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"7-Zip" = 7-Zip 9.20
"AAA Logo 3.10 Business_is1" = AAA Logo Business Edition 3.10
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3
"BurnAware Free_is1" = BurnAware Free 3.3.1
"CCleaner" = CCleaner (remove only)
"Champions Online" = Champions Online
"DivX Setup.divx.com" = DivX Setup
"Dramatica Pro 4.0" = Dramatica Pro 4.0
"Final Draft v6.0.2.5 Update" = Final Draft v6.0.2.5 Update
"Free RAR Extract Frog" = Free RAR Extract Frog
"Glary Utilities_is1" = Glary Utilities 2.39.0.1310
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.9.0
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MediaFeed" = MediaFeed
"mmfsetup_is1" = MixMeister Fusion 7.4.4
"newnovelist" = newnovelist
"Ss Registry Fixer_is1" = Ss Registry Fixer 2.0
"Torrent Episode Downloader 0.972" = Torrent Episode Downloader
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"TweakNow PowerPack 2011 SP3b_is1" = TweakNow PowerPack 2011 SP3a
"TweakNow PowerPack 2011_is1" = TweakNow PowerPack 2011
"uTorrent" = µTorrent
"Virgin Mobile" = Virgin Mobile
"VLC media player" = VLC media player 1.1.10
"VMidi" = vanBasco's Karaoke Player
"Wondershare DVD Slideshow Builder Deluxe_is1" = Wondershare DVD Slideshow Builder Deluxe(Build 6.1.0.41)
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3549127051-2663782950-2037687458-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"090215de958f1060" = Curse Client
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24-Nov-11 10:35:41 AM | Computer Name = ErrorUnit | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 24-Nov-11 10:38:10 AM | Computer Name = ErrorUnit | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 24-Nov-11 5:46:18 PM | Computer Name = ErrorUnit | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary 0783157drv. System Error: The system cannot find the file specified. .

Error - 24-Nov-11 5:46:18 PM | Computer Name = ErrorUnit | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary 86309692. System Error: The system cannot find the file specified. .

Error - 25-Nov-11 5:51:23 AM | Computer Name = ErrorUnit | Source = Application Error | ID = 1000
Description = Faulting application name: videoconverter.exe, version: 2.5.7.3987,
time stamp: 0x4cf5f4c1 Faulting module name: avcodec-52.dll, version: 0.0.0.0, time
stamp: 0x4ca03830 Exception code: 0xc0000005 Fault offset: 0x003c1bb4 Faulting process
id: 0x13d0 Faulting application start time: 0x01ccab57c8a17bbf Faulting application
path: C:\Program Files (x86)\Bigasoft\MKV Converter\videoconverter.exe Faulting
module path: C:\Program Files (x86)\Bigasoft\MKV Converter\avcodec-52.dll Report
Id: 08502fda-174b-11e1-b4ca-00223fdbc5e9

Error - 25-Nov-11 8:46:21 AM | Computer Name = ErrorUnit | Source = Application Hang | ID = 1002
Description = The program notepad.exe version 6.1.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: d34 Start
Time: 01ccab6ee87ac509 Termination Time: 4 Application Path: C:\Windows\system32\notepad.exe

Report
Id: 6ea4d355-1763-11e1-b4ca-00223fdbc5e9

Error - 25-Nov-11 527 PM | Computer Name = ErrorUnit | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 25-Nov-11 5:58:36 PM | Computer Name = ErrorUnit | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 27-Nov-11 9:35:53 AM | Computer Name = ErrorUnit | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 27-Nov-11 9:37:50 AM | Computer Name = ErrorUnit | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 23-Nov-11 2:46:27 PM | Computer Name = ErrorUnit | Source = Service Control Manager | ID = 7023
Description = The Software Protection service terminated with the following error:
%%2

Error - 23-Nov-11 3:14:37 PM | Computer Name = ErrorUnit | Source = DCOM | ID = 10010
Description =

Error - 23-Nov-11 349 PM | Computer Name = ErrorUnit | Source = Service Control Manager | ID = 7000
Description = The Link-Layer Topology Discovery Mapper I/O Driver service failed
to start due to the following error: %%646

Error - 23-Nov-11 349 PM | Computer Name = ErrorUnit | Source = Service Control Manager | ID = 7000
Description = The Link-Layer Topology Discovery Responder service failed to start
due to the following error: %%646

Error - 23-Nov-11 3:57:09 PM | Computer Name = ErrorUnit | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ TrapConfiguration.

Error - 23-Nov-11 3:57:09 PM | Computer Name = ErrorUnit | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BC spldr

Error - 23-Nov-11 3:59:10 PM | Computer Name = ErrorUnit | Source = Service Control Manager | ID = 7023
Description = The Software Protection service terminated with the following error:
%%2

Error - 23-Nov-11 4:14:30 PM | Computer Name = ErrorUnit | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 23-Nov-11 4:17:50 PM | Computer Name = ErrorUnit | Source = Service Control Manager | ID = 7023
Description = The Software Protection service terminated with the following error:
%%2

Error - 23-Nov-11 4:51:18 PM | Computer Name = ErrorUnit | Source = DCOM | ID = 10010
Description =


< End of report >

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  :OTL
  DRV:64bit: - [2011-08-24 21:20:32 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR210.SYS -- (SMR210)
  O2 - BHO: (no name) - {127AD70F-B2B7-4f6a-ACD9-C7B1FE48C8C0} - No CLSID value found.
  O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
  @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

================================================== ===============

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.