TechSpot

Help with malware removal

By smaak
Jul 24, 2011
  1. Hi I'm having issues with this trojan.gen.2 thing on my pc and my virus protection detects and removes it but it just keeps coming back. This is becoming very annoying and I would greatly appreciate it if someone can help me get rid of this thing once and for all. I've followed all of the preliminary steps you guys have suggested and have all of the required logs. Please advise so that I may post them and hopefully get your help in resolving my issue.

    Thanks
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. smaak

    smaak TS Rookie Topic Starter Posts: 16

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7262

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    7/24/2011 11:53:01 AM
    mbam-log-2011-07-24 (11-53-01).txt

    Scan type: Quick scan
    Objects scanned: 220189
    Time elapsed: 12 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 10

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\administrator\AppData\Local\Temp\DWH1000.tmp (Backdoor.Agent) -> Quarantined and deleted successfully.
    c:\users\administrator\appdata\local\temp\dwh33a5.tmp (Backdoor.Agent) -> Quarantined and deleted successfully.
    c:\Users\administrator\AppData\Local\Temp\DWH470D.tmp (Backdoor.Agent) -> Quarantined and deleted successfully.
    c:\Users\administrator\AppData\Local\Temp\DWH6374.tmp (Backdoor.Agent) -> Quarantined and deleted successfully.
    c:\Users\administrator\AppData\Local\Temp\DWHB852.tmp (Backdoor.Agent) -> Quarantined and deleted successfully.
    c:\Users\administrator\AppData\Local\Temp\DWHBB0.tmp (Backdoor.Agent) -> Quarantined and deleted successfully.
    c:\Users\administrator\AppData\Local\Temp\DWHBF16.tmp (Backdoor.Agent) -> Quarantined and deleted successfully.
    c:\Users\administrator\AppData\Local\Temp\DWHC993.tmp (Backdoor.Agent) -> Quarantined and deleted successfully.
    c:\Users\administrator\AppData\Local\Temp\DWHCE73.tmp (Backdoor.Agent) -> Quarantined and deleted successfully.
    c:\Users\administrator\AppData\Local\Temp\DWHE5CB.tmp (Backdoor.Agent) -> Quarantined and deleted successfully.
     
  4. smaak

    smaak TS Rookie Topic Starter Posts: 16

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-07-24 12:31:49
    Windows 6.1.7601 Service Pack 1
    Running: 16ln43h0.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002761b7e24
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002761b7e24@0022a612c9b4 0x40 0xA8 0xFB 0xCE ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x05 0x2F 0xC8 0xEA ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCE 0xE7 0x40 0x28 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBF 0x77 0xCE 0xA6 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002761b7e24 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002761b7e24@0022a612c9b4 0x40 0xA8 0xFB 0xCE ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x05 0x2F 0xC8 0xEA ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCE 0xE7 0x40 0x28 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBF 0x77 0xCE 0xA6 ...

    ---- EOF - GMER 1.0.15 ----
     
  5. smaak

    smaak TS Rookie Topic Starter Posts: 16

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/8/2009 8:46:21 PM
    System Uptime: 7/24/2011 11:56:36 AM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5N-E SLI
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 298 GiB total, 22.206 GiB free.
    D: is CDROM (UDF)
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP207: 7/9/2011 1:04:37 AM - ComboFix created restore point
    RP208: 7/16/2011 4:05:52 AM - Scheduled Checkpoint
    RP209: 7/16/2011 5:42:14 PM - Windows Update
    RP210: 7/17/2011 8:14:02 PM - Installed iTunes
    RP211: 7/18/2011 7:32:06 PM - Installed Java(TM) 6 Update 22
    RP212: 7/18/2011 7:33:20 PM - Installed OpenOffice.org 3.3
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    Ad-Aware
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.0)
    Adobe Shockwave Player 11.5
    Advanced SystemCare 3
    AIM Toolbar
    AIMTunes
    Amnesia - The Dark Descent
    AnswerWorks 4.0 Runtime - English
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Software Update
    Aspell English Dictionary-0.50-2
    AVS Video Converter 6
    AVS4YOU Software Navigator 1.3
    Bing Bar
    Bing Rewards Client Installer
    BlackBerry Desktop Software 6.1
    BlackBerry Device Software v4.3.0 para el smartphone BlackBerry 8130
    Bricks of Egypt 2
    Bryce 6
    CCleaner
    CloneDVD2
    Coupon Printer for Windows
    Creative ALchemy
    Creative Audio Control Panel
    Creative MediaSource
    Creative MediaSource 5
    Creative Software AutoUpdate
    Creative Sound Blaster Properties x64 Edition
    Creative WaveStudio 7
    Cucusoft Ultimate Video Converter 7.08
    Cucusoft Zune Video Converter 7.08
    Curse Client
    D3DX10
    Darkspore Beta
    DH Driver Cleaner Professional Edition
    Diner Dash Hometown Hero
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Setup
    DivX Version Checker
    DivX Web Player
    DNA
    Download Manager 2.3.7
    Download Updater (AOL LLC)
    Driver Sweeper 1.0
    ESET Online Scanner v3
    ffdshow [rev 1723] [2007-12-24]
    FoxTab PDF Converter
    Fritz11
    FrostWire 5.0.8
    Futuremark SystemInfo
    GameSpy Comrade
    GNU Aspell 0.50-3
    Google Chrome
    Google Earth
    Google Talk Plugin
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    GTK+ Runtime 2.14.6 rev a (remove only)
    Guild Wars
    Highlight Viewer (Windows Live Toolbar)
    HP Print Diagnostic Utility
    ImgBurn
    Java Auto Updater
    Java(TM) 6 Update 13
    Java(TM) 6 Update 22
    Java(TM) 6 Update 25
    Java(TM) 6 Update 4
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    JPG to PDF Converter 1.0
    Junk Mail filter update
    LeapFrog Connect
    LeapFrog Tag Plugin
    Lexmark X6100 Series
    LiveUpdate 3.3 (Symantec Corporation)
    Logitech Updater
    Logitech Vid HD
    Magicka
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Map Button (Windows Live Toolbar)
    McAfee Security Scan Plus
    Microsoft .NET Framework 1.1
    Microsoft Default Manager
    Microsoft Expression Web
    Microsoft Expression Web MUI (English)
    Microsoft Expression Web Service Pack 1 (SP1)
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft MSDN 2005 Express Edition - ENU
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Live Add-in 1.5
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Setup Support Files (English)
    Microsoft UI Engine
    Microsoft VC9 runtime libraries
    Microsoft Visual C# 2005 Express Edition - ENU
    Microsoft Visual C# 2005 Express Edition - ENU Service Pack 1 (KB926749)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WSE 3.0 Runtime
    Microsoft XNA Framework Redistributable 2.0
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Game Studio 2.0
    Microsoft XNA Game Studio 2.0 (ARP entry)
    Microsoft XNA Game Studio 2.0 (Redists)
    Microsoft XNA Game Studio 2.0 (shared components)
    Microsoft XNA Game Studio 2.0 (spacewar)
    Microsoft XNA Game Studio 2.0 (xnaliveproxy)
    Microsoft XNA Game Studio 2.0 Documentation
    Movavi Video Converter 6
    Move Media Player
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Netflix Movie Viewer
    Norton Security Scan
    NVIDIA Performance
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    NVIDIA System Monitor
    NVIDIA System Update
    Octoshape add-in for Adobe Flash Player
    ooVoo
    ooVoo Toolbar
    OpenOffice.org 3.3
    PC Pitstop Exterminate2 2.0
    Pidgin
    Portal 2
    PowerISO
    PS3 Video 9 4.07
    PunkBuster Services
    QuickTime
    RealPlayer
    Rift BETA Patcher
    Rosetta Stone Version 3
    Search Toolbar
    Security Task Manager 1.7e
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Smart Menus (Windows Live Toolbar)
    SpeedFan (remove only)
    Spelling Dictionaries Support For Adobe Reader 9
    Spyware Doctor 8.0
    Steam
    StillLife
    System Requirements Lab
    System Requirements Lab CYRI
    TurboTax 2008
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wnyiper
    TurboTax 2008 wrapper
    TurboTax Deluxe 2007
    TVersity Codec Pack 1.2
    TVersity Media Server 1.5 Beta
    Unity Web Player
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Visual C# 2005 Express Edition - ENU (KB932232)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
    VC80CRTRedist - 8.0.50727.4053
    Ventrilo Server
    Videora iPod classic Converter 4.00
    Viewpoint Media Player
    VirtualCloneDrive
    Windows 7 Upgrade Advisor
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Favorites for Windows Live Toolbar
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinRAR archiver
    World of Warcraft
    Yahoo! Toolbar
    YouTube Downloader App 1.02
    YVD
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/24/2011 12:01:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
    7/24/2011 11:54:48 AM, Error: Service Control Manager [7034] - The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s).
    7/21/2011 10:34:12 PM, Error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    7/20/2011 11:42:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xffffffffc0000005, 0xfffff8800256a088, 0xfffff8800416f9d8, 0xfffff8800416f230). A dump was saved in: C:\Windows\Minidump\072011-103974-01.dmp. Report Id: 072011-103974-01.
    7/17/2011 8:29:26 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/17/2011 8:12:41 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
    7/17/2011 8:11:41 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/17/2011 8:10:51 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/17/2011 1:00:56 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ISIAH-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8424837C-C4AD-4C07-B2E4-A4E13D37EEC2}. The master browser is stopping or an election is being forced.
    .
    ==== End Of File ===========================
     
  6. smaak

    smaak TS Rookie Topic Starter Posts: 16

    .
    DDS (Ver_2011-06-23.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Administrator at 12:43:15 on 2011-07-24
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.1329 [GMT -4:00]
    .
    AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files (x86)\Google\Update\1.3.21.57\GoogleCrashHandler.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe
    C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
    C:\Program Files (x86)\DNA\btdna.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\SysWOW64\CTsvcCDA.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    C:\Windows\system32\lxcdcoms.exe
    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
    C:\Program Files (x86)\ooVoo Toolbar\ToolbarUpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://oovoostart.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z053&partner_id=220&product_id=664&affiliate_id=&channel=&toolbar_id=201&toolbar_version=2.1.0&install_country=US&install_date=20110714&user_guid=E70E71A797BE472AB555D43391D10948&machine_id=0b3cfa46edc47d98c1bbd0e42a023328&browser=IE&os=win&os_version=6.1-x64-SP1
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: ooVoo Toolbar Helper: {92b514fd-a316-4736-99eb-2a6532d02e7d} - C:\Program Files (x86)\ooVoo Toolbar\Toolbar32.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: ooVoo Toolbar: {3d475351-3508-4de9-a7c0-b0ceb0859fbe} - C:\Program Files (x86)\ooVoo Toolbar\Toolbar32.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    uRun: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [Creative Detector] "C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe" /R
    uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [BitTorrent DNA] "C:\Program Files (x86)\DNA\btdna.exe"
    uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    uRun: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    mRun: [PC Pitstop Diskmd3 Reminder] C:\Program Files (x86)\PCPitstop\DiskMD3\Reminder-Diskmd3.exe
    mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
    mRun: [P17Helper] Rundll32 P17.dll,P17Helper
    mRun: [MSServer] rundll32.exe C:\Windows\system32\mlJAtQGy.dll,#1
    mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
    LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    Trusted Zone: mythos.com\www
    Trusted Zone: turbotax.com
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} - hxxp://www.streamplug.com/StreamPlug/beta/SP.cab
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
    DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} - hxxps://www.select2perform.com/cabs/QOLCheck.ocx
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
    DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
    DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
    DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://zone.msn.com/binGame/ZAxRcMgr.cab
    DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39915.6867939815
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/gom/receiver/tc/FMSI.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} - hxxp://www.shockwave.com/content/astroavenger2/sis/AstroAvenger2Loader.cab
    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://aimprods01.webex.com/client/v_mywebex-mwmtricon/mywebex/ieatgpc.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab
    TCP: Interfaces\{8424837C-C4AD-4C07-B2E4-A4E13D37EEC2} : NameServer = 167.206.251.129,167.206.251.130
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: ooVoo Toolbar Helper: {92B514FD-A316-4736-99EB-2A6532D02E7D} - C:\Program Files (x86)\ooVoo Toolbar\Toolbar32.dll
    BHO-X64: ooVoo Toolbar Helper - No File
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    BHO-X64: AIM Toolbar Loader - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll
    BHO-X64: Yontoo Layers - No File
    TB-X64: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: ooVoo Toolbar: {3D475351-3508-4de9-A7C0-B0CEB0859FBE} - C:\Program Files (x86)\ooVoo Toolbar\Toolbar32.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB-X64: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    mRun-x64: [PC Pitstop Diskmd3 Reminder] C:\Program Files (x86)\PCPitstop\DiskMD3\Reminder-Diskmd3.exe
    mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
    mRun-x64: [P17Helper] Rundll32 P17.dll,P17Helper
    mRun-x64: [MSServer] rundll32.exe C:\Windows\system32\mlJAtQGy.dll,#1
    mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
    mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
    R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
    R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2004-9-23 26720]
    R2 aawservice;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe [2008-9-10 611664]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-16 366640]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-4 2214504]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-4-23 1831024]
    R2 Updater Service for ooVoo Toolbar;Updater Service for ooVoo Toolbar;C:\Program Files (x86)\ooVoo Toolbar\ToolbarUpdaterService.exe [2011-5-20 210144]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-5-16 136824]
    R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-26 133104]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-4 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-3 79360]
    S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2008-4-1 5632]
    S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-26 133104]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]
    S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
    S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
    S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys --> C:\Windows\system32\DRIVERS\motport.sys [?]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 P1764;Sound Blaster Audigy;C:\Windows\system32\drivers\P1764.sys --> C:\Windows\system32\drivers\P1764.sys [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2011-7-16 366840]
    S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2011-7-16 1150936]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-9-24 306416]
    S4 pctgntdi;pctgntdi;\??\C:\Windows\system32\drivers\pctgntdi64.sys --> C:\Windows\system32\drivers\pctgntdi64.sys [?]
    S4 pctplsg;pctplsg;\??\C:\Windows\System32\drivers\pctplsg64.sys --> C:\Windows\System32\drivers\pctplsg64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-07-24 16:01:39 -------- d-----w- C:\Users\Administrator\AppData\Local\{07DEA662-B03E-4D5E-990A-4689B0BA9AE6}
    2011-07-23 23:37:10 -------- d-----w- C:\Users\Administrator\AppData\Local\{CB11CC99-B86D-4377-87FB-3F68F59B52E3}
    2011-07-23 04:19:42 -------- d-----w- C:\Users\Administrator\AppData\Local\{6D07627F-F8B4-4BB6-8C78-A21A4A51D94B}
    2011-07-22 16:19:02 -------- d-----w- C:\Users\Administrator\AppData\Local\{04A30933-4EC5-4D16-AFFD-A8B1DB1B68D8}
    2011-07-22 14:06:37 -------- d-----w- C:\Users\Administrator\AppData\Local\{4C290693-D75D-4528-845E-C37FF784733C}
    2011-07-21 10:21:19 -------- d-----w- C:\Users\Administrator\AppData\Local\{31807079-4354-4BE6-80C1-94D6B4F9022A}
    2011-07-21 03:45:49 -------- d-----w- C:\Users\Administrator\AppData\Local\{C017A9B9-1870-4AF2-992D-B170F4A5C01F}
    2011-07-20 10:36:29 -------- d-----w- C:\Users\Administrator\AppData\Local\{9D1137FC-746B-40E2-BB76-648A1F0B8D29}
    2011-07-19 11:07:03 -------- d-----w- C:\Users\Administrator\AppData\Local\{2015F35C-A72A-45E1-90D9-58282F0EBFFE}
    2011-07-18 20:31:18 -------- d-----w- C:\Users\Administrator\AppData\Local\{AF49E768-860C-462D-8B0B-4AB237025B1F}
    2011-07-18 04:24:33 -------- d-----w- C:\Users\Administrator\AppData\Local\{13AD4EFA-57ED-4070-B913-A0C94BC314C2}
    2011-07-18 00:29:04 -------- d-----w- C:\Users\Administrator\AppData\Local\{1E9A044B-3646-4A32-BCF8-CDFE2C6A8D00}
    2011-07-18 00:16:16 -------- d-----w- C:\Program Files\iPod
    2011-07-18 00:16:15 -------- d-----w- C:\Program Files\iTunes
    2011-07-18 00:16:15 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-07-18 00:13:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll
    2011-07-18 00:13:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll
    2011-07-18 00:13:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
    2011-07-18 00:13:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
    2011-07-18 00:13:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
    2011-07-18 00:13:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
    2011-07-18 00:13:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
    2011-07-18 00:10:31 -------- d-----w- C:\Program Files\Bonjour
    2011-07-18 00:10:31 -------- d-----w- C:\Program Files (x86)\Bonjour
    2011-07-18 00:01:20 -------- d-----w- C:\Users\Administrator\FrostWire
    2011-07-17 23:56:45 -------- d-----w- C:\Users\Administrator\.frostwire5
    2011-07-17 23:56:22 -------- d-----w- C:\Program Files (x86)\FrostWire 5
    2011-07-17 17:19:23 -------- d-----w- C:\Users\Administrator\AppData\Local\{81FB9AED-887F-4739-9A2B-5742EBBAE713}
    2011-07-17 17:19:23 -------- d-----w- C:\Users\Administrator\AppData\Local\{315D1DF7-81EC-46D0-B7EA-57A8717ABFAF}
    2011-07-16 21:42:00 421888 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-07-16 21:34:41 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
    2011-07-16 21:34:41 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
    2011-07-14 03:18:27 -------- d-----w- C:\Users\Administrator\AppData\Roaming\ooVoo Details
    2011-07-14 03:18:14 -------- d-----w- C:\Program Files (x86)\ooVoo Toolbar
    2011-07-14 03:17:28 -------- d-----w- C:\Program Files (x86)\ooVoo
    2011-07-14 03:16:18 -------- d-----w- C:\Program Files (x86)\Yontoo Layers
    2011-07-14 03:16:17 -------- d-----w- C:\ProgramData\Tarma Installer
    2011-07-12 00:33:37 -------- d-----w- C:\Program Files (x86)\ESET
    2011-07-09 14:22:24 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-07-09 03:49:14 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes
    2011-07-09 03:49:10 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-09 03:49:10 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-07-09 03:49:07 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-07-09 03:49:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-07-09 03:23:33 -------- d-----w- C:\b3572d5021079186785dad5b
    2011-07-09 03:23:33 -------- d-----w- C:\60283787247103eb2b
    2011-07-09 02:59:59 334976 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
    2011-07-09 02:59:59 137704 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
    2011-07-09 02:59:40 257232 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
    2011-07-09 02:59:28 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
    2011-07-09 02:59:17 -------- d-----w- C:\Users\Administrator\AppData\Roaming\PC Tools
    2011-07-09 02:59:17 -------- d-----w- C:\ProgramData\PC Tools
    2011-07-09 02:59:17 -------- d-----w- C:\Program Files (x86)\Spyware Doctor
    2011-07-09 02:59:17 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
    2011-07-09 02:57:38 -------- d-----w- C:\Users\Administrator\AppData\Roaming\GetRightToGo
    2011-07-05 02:06:06 -------- d-----w- C:\Users\Administrator\AppData\Local\NPE
    2011-07-04 21:12:46 2560616 ----a-w- C:\Windows\System32\nvsvcr.dll
    2011-06-28 13:58:59 89088 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2011-06-27 17:36:52 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-06-27 17:36:52 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-06-27 17:36:51 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-06-27 17:36:47 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-06-27 17:36:46 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-06-27 17:36:45 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-06-27 17:36:44 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-06-27 17:36:44 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-06-27 17:36:42 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-06-27 17:36:37 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    2011-06-27 17:34:34 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-06-27 17:34:33 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    .
    ==================== Find3M ====================
    .
    2011-06-28 13:59:00 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2011-06-28 13:59:00 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
    2011-06-28 13:59:00 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2011-06-28 13:59:00 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx
    2011-06-28 13:59:00 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
    2011-06-28 13:59:00 367104 ----a-w- C:\Windows\SysWow64\html.iec
    2011-06-28 13:59:00 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-06-28 13:59:00 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
    2011-06-28 13:59:00 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-06-28 13:59:00 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
    2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
    2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
    2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
    2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
    2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
    2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
    2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
    2011-05-10 12:06:08 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2011-05-10 12:06:08 4517664 ----a-w- C:\Windows\System32\usbaaplrc.dll
    2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
    2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
    2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
    2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
    2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
    2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
    2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
    2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
    2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
    2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
    2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
    2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
    2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
    2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
    2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
    2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
    2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
    2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
    2011-04-28 03:55:08 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
    2011-04-28 03:54:56 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
    .
    ============= FINISH: 12:44:15.35 ===============
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You're running two AV programs, Symantec Endpoint Protection and Spyware Doctor with AntiVirus.
    One of them has to go.
    If Symantec, make sure to use this tool to uninstall it: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

    Then.....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. smaak

    smaak TS Rookie Topic Starter Posts: 16

    I removed the other AV and left endpoint. Here is the combofix log as you requested



    ComboFix 11-07-24.03 - Administrator 07/24/2011 22:36:47.2.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.1658 [GMT -4:00]
    Running from: c:\users\Administrator\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Tarma Installer
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
    c:\windows\Downloaded Program Files\popcaploader.dll
    c:\windows\Downloaded Program Files\popcaploader.inf
    c:\windows\settings.reg
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-25 02:48 . 2011-07-25 02:48 -------- d-----w- c:\users\rivera\AppData\Local\temp
    2011-07-25 02:48 . 2011-07-25 02:48 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
    2011-07-25 02:48 . 2011-07-25 02:48 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-07-18 00:16 . 2011-07-18 00:16 -------- d-----w- c:\program files\iPod
    2011-07-18 00:16 . 2011-07-18 00:16 -------- d-----w- c:\program files\iTunes
    2011-07-18 00:16 . 2011-07-18 00:16 -------- d-----w- c:\program files (x86)\iTunes
    2011-07-18 00:13 . 2011-07-18 00:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll
    2011-07-18 00:13 . 2011-07-18 00:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll
    2011-07-18 00:13 . 2011-07-18 00:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
    2011-07-18 00:13 . 2011-07-18 00:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
    2011-07-18 00:13 . 2011-07-18 00:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
    2011-07-18 00:13 . 2011-07-18 00:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
    2011-07-18 00:13 . 2011-07-18 00:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
    2011-07-18 00:13 . 2011-07-18 00:13 -------- d-----w- c:\program files (x86)\QuickTime
    2011-07-18 00:11 . 2011-07-18 00:11 -------- d-----w- c:\program files (x86)\Apple Software Update
    2011-07-18 00:10 . 2011-07-18 00:10 -------- d-----w- c:\program files\Bonjour
    2011-07-18 00:10 . 2011-07-18 00:10 -------- d-----w- c:\program files (x86)\Bonjour
    2011-07-18 00:01 . 2011-07-18 00:08 -------- d-----w- c:\users\Administrator\FrostWire
    2011-07-17 23:56 . 2011-07-18 00:34 -------- d-----w- c:\users\Administrator\.frostwire5
    2011-07-17 23:56 . 2011-07-18 00:08 -------- d-----w- c:\program files (x86)\FrostWire 5
    2011-07-16 21:42 . 2011-06-03 06:56 421888 ----a-w- c:\windows\system32\KernelBase.dll
    2011-07-14 03:18 . 2011-07-14 03:18 -------- d-----w- c:\users\Administrator\AppData\Roaming\ooVoo Details
    2011-07-14 03:17 . 2011-07-14 03:17 -------- d-----w- c:\program files (x86)\ooVoo
    2011-07-14 03:16 . 2011-07-14 03:16 -------- d-----w- c:\program files (x86)\Yontoo Layers
    2011-07-12 00:33 . 2011-07-12 00:33 -------- d-----w- c:\program files (x86)\ESET
    2011-07-09 03:49 . 2011-07-09 03:49 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
    2011-07-09 03:49 . 2011-07-09 03:49 -------- d-----w- c:\programdata\Malwarebytes
    2011-07-09 03:49 . 2011-07-06 23:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-09 03:49 . 2011-07-17 03:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-07-09 03:49 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-09 03:23 . 2011-07-09 03:23 -------- d-----w- C:\b3572d5021079186785dad5b
    2011-07-09 03:23 . 2011-07-09 03:23 -------- d-----w- C:\60283787247103eb2b
    2011-07-09 02:59 . 2011-07-16 21:34 -------- d-----w- c:\programdata\PC Tools
    2011-07-09 02:59 . 2011-07-09 02:59 -------- d-----w- c:\users\Administrator\AppData\Roaming\PC Tools
    2011-07-09 02:57 . 2011-07-09 02:59 -------- d-----w- c:\users\Administrator\AppData\Roaming\GetRightToGo
    2011-07-05 02:06 . 2011-07-05 02:21 -------- d-----w- c:\users\Administrator\AppData\Local\NPE
    2011-07-04 21:13 . 2011-07-04 21:13 -------- d-----w- c:\users\UpdatusUser
    2011-07-04 21:12 . 2011-05-21 10:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
    2011-06-28 13:58 . 2011-06-28 13:58 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-06-27 17:36 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-06-27 17:36 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-06-27 17:36 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-06-27 17:36 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2011-06-27 17:36 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2011-06-27 17:36 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-27 17:36 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-06-27 17:36 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-27 17:36 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-27 17:36 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-06-27 17:34 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2011-06-27 17:34 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-03 05:57 . 2011-07-16 21:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-05-21 10:01 . 2011-05-21 10:01 7123560 ----a-w- c:\windows\system32\nvcuda.dll
    2011-05-21 10:01 . 2011-05-21 10:01 67176 ----a-w- c:\windows\system32\OpenCL.dll
    2011-05-21 10:01 . 2011-05-21 10:01 6555240 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2011-05-21 10:01 . 2011-05-21 10:01 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2011-05-21 10:01 . 2011-05-21 10:01 5301352 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2011-05-21 10:01 . 2011-05-21 10:01 2943592 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-05-21 10:01 . 2011-05-21 10:01 2804328 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2011-05-21 10:01 . 2011-05-21 10:01 2335848 ----a-w- c:\windows\SysWow64\nvapi.dll
    2011-05-21 10:01 . 2011-05-21 10:01 22286952 ----a-w- c:\windows\system32\nvoglv64.dll
    2011-05-21 10:01 . 2011-05-21 10:01 2212968 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-05-21 10:01 . 2011-05-21 10:01 2082408 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2011-05-21 10:01 . 2011-05-21 10:01 18583144 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-05-21 10:01 . 2011-05-21 10:01 16456296 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2011-05-21 10:01 . 2011-05-21 10:01 15223912 ----a-w- c:\windows\system32\nvd3dumx.dll
    2011-05-21 10:01 . 2011-05-21 10:01 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll
    2011-05-21 10:01 . 2011-05-21 10:01 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll
    2011-05-21 10:01 . 2011-05-21 10:01 13206120 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-05-21 10:01 . 2011-05-21 10:01 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2011-05-21 10:01 . 2011-02-23 12:28 11992680 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2011-05-21 10:01 . 2011-01-08 01:49 739432 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
    2011-05-21 10:01 . 2011-01-08 01:49 6300776 ----a-w- c:\windows\system32\nvcpl.dll
    2011-05-21 10:01 . 2011-01-08 01:49 3040872 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-05-21 10:01 . 2011-01-08 01:48 117864 ----a-w- c:\windows\system32\nvmctray.dll
    2011-05-21 10:01 . 2011-01-08 01:48 1016936 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-05-21 10:01 . 2010-04-04 02:55 2644584 ----a-w- c:\windows\system32\nvapi64.dll
    2011-05-21 10:01 . 2010-04-03 22:42 61544 ----a-w- c:\windows\system32\nvshext.dll
    2011-05-21 10:01 . 2010-01-12 17:03 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2011-05-10 12:06 . 2011-05-10 12:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2011-05-10 12:06 . 2011-05-10 12:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    2011-02-28 22:11 191488 ------w- c:\program files (x86)\Yontoo Layers\YontooIEClient.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer3"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2007-08-20 12744]
    R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
    R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    R3 P1764;Sound Blaster Audigy;c:\windows\system32\drivers\P1764.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
    R4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-04 79360]
    R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-04 79360]
    R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-26 133104]
    R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-26 133104]
    R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]
    R4 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-09 136824]
    S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *Deregistered* - aswMBR
    *Deregistered* - SYMDNS
    *Deregistered* - SYMFW
    *Deregistered* - SYMNDISV
    *Deregistered* - SYMREDRV
    *Deregistered* - SYMTDI
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-25 c:\windows\Tasks\Google Software Updater.job
    - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-19 17:57]
    .
    2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-26 04:07]
    .
    2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-26 04:07]
    .
    2011-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2122345134-2917493354-2950889500-500Core.job
    - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-12 23:02]
    .
    2011-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2122345134-2917493354-2950889500-500UA.job
    - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-12 23:02]
    .
    2011-07-24 c:\windows\Tasks\Norton Security Scan for Administrator.job
    - c:\progra~2\NORTON~3\Engine\301~1.8\Nss.exe [2011-01-22 08:19]
    .
    .
    --------- x86-64 -----------
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://oovoostart.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z053&partner_id=220&product_id=664&affiliate_id=&channel=&toolbar_id=201&toolbar_version=2.1.0&install_country=US&install_date=20110714&user_guid=E70E71A797BE472AB555D43391D10948&machine_id=0b3cfa46edc47d98c1bbd0e42a023328&browser=IE&os=win&os_version=6.1-x64-SP1
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: mythos.com\www
    Trusted Zone: turbotax.com
    TCP: Interfaces\{8424837C-C4AD-4C07-B2E4-A4E13D37EEC2}: NameServer = 167.206.251.129,167.206.251.130
    DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
    DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} - hxxp://www.shockwave.com/content/astroavenger2/sis/AstroAvenger2Loader.cab
    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-AIM Toolbar - c:\program files (x86)\AIM Toolbar\uninstall.exe
    AddRemove-AIMTunes - c:\program files (x86)\AIMTunes\Uninstall.exe
    AddRemove-Coupon Printer for Windows4.0 - c:\program files (x86)\Coupons\uninstall.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
    AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
    AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (Administrator)
    "{61539ECD-CC67-4437-A03C-9AACCBD14326}"=hex:51,66,7a,6c,4c,1d,3b,1b,dd,82,40,
    7a,52,9c,5c,0c,bd,34,dc,ec,c9,9b,07,3d
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,3b,1b,22,a1,8a,
    f4,ce,91,b9,59,94,27,46,d0,25,57,0b,93
    "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,6d,d8,
    96,b3,8f,ef,0b,95,4a,c9,e8,46,63,3f,24
    "{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,3b,1b,93,4e,51,
    86,b2,84,5c,0b,a7,be,ed,c3,56,e2,50,4c
    "{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,3b,1b,9a,57,13,
    29,9c,14,8c,0b,99,e1,c6,c8,3a,ca,d1,02
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,82,16,
    e4,6f,9c,45,06,a2,33,d0,a9,2b,9c,11,18
    "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,3b,1b,28,91,54,
    19,cc,93,90,06,86,59,30,d5,ee,ea,12,6b
    "{0BB6EF78-FFC8-4F7A-BD2C-09DA1169A4B5}"=hex:51,66,7a,6c,4c,1d,3b,1b,68,f3,a5,
    10,fd,af,11,07,a0,24,4f,9a,13,23,e0,ae
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,14,cc,
    03,98,b8,e8,0a,b8,9e,bc,17,8e,64,f9,d8
    "{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,3b,1b,f9,df,5a,
    2b,54,e4,ae,03,95,78,0a,49,16,2b,d6,d1
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c8,23,
    8b,37,1c,d4,02,93,c4,17,24,74,42,27,dd
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,3b,1b,48,f1,4b,
    b1,e8,51,fa,05,9e,3b,89,50,55,3e,37,ec
    "{B0CDA128-B425-4EEF-A174-61A11AC5DBF8}"=hex:51,66,7a,6c,4c,1d,3b,1b,38,bd,de,
    ab,10,e4,84,06,bc,7c,27,e1,18,8f,9f,e3
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b4,e0,
    af,14,5e,32,01,a7,2a,04,f3,02,c4,46,e4
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,db,
    c0,70,f4,30,0b,a1,7c,da,65,c3,8f,cc,b2
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (Administrator)
    "Timestamp"=hex:40,b8,97,2a,ba,3a,cc,01
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,a8,65,b1,d4,4a,5f,4b,90,a0,b6,\
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,a8,65,b1,d4,4a,5f,4b,90,a0,b6,\
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\WinRAR.exe"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AVI"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bin\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="bin_auto_file"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.CDA"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cue\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\DTPro.exe"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dat\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\ehshell.exe"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="divx_div_file"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="divx_divx_file"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="OpenOffice.org.Doc"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="OpenOffice.org.Docx"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\ImgBurn.exe"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="PhotoViewer.FileAssoc.Jpeg"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.m3u"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M4A"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\DTPro.exe"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="divx_mkv_file"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MOV"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="divx_tix_file"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.URL"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VOB\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="divx_vob_file"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAV"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAX"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMA"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMD"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMS"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMV"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMZ"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WPL"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WVX"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:f0,fd,4a,49,9d,ef,d3,fc,ca,47,ba,ff,42,37,88,56,43,ef,fb,d9,e1,54,36,
    c4,45,58,e4,f8,2f,2a,04,77,61,6f,5e,0d,70,59,14,75,23,bb,73,29,14,41,8d,e2,\
    "??"=hex:15,e1,45,ef,de,fa,dc,c8,bb,6d,a3,4c,de,34,01,5c
    .
    [HKEY_USERS\S-1-5-21-2122345134-2917493354-2950889500-500\Software\SecuROM\License information*]
    "datasecu"=hex:20,d3,d0,16,ff,6a,43,69,24,a7,96,54,3c,56,48,81,a0,0e,5f,1e,63,
    b4,39,c9,27,40,b4,09,a5,29,0e,d7,ef,e5,37,dc,22,ab,11,e4,48,64,01,6c,e8,27,\
    "rkeysecu"=hex:08,f5,74,95,0a,0e,05,89,78,25,db,f7,9b,af,a5,a3
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-07-24 22:51:59
    ComboFix-quarantined-files.txt 2011-07-25 02:51
    ComboFix2.txt 2011-07-09 04:58
    .
    Pre-Run: 19,974,815,744 bytes free
    Post-Run: 21,125,169,152 bytes free
    .
    - - End Of File - - FC72698B179E435CD60A983E232EBB57
     
  9. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I still need aswMBR log.
     
  10. smaak

    smaak TS Rookie Topic Starter Posts: 16

    aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
    Run date: 2011-07-24 22:28:30
    -----------------------------
    22:28:30.286 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:28:30.287 Number of processors: 4 586 0xF0B
    22:28:30.288 ComputerName: SMAAK UserName:
    22:28:31.648 Initialize success
    22:29:02.523 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000083
    22:29:02.525 Disk 0 Vendor: Hitachi_ GM3O Size: 305245MB BusType: 3
    22:29:02.534 Disk 0 MBR read successfully
    22:29:02.536 Disk 0 MBR scan
    22:29:02.538 Disk 0 Windows 7 default MBR code
    22:29:02.540 Service scanning
    22:29:05.508 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    22:29:05.613 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
    22:29:05.881 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
    22:29:05.885 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
    22:29:06.407 Modules scanning
    22:29:06.410 Disk 0 trace - called modules:
    22:29:06.442 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80031f92c0]<<
    22:29:06.445 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003834060]
    22:29:06.450 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8003351390]
    22:29:06.454 5 ACPI.sys[fffff8800119a7a1] -> nt!IofCallDriver -> \Device\00000083[0xfffffa8003351790]
    22:29:06.459 \Driver\nvstor[0xfffffa8002457820] -> IRP_MJ_CREATE -> 0xfffffa80031f92c0
    22:29:06.464 Scan finished successfully
    22:29:53.588 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
    22:29:53.597 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. smaak

    smaak TS Rookie Topic Starter Posts: 16

    The comps AV is still giving me the warning messages from trojan.gen.2 but not as often as before. Here are the logs you requested.

    OTL logfile created on: 7/25/2011 11:25:45 PM - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Administrator\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 54.20% Memory free
    6.90 Gb Paging File | 5.34 Gb Available in Paging File | 77.39% Paging File free
    Paging file location(s): c:\pagefile.sys 4000 5500 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 298.09 Gb Total Space | 19.48 Gb Free Space | 6.53% Space Free | Partition Type: NTFS
    Drive D: | 2.44 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: SMAAK | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/07/25 23:24:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/06/01 20:42:32 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.57\GoogleCrashHandler.exe
    PRC - [2011/05/30 04:38:19 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
    PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    PRC - [2010/05/10 13:06:00 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2010/04/23 00:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2010/04/23 00:42:44 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    PRC - [2010/01/25 15:35:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    PRC - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2009/10/07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    PRC - [2009/10/06 17:33:02 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\DNA\btdna.exe
    PRC - [2009/04/21 02:11:10 | 000,851,968 | ---- | M] () -- C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe
    PRC - [2009/01/29 00:11:22 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2008/11/18 14:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    PRC - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
    PRC - [2004/12/02 19:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe
    PRC - [1999/12/13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTSVCCDA.EXE


    ========== Modules (SafeList) ==========

    MOD - [2011/07/25 23:24:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/09/24 13:17:16 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV:64bit: - [2010/09/24 13:17:16 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
    SRV:64bit: - [2010/09/24 13:17:10 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV:64bit: - [2010/07/15 15:37:36 | 000,915,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2007/04/15 18:54:26 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcdcoms.exe -- (lxcd_device)
    SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/03/01 16:24:11 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
    SRV - [2010/05/10 13:06:00 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2010/04/23 00:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2010/04/16 21:06:36 | 003,218,880 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2010/04/01 20:47:34 | 000,419,656 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/11/04 00:18:26 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2009/11/03 23:15:50 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/04/21 02:11:10 | 000,851,968 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
    SRV - [2009/01/29 00:11:22 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2008/11/18 14:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
    SRV - [2008/04/11 09:50:12 | 000,218,624 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
    SRV - [2008/03/13 11:24:14 | 000,163,328 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
    SRV - [2007/04/15 18:54:04 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxcdcoms.exe -- (lxcd_device)
    SRV - [1999/12/13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Windows\SysWOW64\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2011/04/12 13:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/10/01 00:03:44 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2010/10/01 00:03:44 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2010/10/01 00:03:44 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2010/10/01 00:03:43 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2010/09/28 17:12:16 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2010/09/10 22:38:10 | 000,225,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
    DRV:64bit: - [2010/04/16 21:06:36 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
    DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
    DRV:64bit: - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
    DRV:64bit: - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2010/01/18 02:43:32 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2009/12/28 12:42:26 | 000,064,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
    DRV:64bit: - [2009/12/17 18:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2009/10/16 07:44:56 | 001,309,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
    DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
    DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
    DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/05 02:05:55 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
    DRV:64bit: - [2009/06/05 02:05:54 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/30 19:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2009/04/30 18:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
    DRV:64bit: - [2009/04/30 18:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
    DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV:64bit: - [2008/08/21 23:50:32 | 000,019,456 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
    DRV:64bit: - [2008/08/21 23:50:02 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
    DRV:64bit: - [2008/07/26 11:26:32 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
    DRV:64bit: - [2008/04/01 14:33:16 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
    DRV:64bit: - [2007/08/20 12:05:02 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
    DRV:64bit: - [2007/06/20 19:57:40 | 000,029,184 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motport.sys -- (motport)
    DRV:64bit: - [2007/06/20 19:57:36 | 000,029,184 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
    DRV:64bit: - [2007/02/15 20:56:51 | 000,014,032 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyDelay.sys -- (ElbyDelay)
    DRV:64bit: - [2006/10/31 11:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2005/07/07 04:19:08 | 001,579,008 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\P1764.sys -- (P1764)
    DRV:64bit: - [2005/02/27 23:12:50 | 000,205,824 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
    DRV:64bit: - [2005/02/27 23:12:46 | 000,284,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2011/05/17 04:00:00 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110725.002\EX64.SYS -- (NAVEX15)
    DRV - [2011/05/17 04:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110725.002\ENG64.SYS -- (NAVENG)
    DRV - [2011/05/09 04:00:00 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2011/05/09 04:00:00 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
    DRV - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
    DRV - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
    DRV - [2008/04/11 09:53:02 | 000,040,480 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclk64.sys -- (NVR0Dev)
    DRV - [2008/03/13 11:20:46 | 000,040,480 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflsh64.sys -- (NVR0FLASHDev)
    DRV - [2007/02/15 20:56:51 | 000,014,032 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyDelay.sys -- (ElbyDelay)
    DRV - [2007/02/07 14:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
    DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
    DRV - [2004/09/23 03:03:00 | 000,026,720 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV - [2004/06/22 18:44:50 | 000,005,632 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)
     
  13. smaak

    smaak TS Rookie Topic Starter Posts: 16

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - File not found

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://oovoostart.com/?src=startpag...3328&browser=IE&os=win&os_version=6.1-x64-SP1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 74 F3 67 0E 1C CC 01 [binary data]
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Administrator\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.1908.5032\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Administrator\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\Real\RealPlayer\browserrecord [2009/11/08 20:41:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/01/29 20:41:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\RelevantKnowledge
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/24 10:31:36 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Administrator\AppData\Roaming\Move Networks [2010/05/04 23:35:52 | 000,000,000 | ---D | M]

    [2011/02/28 18:31:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
    [2009/02/19 07:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2011/02/28 18:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\mozilla firefox\components\coFFPlgn.dll
    [2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll

    O1 HOSTS File: ([2011/07/24 22:48:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - File not found
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - File not found
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - File not found
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] File not found
    O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
    O4 - HKLM..\Run: [MSServer] File not found
    O4 - HKLM..\Run: [P17Helper] C:\Windows\SysWow64\P17.dll ()
    O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
    O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
    O4 - HKCU..\Run: [Creative Detector] C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
    O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
    O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - File not found
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - File not found
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: mythos.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} http://www.streamplug.com/StreamPlug/beta/SP.cab (Reg Error: Value error.)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object)
    O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2perform.com/cabs/QOLCheck.ocx (QOLCheck Control)
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab (MSN Photo Upload Tool)
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Value error.)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
    O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll (PCPitstop AntiVirus)
    O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab (Battlefield Heroes Updater)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll (diskhealth Class)
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://zone.msn.com/binGame/ZAxRcMgr.cab (ZoneAxRcMgr Class)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39915.6867939815 (Update Class)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/gom/receiver/tc/FMSI.cab (Futuremark SystemInfo)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} http://www.shockwave.com/content/astroavenger2/sis/AstroAvenger2Loader.cab (AstroAvengerLoader Control)
    O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://aimprods01.webex.com/client/v_mywebex-mwmtricon/mywebex/ieatgpc.cab (GpcContainer Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab (SysInfo Class)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab (Creative Software AutoUpdate Support Package)
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O24 - Desktop WallPaper:
    O24 - Desktop BackupWallPaper:
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.DVSD - File not found
    Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
    Drivers32:64bit: VIDC.XVID - File not found
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: vidc.dvsd - C:\Windows\SysWow64\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.)
    Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
    Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
    Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/07/25 23:24:43 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    [2011/07/25 18:26:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{0DF1CC4B-646B-4B1F-8E8F-C0186CE3BD55}
    [2011/07/25 10:58:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/07/24 22:34:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/07/24 22:34:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/07/24 22:34:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/07/24 22:34:46 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/07/24 22:30:31 | 004,151,029 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
    [2011/07/24 22:27:27 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
    [2011/07/24 12:01:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{07DEA662-B03E-4D5E-990A-4689B0BA9AE6}
    [2011/07/23 19:37:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{CB11CC99-B86D-4377-87FB-3F68F59B52E3}
    [2011/07/23 00:19:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{6D07627F-F8B4-4BB6-8C78-A21A4A51D94B}
    [2011/07/22 12:19:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{04A30933-4EC5-4D16-AFFD-A8B1DB1B68D8}
    [2011/07/22 10:06:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{4C290693-D75D-4528-845E-C37FF784733C}
    [2011/07/21 06:21:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{31807079-4354-4BE6-80C1-94D6B4F9022A}
    [2011/07/20 23:45:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C017A9B9-1870-4AF2-992D-B170F4A5C01F}
    [2011/07/20 06:36:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9D1137FC-746B-40E2-BB76-648A1F0B8D29}
    [2011/07/19 07:07:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2015F35C-A72A-45E1-90D9-58282F0EBFFE}
    [2011/07/18 19:37:11 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
    [2011/07/18 19:30:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
    [2011/07/18 16:31:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{AF49E768-860C-462D-8B0B-4AB237025B1F}
    [2011/07/18 16:22:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My ooVoo
    [2011/07/18 00:24:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{13AD4EFA-57ED-4070-B913-A0C94BC314C2}
    [2011/07/17 20:29:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1E9A044B-3646-4A32-BCF8-CDFE2C6A8D00}
    [2011/07/17 20:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/07/17 20:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/07/17 20:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/07/17 20:16:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2011/07/17 20:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2011/07/17 20:13:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2011/07/17 20:11:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2011/07/17 20:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/07/17 20:10:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2011/07/17 20:01:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\FrostWire
    [2011/07/17 19:56:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.frostwire5
    [2011/07/17 19:56:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
    [2011/07/17 19:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FrostWire 5
    [2011/07/17 13:19:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{81FB9AED-887F-4739-9A2B-5742EBBAE713}
    [2011/07/17 13:19:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{315D1DF7-81EC-46D0-B7EA-57A8717ABFAF}
    [2011/07/13 23:18:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ooVoo Details
    [2011/07/13 23:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
    [2011/07/13 23:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ooVoo
    [2011/07/13 23:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo Layers
    [2011/07/13 15:38:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\musica de robert
    [2011/07/11 20:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2011/07/09 00:37:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/07/08 23:49:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
    [2011/07/08 23:49:10 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/07/08 23:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/07/08 23:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/07/08 23:49:07 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/07/08 23:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/07/08 23:23:33 | 000,000,000 | ---D | C] -- C:\b3572d5021079186785dad5b
    [2011/07/08 23:23:33 | 000,000,000 | ---D | C] -- C:\60283787247103eb2b
    [2011/07/08 22:59:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\PC Tools
    [2011/07/08 22:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2011/07/08 22:57:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Downloads
    [2011/07/08 22:57:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\GetRightToGo
    [2011/07/04 22:06:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\NPE
    [2009/01/07 21:03:48 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfserv.dll
    [2009/01/07 21:03:48 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfusb1.dll
    [2009/01/07 21:03:48 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfhbn3.dll
    [2009/01/07 21:03:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcomc.dll
    [2009/01/07 21:03:48 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfpmui.dll
    [2009/01/07 21:03:48 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbflmpm.dll
    [2009/01/07 21:03:48 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcoms.exe
    [2009/01/07 21:03:48 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcomm.dll
    [2009/01/07 21:03:48 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfinpa.dll
    [2009/01/07 21:03:48 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfiesc.dll
    [2009/01/07 21:03:48 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfih.exe
    [2009/01/07 21:03:48 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcfg.exe
    [2009/01/07 21:03:48 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfppls.exe
    [2009/01/07 21:03:48 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfprox.dll
    [2009/01/07 21:03:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfpplc.dll
    [2008/05/01 10:05:00 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcdinpa.dll
    [2008/05/01 10:05:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcdiesc.dll
    [2008/05/01 10:04:59 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcdserv.dll
    [2008/05/01 10:04:59 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcdusb1.dll
    [2008/05/01 10:04:59 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcdhbn3.dll
    [2008/05/01 10:04:59 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcdcomc.dll
    [2008/05/01 10:04:59 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcdpmui.dll
    [2008/05/01 10:04:59 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcdlmpm.dll
    [2008/05/01 10:04:59 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcdcoms.exe
    [2008/05/01 10:04:59 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcdcomm.dll
    [2008/05/01 10:04:59 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcdih.exe
    [2008/05/01 10:04:59 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcdcfg.exe
    [2008/05/01 10:04:59 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcdppls.exe
    [2008/05/01 10:04:59 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcdprox.dll
    [2008/05/01 10:04:59 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcdpplc.dll
    [2002/04/10 21:41:06 | 000,065,536 | ---- | C] ( ) -- C:\Windows\SysWow64\A3d.dll
    [10 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/07/25 23:27:57 | 000,017,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/07/25 23:27:57 | 000,017,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/07/25 23:24:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    [2011/07/25 23:22:47 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2011/07/25 23:18:57 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/07/25 23:17:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/07/25 23:17:02 | 2414,780,416 | -HS- | M] () -- C:\hiberfil.sys
    [2011/07/25 19:47:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/07/25 19:43:10 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2122345134-2917493354-2950889500-500UA.job
    [2011/07/25 14:52:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Administrator.job
    [2011/07/24 22:48:22 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/07/24 22:30:30 | 004,151,029 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
    [2011/07/24 22:29:53 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
    [2011/07/24 22:28:22 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
    [2011/07/24 14:12:18 | 000,001,349 | ---- | M] () -- C:\Users\Administrator\Desktop\wow.lnk
    [2011/07/24 04:43:02 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2122345134-2917493354-2950889500-500Core.job
    [2011/07/19 07:04:16 | 000,470,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/07/18 19:37:13 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
    [2011/07/18 18:28:01 | 000,743,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/07/18 18:28:01 | 000,635,612 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/07/18 18:28:01 | 000,111,186 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/07/17 20:16:57 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/07/17 20:13:36 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2011/07/17 20:11:33 | 001,759,224 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2011/07/17 19:56:37 | 000,001,257 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.0.8.lnk
    [2011/07/17 19:56:37 | 000,001,233 | ---- | M] () -- C:\Users\Administrator\Desktop\FrostWire 5.0.8.lnk
    [2011/07/16 23:36:14 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/07/13 23:17:41 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
    [2011/07/08 23:20:28 | 000,512,992 | ---- | M] () -- C:\Users\Administrator\Desktop\sdsetup_revwire207.exe
    [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/07/01 09:19:54 | 000,020,480 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/06/29 06:35:29 | 000,001,437 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/06/28 09:59:00 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2011/06/28 09:58:58 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2011/06/28 00:12:59 | 005,760,054 | ---- | M] () -- C:\Users\Administrator\Desktop\MaltaRob.bmp
    [2011/06/28 00:12:31 | 000,001,116 | ---- | M] () -- C:\Users\Administrator\Desktop\MaltaRob.mht
    [2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
    [10 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    ========== Files Created - No Company Name ==========

    [2011/07/25 18:17:23 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    [2011/07/24 22:34:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/07/24 22:34:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/07/24 22:34:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/07/24 22:34:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/07/24 22:34:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/07/24 22:29:53 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
    [2011/07/24 14:12:18 | 000,001,349 | ---- | C] () -- C:\Users\Administrator\Desktop\wow.lnk
    [2011/07/18 19:37:13 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
    [2011/07/17 20:16:57 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/07/17 20:13:36 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2011/07/17 19:56:37 | 000,001,257 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.0.8.lnk
    [2011/07/17 19:56:37 | 000,001,233 | ---- | C] () -- C:\Users\Administrator\Desktop\FrostWire 5.0.8.lnk
    [2011/07/16 17:34:42 | 001,759,224 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2011/07/13 23:17:41 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
    [2011/07/08 23:49:10 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/07/08 23:20:35 | 000,512,992 | ---- | C] () -- C:\Users\Administrator\Desktop\sdsetup_revwire207.exe
    [2011/07/08 22:59:28 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
    [2011/07/05 16:26:50 | 000,000,312 | ---- | C] () -- C:\Users\Administrator\Desktop\Curse Client.appref-ms
    [2011/06/28 09:58:59 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2011/06/28 09:58:58 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2011/06/28 00:12:59 | 005,760,054 | ---- | C] () -- C:\Users\Administrator\Desktop\MaltaRob.bmp
    [2011/06/28 00:12:30 | 000,001,116 | ---- | C] () -- C:\Users\Administrator\Desktop\MaltaRob.mht
    [2011/06/27 21:50:01 | 000,000,094 | ---- | C] () -- C:\Windows\awshkwv.ini
    [2011/06/14 14:03:18 | 000,020,480 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/26 22:09:29 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
    [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2010/05/10 13:06:06 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2010/05/10 13:06:00 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
    [2010/05/10 13:06:00 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2009/12/28 10:31:51 | 000,747,130 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2009/11/26 23:30:46 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2009/11/03 23:13:13 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2009/11/03 23:13:13 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/27 02:08:57 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
    [2009/06/11 16:37:17 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2009/04/30 13:13:29 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2009/04/08 12:52:45 | 000,000,480 | ---- | C] () -- C:\Windows\lexstat.ini
    [2009/01/07 21:03:48 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbfutil.dll
    [2009/01/07 21:03:48 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBFinst.dll
    [2008/11/13 07:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
    [2008/10/21 01:09:45 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
    [2008/09/13 19:06:30 | 003,049,984 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
    [2008/09/13 19:06:30 | 000,404,480 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
    [2008/09/13 19:06:30 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
    [2008/09/13 19:06:30 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
    [2008/09/12 20:25:20 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
    [2008/06/29 18:24:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2008/05/01 10:05:00 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcdcomx.dll
    [2008/05/01 10:05:00 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcdinst.dll
    [2008/04/01 12:26:13 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
    [2007/12/04 06:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
    [2007/07/25 15:24:30 | 001,559,040 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2007/06/07 06:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
    [2006/06/05 15:07:32 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\dzwrapper.dll
    [2006/06/05 15:06:34 | 005,935,104 | ---- | C] () -- C:\Windows\SysWow64\dzcore.dll
    [2006/05/11 14:39:02 | 001,445,888 | ---- | C] () -- C:\Windows\SysWow64\daz-qsa.dll
    [2006/04/28 14:37:12 | 005,910,528 | ---- | C] () -- C:\Windows\SysWow64\daz-qt-mt.dll
    [2006/02/26 16:08:28 | 000,585,728 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2005/05/03 07:38:42 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\P17.dll
    [2003/10/02 06:48:18 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\P17CPI.dll
    [2000/03/29 02:17:42 | 000,005,824 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

    ========== LOP Check ==========

    [2009/11/11 22:54:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.purple
    [2009/11/08 21:00:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\acccore
    [2011/02/05 10:19:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Aquarius Soft
    [2010/05/07 02:54:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Bioshock2
    [2010/01/21 00:12:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
    [2009/11/08 21:00:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Pro
    [2011/03/29 15:50:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DarksporeData
    [2011/07/25 23:29:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DNA
    [2010/12/10 18:10:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GameRanger
    [2011/07/08 22:59:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GetRightToGo
    [2009/11/08 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
    [2009/11/08 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ImgBurn
    [2009/11/08 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IObit
    [2009/11/08 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
    [2009/12/01 21:10:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MotioninJoy
    [2011/07/13 23:18:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ooVoo Details
    [2009/11/08 21:00:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
    [2009/11/08 21:00:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PlayFirst
    [2010/12/10 18:16:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\RayV
    [2010/09/08 12:26:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Research In Motion
    [2011/02/04 21:33:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Rift
    [2010/12/10 18:15:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\runic games
    [2009/11/08 21:00:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sahmon Games
    [2011/05/03 17:29:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
    [2009/11/08 21:01:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\The Path
    [2010/04/23 11:55:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tific
    [2010/12/02 02:50:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TP
    [2010/12/03 17:37:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Trion Worlds
    [2009/11/08 21:01:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
    [2011/05/06 13:19:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
    [2009/07/14 01:08:49 | 000,013,240 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(35).TXT
    [2009/07/14 01:08:49 | 000,009,706 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(488).TXT
    [2011/06/15 10:51:46 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
     
  14. smaak

    smaak TS Rookie Topic Starter Posts: 16

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/04/01 20:12:53 | 000,001,936 | ---- | M] () -- C:\4-1-2010_20-7.ygoa
    [2010/04/01 21:35:00 | 000,001,788 | ---- | M] () -- C:\4-1-2010_21-18.ygoa
    [2010/04/01 21:44:08 | 000,001,942 | ---- | M] () -- C:\4-1-2010_21-41.ygoa
    [2010/04/01 21:55:10 | 000,003,057 | ---- | M] () -- C:\4-1-2010_21-44.ygoa
    [2010/04/01 22:04:03 | 000,004,023 | ---- | M] () -- C:\4-1-2010_21-56.ygoa
    [2010/04/01 22:06:57 | 000,002,989 | ---- | M] () -- C:\4-1-2010_22-4.ygoa
    [2010/04/01 22:07:33 | 000,003,271 | ---- | M] () -- C:\4-1-2010_22-7.ygoa
    [2010/04/01 21:56:00 | 000,003,665 | ---- | M] () -- C:\4-1_21_55_eyelsmaaku.ygoa
    [2010/04/01 22:04:03 | 000,004,539 | ---- | M] () -- C:\4-1_22_4_eyelsmaaku.ygoa
    [2010/11/20 08:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2009/11/08 23:26:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/07/24 22:52:00 | 000,041,760 | ---- | M] () -- C:\ComboFix.txt
    [2008/12/09 14:19:42 | 000,042,632 | ---- | M] () -- C:\Cucu_Video_log.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2009/11/12 03:15:35 | 000,203,836 | RHS- | M] () -- C:\grldr
    [2011/07/25 23:17:02 | 2414,780,416 | -HS- | M] () -- C:\hiberfil.sys
    [2009/03/19 16:06:20 | 405,012,479 | ---- | M] () -- C:\Image.iso
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2009/06/19 11:59:34 | 000,001,534 | -H-- | M] () -- C:\IPH.PH
    [2011/01/04 17:17:59 | 000,001,906 | ---- | M] () -- C:\lxbf.log
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2011/07/25 23:17:39 | 4194,304,000 | -HS- | M] () -- C:\pagefile.sys
    [2008/08/08 08:34:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2008/08/08 08:54:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2008/08/08 19:00:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
    [2008/09/23 00:51:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
    [2008/10/07 19:34:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
    [2008/06/08 12:13:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
    [2008/06/22 22:40:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
    [2008/06/23 18:25:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
    [2008/06/23 19:48:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
    [2008/06/24 18:26:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
    [2008/06/24 18:30:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
    [2008/06/24 18:31:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
    [2008/06/24 18:31:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
    [2008/07/08 23:14:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
    [2008/07/08 23:56:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
    [2008/07/09 18:03:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
    [2008/07/09 18:12:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
    [2008/07/09 18:37:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
    [2008/07/09 19:30:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
    [2008/07/10 18:47:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
    [2008/08/08 08:34:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2008/08/08 08:54:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2008/08/08 19:00:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2008/09/23 00:51:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2008/10/07 19:34:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2008/06/08 12:13:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2008/06/22 22:40:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2008/06/23 18:25:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2008/06/23 19:48:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2008/06/24 18:26:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2008/06/24 18:30:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2008/06/24 18:31:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2008/06/24 18:31:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2008/07/08 23:14:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2008/07/08 23:56:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2008/07/09 18:03:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2008/07/09 18:12:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2008/07/09 18:37:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2008/07/09 19:30:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2008/07/10 18:47:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2011/05/05 06:57:19 | 000,000,000 | ---- | M] () -- C:\t160.2
    [2011/05/17 21:31:33 | 000,000,000 | ---- | M] () -- C:\t16o.1
    [2011/05/17 21:31:33 | 000,000,000 | ---- | M] () -- C:\t16o.2
    [2011/03/17 22:02:59 | 000,000,000 | ---- | M] () -- C:\t18o.2
    [2011/07/09 01:01:40 | 000,078,844 | ---- | M] () -- C:\TDSSKiller.2.5.9.0_09.07.2011_01.00.33_log.txt
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI
    [2009/11/12 03:15:36 | 000,000,000 | RHS- | M] () -- C:\winx.ld

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [10 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/04/07 13:37:51 | 000,000,574 | -HS- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
    [2011/06/29 06:35:29 | 000,000,221 | -HS- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/07/24 22:28:22 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
    [2011/07/24 22:30:30 | 004,151,029 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
    [2010/11/29 14:52:42 | 000,052,736 | ---- | M] (FoxTab) -- C:\Users\Administrator\Desktop\FTPDFConverter.exe
    [2011/02/18 18:22:36 | 000,199,168 | ---- | M] () -- C:\Users\Administrator\Desktop\ftpdf_inst.exe
    [2010/10/19 19:44:16 | 140,467,400 | ---- | M] () -- C:\Users\Administrator\Desktop\OOo_3.2.1_Win_x86_install_en-US.exe
    [2011/04/13 00:51:07 | 158,067,944 | ---- | M] () -- C:\Users\Administrator\Desktop\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
    [2011/07/25 23:24:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    [2011/07/08 23:20:28 | 000,512,992 | ---- | M] () -- C:\Users\Administrator\Desktop\sdsetup_revwire207.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/04/03 17:50:38 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/04/03 17:50:38 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011/02/04 21:54:05 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/02/04 21:54:05 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/04/03 17:50:38 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/04/03 17:52:37 | 000,000,402 | -HS- | M] () -- C:\Users\Administrator\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 76 bytes -> C:\Users\Administrator\Documents\smaak.TXT:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Administrator\Documents\Office2007TrialActivationKey.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Administrator\Documents\GFWLIVESetupLogVerbose.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Administrator\Documents\GFWLIVESetupLog.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Administrator\Documents\Copy of Copy of Expenses 2008.xls:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Administrator\Documents\aionmemo_e66a88cc.dat:Roxio EMC Stream
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    < End of report >
     
  15. smaak

    smaak TS Rookie Topic Starter Posts: 16

    OTL Extras logfile created on: 7/25/2011 11:25:45 PM - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Administrator\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 54.20% Memory free
    6.90 Gb Paging File | 5.34 Gb Available in Paging File | 77.39% Paging File free
    Paging file location(s): c:\pagefile.sys 4000 5500 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 298.09 Gb Total Space | 19.48 Gb Free Space | 6.53% Space Free | Partition Type: NTFS
    Drive D: | 2.44 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: SMAAK | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [TVersity] -- "C:\Program Files (x86)\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [TVersity] -- "C:\Program Files (x86)\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Users\Administrator\AppData\Roaming\svchost.exe" = C:\Users\Administrator\AppData\Roaming\svchost.exe:*:Enabled:Windows Messanger
    "C:\Users\Administrator\AppData\Roaming\svchost.exe" = C:\Users\Administrator\AppData\Roaming\svchost.exe:*:Enabled:Windows Messanger


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
    "{08D401E5-E23D-4372-8F9E-764963B19483}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
    "{0A2163CB-4F47-44AA-A219-36133260CF17}" = Symantec Endpoint Protection
    "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
    "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
    "{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}" = Microsoft IntelliType Pro 8.1
    "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
    "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
    "{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
    "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
    "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
    "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
    "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    "6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
    "6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
    "781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
    "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    "DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
    "Lexmark 6300 Series" = Lexmark 6300 Series
    "Lexmark X6100 Series" = Lexmark X6100 Series
    "lvdrivers_12.10" = Logitech Webcam Software Driver Package
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
    "Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
    "Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Office14.SingleImage" = Microsoft Office Professional 2010
    "Zune" = Zune

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{070B87FB-CD1A-45AA-9E5E-484E5964C6ED}" = Microsoft XNA Game Studio 2.0 (ARP entry)
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
    "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
    "{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 25
    "{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    "{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
    "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
    "{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
    "{31EA6FCB-6C53-4BA7-BE88-9BA788899C2C}" = Microsoft XNA Game Studio 2.0 (Redists)
    "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
    "{3432C2AA-BB3E-44B3-B5ED-EF36E0241100}" = Microsoft XNA Game Studio 2.0 (spacewar)
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3B5A6E00-2B27-4E1A-8A33-E3A40DEFD4DC}" = Microsoft XNA Game Studio 2.0 Documentation
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
    "{573D8008-5F38-4F5F-820B-1D3151332282}" = BlackBerry Device Software v4.3.0 para el smartphone BlackBerry 8130
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5D834606-A4CB-4B38-A289-1B3443FF8B8B}" = Rift BETA Patcher
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{669A032D-4E28-3D11-BB26-8AD5D51EFE87}" = Google Talk Plugin
    "{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6A750221-B84D-419D-B11C-5F597FDBA826}" = Movavi Video Converter 6
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
    "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{772753FC-98FF-4BB3-A93F-C006663633AD}" = StillLife
    "{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
    "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
    "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
    "{7B63B2922B174135AFC0E1377DD81EC2}" =
    "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
    "{7E7D7935-B0C8-4032-80BA-2CDC9E43C3B8}" = Microsoft Visual C# 2005 Express Edition - ENU
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11144067}" = Bricks of Egypt 2
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113721697}" = Diner Dash Hometown Hero
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
    "{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
    "{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
    "{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_WebDesigner_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B96628C-8898-4FED-9612-25631C27AB13}" = Microsoft XNA Game Studio 2.0 (xnaliveproxy)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AD3891EA-5731-4AEA-8B9D-D9AE5F92542A}" = HP Print Diagnostic Utility
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
    "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
    "{B508310E-0690-4DC9-BB05-F01F5AB71B10}" = Fritz11
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
    "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{C18DA187-6C0D-4B8E-99AE-74D5C588AFB6}" = Microsoft XNA Game Studio 2.0 (shared components)
    "{C357E2C9-091F-4B12-BB1C-2E7B19112BC4}" = Microsoft XNA Game Studio 2.0
    "{C3DE07CB-036F-45BC-85BD-D6FFC5D33603}" = TurboTax 2008 wnyiper
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DDD9B4E6-EEB7-4030-B141-F0E0C5429851}" = YVD
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    "{E51FFEFB-68E2-4516-B293-35DC83B9767E}" = LeapFrog Tag Plugin
    "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
    "{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Advanced SystemCare 3_is1" = Advanced SystemCare 3
    "AIM Toolbar" = AIM Toolbar
    "AIMTunes" = AIMTunes
    "ALchemy" = Creative ALchemy
    "Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
    "AudioCS" = Creative Audio Control Panel
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
    "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
    "Bryce" = Bryce 6
    "CCleaner" = CCleaner
    "CloneDVD2" = CloneDVD2
    "Coupon Printer for Windows4.0" = Coupon Printer for Windows
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
    "Cucusoft Ultimate Video Converter_is1" = Cucusoft Ultimate Video Converter 7.08
    "Cucusoft Zune Video Converter_is1" = Cucusoft Zune Video Converter 7.08
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DivX Setup.divx.com" = DivX Setup
    "Download Manager" = Download Manager 2.3.7
    "Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
    "Driver Sweeper_is1" = Driver Sweeper 1.0
    "ESET Online Scanner" = ESET Online Scanner v3
    "ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
    "FoxTab PDF Converter" = FoxTab PDF Converter
    "FrostWire 5" = FrostWire 5.0.8
    "GNU Aspell_is1" = GNU Aspell 0.50-3
    "Google Updater" = Google Updater
    "GTK 2.0" = GTK+ Runtime 2.14.6 rev a (remove only)
    "Guild Wars" = Guild Wars
    "ImgBurn" = ImgBurn
    "InstallShield_{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
    "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "JPG to PDF Converter" = JPG to PDF Converter 1.0
    "Lexmark X6100 Series" = Lexmark X6100 Series
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "Logitech Vid" = Logitech Vid HD
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Microsoft Visual C# 2005 Express Edition - ENU" = Microsoft Visual C# 2005 Express Edition - ENU
    "Microsoft XNA Game Studio 2.0" = Microsoft XNA Game Studio 2.0
    "NSS" = Norton Security Scan
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "PC Pitstop Exterminate2_is1" = PC Pitstop Exterminate2 2.0
    "Pidgin" = Pidgin
    "Postal 2_is1" = Portal 2
    "PowerISO" = PowerISO
    "PS3 Video 9" = PS3 Video 9 4.07
    "PunkBusterSvc" = PunkBuster Services
    "RealPlayer 6.0" = RealPlayer
    "Search Toolbar" = Search Toolbar
    "Security Task Manager" = Security Task Manager 1.7e
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "SpeedFan" = SpeedFan (remove only)
    "Steam App 102800" = Darkspore Beta
    "Steam App 42910" = Magicka
    "SystemRequirementsLab" = System Requirements Lab
    "TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
    "TurboTax 2008" = TurboTax 2008
    "TurboTax Deluxe 2007" = TurboTax Deluxe 2007
    "TVersity Codec Pack" = TVersity Codec Pack 1.2
    "TVersity Media Server " = TVersity Media Server 1.5 Beta
    "UnityWebPlayer" = Unity Web Player
    "UPCShell" = LeapFrog Connect
    "uTorrent" = µTorrent
    "Videora iPod classic Converter" = Videora iPod classic Converter 4.00
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "VirtualCloneDrive" = VirtualCloneDrive
    "WaveStudio 7" = Creative WaveStudio 7
    "WebDesigner" = Microsoft Expression Web
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "World of Warcraft" = World of Warcraft
    "Yahoo! Companion" = Yahoo! Toolbar
    "YouTube Downloader App" = YouTube Downloader App 1.02

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "090215de958f1060" = Curse Client
    "BitTorrent DNA" = DNA
    "Google Chrome" = Google Chrome
    "Move Media Player" = Move Media Player
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
    "uTorrent" = µTorrent

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I need to know exact message, including suspicious file name and location.

    ========================================================================

    You can safely uninstall McAfee Security Scan, typical foistware.

    ======================================================================

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

    ======================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
      O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - File not found
      O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - File not found
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - File not found
      O4 - HKLM..\Run: [Adobe Reader Speed Launcher] File not found
      O4 - HKLM..\Run: [MSServer] File not found
      O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - File not found
      O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - File not found
      O15 - HKCU\..Trusted Domains: mythos.com ([www] https in Trusted sites)
      O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
      O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} http://www.streamplug.com/StreamPlug/beta/SP.cab (Reg Error: Value error.)
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Value error.)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2011/07/08 22:59:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\PC Tools
      [2011/07/08 22:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
      [10 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      @Alternate Data Stream - 76 bytes -> C:\Users\Administrator\Documents\smaak.TXT:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\Administrator\Documents\Office2007TrialActivationKey.txt:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\Administrator\Documents\GFWLIVESetupLogVerbose.txt:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\Administrator\Documents\GFWLIVESetupLog.txt:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\Administrator\Documents\Copy of Copy of Expenses 2008.xls:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\Administrator\Documents\aionmemo_e66a88cc.dat:Roxio EMC Stream
      @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  17. smaak

    smaak TS Rookie Topic Starter Posts: 16

    I removed Viewpoint and McAfee, downloaded the programs and ran the required tests. Here are the results


    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0cda128-b425-4eef-a174-61a11ac5dbf8}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{61539ecd-cc67-4437-a03c-9aaccbd14326} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61539ecd-cc67-4437-a03c-9aaccbd14326}\ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61539ECD-CC67-4437-A03C-9AACCBD14326}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSServer deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0b83c99c-1efa-4259-858f-bcb33e007a5b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b83c99c-1efa-4259-858f-bcb33e007a5b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mythos.com\www\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ deleted successfully.
    Starting removal of ActiveX control {2019DC25-D1C0-11D6-97B3-0008A124F542}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2019DC25-D1C0-11D6-97B3-0008A124F542}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2019DC25-D1C0-11D6-97B3-0008A124F542}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2019DC25-D1C0-11D6-97B3-0008A124F542}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2019DC25-D1C0-11D6-97B3-0008A124F542}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2019DC25-D1C0-11D6-97B3-0008A124F542}\ not found.
    Starting removal of ActiveX control {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\Windows\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Users\Administrator\AppData\Roaming\PC Tools\Spyware Doctor folder moved successfully.
    C:\Users\Administrator\AppData\Roaming\PC Tools folder moved successfully.
    C:\ProgramData\PC Tools\ThreatFire folder moved successfully.
    C:\ProgramData\PC Tools\Temp folder moved successfully.
    C:\ProgramData\PC Tools\DownloadManager\Spyware Doctor8.0 folder moved successfully.
    C:\ProgramData\PC Tools\DownloadManager folder moved successfully.
    C:\ProgramData\PC Tools folder moved successfully.
    C:\Windows\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll deleted successfully.
    C:\Windows\1C4551A64743409391E41477CD655043.TMP folder deleted successfully.
    C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP\WiseCustomCalla.dll deleted successfully.
    C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP folder deleted successfully.
    C:\Windows\DUMP2866.tmp deleted successfully.
    C:\Windows\DUMP28e3.tmp deleted successfully.
    C:\Windows\DUMP2cca.tmp deleted successfully.
    C:\Windows\DUMP3052.tmp deleted successfully.
    C:\Windows\msdownld.tmp folder deleted successfully.
    C:\Windows\SBCBCE03E(32).tmp deleted successfully.
    C:\Windows\SBCBCE03E(486).tmp deleted successfully.
    C:\Windows\SBCBCE03E.tmp deleted successfully.
    ADS C:\Users\Administrator\Documents\smaak.TXT:Roxio EMC Stream deleted successfully.
    ADS C:\Users\Administrator\Documents\Office2007TrialActivationKey.txt:Roxio EMC Stream deleted successfully.
    ADS C:\Users\Administrator\Documents\GFWLIVESetupLogVerbose.txt:Roxio EMC Stream deleted successfully.
    ADS C:\Users\Administrator\Documents\GFWLIVESetupLog.txt:Roxio EMC Stream deleted successfully.
    ADS C:\Users\Administrator\Documents\Copy of Copy of Expenses 2008.xls:Roxio EMC Stream deleted successfully.
    ADS C:\Users\Administrator\Documents\aionmemo_e66a88cc.dat:Roxio EMC Stream deleted successfully.
    ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
    ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 6751933 bytes
    ->Temporary Internet Files folder emptied: 3983323 bytes
    ->Java cache emptied: 90948272 bytes
    ->Google Chrome cache emptied: 269284581 bytes
    ->Flash cache emptied: 1307200 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Mcx1
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: rivera
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 405 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 240688 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes
    RecycleBin emptied: 442472 bytes

    Total Files Cleaned = 356.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Mcx1

    User: Public

    User: rivera
    ->Flash cache emptied: 0 bytes

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.26.1 log created on 07262011_193700

    Files\Folders moved on Reboot...
    C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  18. smaak

    smaak TS Rookie Topic Starter Posts: 16

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    ESET Online Scanner v3
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    Malwarebytes' Anti-Malware
    CCleaner
    DH Driver Cleaner Professional Edition
    Java(TM) 6 Update 26
    Java(TM) 6 Update 13
    Java(TM) 6 Update 4
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Flash Player 10.0.32.18
    Adobe Reader X (10.1.0)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Ad-Aware AAWService.exe
    Ad-Aware AAWTray.exe is disabled!
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    ``````````End of Log````````````
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Uninstall:
    Java(TM) 6 Update 13
    Java(TM) 6 Update 4
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
     
  20. smaak

    smaak TS Rookie Topic Starter Posts: 16

    I removed those old versions of Java.My AV had stopped giving me the trojan.gen.2 message but its not giving me message again. Here is what its saying


    Infected file C:\Users\Administrator\AppData\Local\Temp\DWH41FD.tmp

    the name of the temp file is always some variation of whats posted and its always in the same location.

    Eset results:


    C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Unfortunately the above is known Norton bug. Why they didn't fix it yet, don't ask me....

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  22. smaak

    smaak TS Rookie Topic Starter Posts: 16

    Ran OTL and here's the log.



    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 1002624 bytes
    ->Temporary Internet Files folder emptied: 432678 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 420739137 bytes
    ->Flash cache emptied: 15277 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Mcx1
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: rivera
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4463461 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 45698 bytes

    Total Files Cleaned = 407.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Mcx1

    User: Public

    User: rivera
    ->Flash cache emptied: 0 bytes

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.26.1 log created on 07302011_162058

    Files\Folders moved on Reboot...
    C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  23. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Whenever ready....
     
  24. smaak

    smaak TS Rookie Topic Starter Posts: 16

    Computer is doing very good Broni thanks for all of your help and all of the tips you provided.
     
  25. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...