# Computer has been infected! Vista 64 W/logs



## miller330i (Oct 18, 2009)

DDS (Ver_09-10-13.01) - NTFSx86 NETWORK 
Run by Desktop at 11:52:29.18 on Sun 10/18/2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista Ultimate 6.0.6002.2.1252.1.1033.18.4093.2182 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.EXE
C:\Users\Desktop\Desktop\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

Pseudo HJT Report

uStart Page = https://login.yahoo.com/config/login_verify2?&.src=ym
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [AdobeBridge] 
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [<NO NAME>] 
mRun: [SBAMTray] "c:\program files (x86)\sunbelt software\vipre\SBAMTray.exe"
mRun: [SpySweeper] "c:\program files (x86)\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
mRunOnce: [InnoSetupRegFile.0000000001] "c:\windows\is-M883O.exe" /REG
mRunOnce: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files (x86)\icq6.5\ICQ.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
SEH: {F552DDE6-2090-4bf4-B924-6141E87789A5} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\users\desktop\appdata\roaming\mozilla\firefox\profiles\kwgeslrt.default\
FF - prefs.js: browser.search.selectedEngine - Sky Web Search
FF - prefs.js: browser.startup.homepage - 
FF - plugin: c:\program files (x86)\download manager\npfpdlm.dll
FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files (x86)\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\pxhlpa64.sys --> c:\windows\system32\drivers\PxHlpa64.sys [?]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys --> c:\windows\system32\drivers\ssfs0bbc.sys [?]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys --> c:\windows\system32\drivers\sbtis.sys [?]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\starportlite.sys --> c:\windows\system32\drivers\StarPortLite.sys [?]
R2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files (x86)\sunbelt software\vipre\SBAMSvc.exe [2009-9-7 1012040]
R2 WRConsumerService;Webroot Client Service;c:\program files (x86)\webroot\webrootsecurity\WRConsumerService.exe [2009-10-18 1201640]
R3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\drivers\amdlld64.sys --> c:\windows\system32\drivers\AmdLLD64.sys [?]
S1 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools64.sys --> c:\windows\system32\drivers\AmdTools64.sys [?]
S2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2009-4-30 190488]
S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\atihdmi.sys --> c:\windows\system32\drivers\AtiHdmi.sys [?]
S3 atillk64;atillk64;c:\program files (x86)\ati technologies\amd gpu clock tool\atillk64.sys [2007-5-29 14608]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-8-3 89920]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\drivers\lvpr2m64.sys --> c:\windows\system32\drivers\LVPr2M64.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\mpnwmon.sys --> c:\windows\system32\drivers\MpNWMon.sys [?]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2009-8-3 19968]
S3 RivaTuner64;RivaTuner64;c:\program files (x86)\rivatuner v2.24\RivaTuner64.sys [2009-2-25 19952]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe --> c:\windows\system32\atiesrxx.exe [?]
S4 AODService;AODService;c:\program files (x86)\amd\overdrive\AODAssist.exe [2009-5-5 124256]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-8-12 1038088]
S4 gupdate1ca148920d17d96;Google Update Service (gupdate1ca148920d17d96);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-8-3 133104]
S4 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2009-8-12 2560]
S4 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\common files\creative labs shared\service\XMBLicensing.exe [2009-8-2 79360]

2009-10-18 11:00 --d----- c:\users\desktop\appdata\roaming\Malwarebytes
2009-10-18 11:00 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-18 11:00 --d----- c:\programdata\Malwarebytes
2009-10-18 11:00 --d----- c:\program files (x86)\Malwarebytes' Anti-Malware
2009-10-18 11:00 --d----- c:\progra~3\Malwarebytes
2009-10-18 00:27 775,168 a------- c:\windows\is-M883O.exe
2009-10-18 00:27 10,194 a------- c:\windows\is-M883O.msg
2009-10-18 00:27 317 a------- c:\windows\is-M883O.lst
2009-10-18 00:26 --d----- c:\program files (x86)\MSSOAP
2009-10-18 00:26 --d----- c:\program files (x86)\common files\MSSoap
2009-10-18 00:26 1,563,008 a------- c:\windows\WRSetup.dll
2009-10-18 00:26 --d----- c:\users\desktop\appdata\roaming\Webroot
2009-10-18 00:26 --d----- c:\programdata\Webroot
2009-10-18 00:26 --d----- c:\program files (x86)\Webroot
2009-10-18 00:26 --d----- c:\progra~3\Webroot
2009-10-18 00:24 164 a------- c:\windows\install.dat
2009-10-17 23:07 91 a------- c:\users\desktop\appdata\roaming\netstat.bat
2009-10-17 22:46 --d----- c:\users\desktop\appdata\roaming\Sunbelt
2009-10-17 22:46 --d----- c:\programdata\Sunbelt
2009-10-17 22:46 --d----- c:\progra~3\Sunbelt
2009-10-17 22:30 --d----- c:\program files (x86)\Sunbelt Software
2009-10-17 22:21 --d----- C:\sbtemp
2009-10-17 22:10 --d----- c:\program files (x86)\Trend Micro
2009-10-17 10:44 0 a------- c:\windows\win32k.sys
2009-10-17 08:55 a-d----- c:\programdata\TEMP
2009-10-17 08:55 --d----- c:\users\desktop\appdata\roaming\Any DVD Converter Professional
2009-10-17 08:55 --d----- c:\program files (x86)\Any DVD Converter Professional
2009-10-16 08:48 --d----- c:\program files (x86)\ICQ6.5
2009-10-15 14:12 --d----- c:\users\desktop\appdata\roaming\FastStone
2009-10-15 14:12 --d----- c:\program files (x86)\FastStone Photo Resizer
2009-10-15 08:40 --d----- c:\program files (x86)\uTorrent
2009-10-14 12:06 --d----- c:\programdata\ATI
2009-10-13 23:34 --d----- c:\users\desktop\Tracing
2009-10-13 23:32 --d----- c:\program files (x86)\Microsoft
2009-10-13 23:26 --d----- c:\program files (x86)\common files\Windows Live
2009-10-13 23:03 --d----- c:\windows\system32\xlive
2009-10-13 23:03 --d----- c:\program files (x86)\Microsoft Games for Windows - LIVE
2009-10-13 22:58 834,048 a------- c:\windows\system32\wininet.dll
2009-10-13 22:58 78,336 a------- c:\windows\system32\ieencode.dll
2009-10-13 22:58 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2009-10-13 22:58 218,624 a------- c:\windows\system32\msv1_0.dll
2009-10-13 22:57 60,928 a------- c:\windows\system32\msasn1.dll
2009-10-13 16:59 2,146,304 a------- c:\windows\system32\GPhotos.scr
2009-10-13 09:52 --d----- c:\windows\pss
2009-10-13 09:13 --d----- c:\program files (x86)\Microsoft Games
2009-10-13 09:13 --d----- c:\programdata\Microsoft Games
2009-10-13 09:13 --d----- c:\progra~3\Microsoft Games
2009-10-13 09:12 --d----- c:\users\desktop\appdata\roaming\Microsoft Game Studios
2009-10-13 09:07 255,552 a------- c:\windows\system32\drivers\mcdbus.sys
2009-10-13 09:07 --d----- c:\program files (x86)\MagicDisc
2009-10-03 10:29 --d----- c:\programdata\LogiShrd
2009-10-01 23:16 --d----- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2009-10-01 16:26 --d----- c:\program files (x86)\Microsoft Antimalware
2009-09-23 13:46 180,224 a------- c:\windows\system32\cnvshell.dll
2009-09-23 13:46 --d----- c:\program files (x86)\ImageConverter Plus
2009-09-23 12:52 --d----- c:\program files (x86)\iTunes
2009-09-23 12:09 704,282 a------- c:\program files (x86)\unins000.exe
2009-09-23 12:09 18,052 a------- c:\program files (x86)\unins000.dat
2009-09-23 11:09 --d----- c:\program files (x86)\505games
2009-09-22 09:30 --d----- c:\users\desktop\appdata\roaming\Wargaming.Net
2009-09-22 09:29 --d----- c:\windows\system32\AGEIA

2009-10-14 11:59 51,200 a------- c:\windows\inf\infpub.dat
2009-10-14 11:59 143,360 a------- c:\windows\inf\infstrng.dat
2009-10-14 11:59 86,016 a------- c:\windows\inf\infstor.dat
2009-10-12 17:13 189,184 a------- c:\windows\system32\PnkBstrB.exe
2009-09-02 13:40 29,584 a------- c:\windows\system32\drivers\regguard.sys
2009-08-28 19:42 331,776 a------- c:\windows\apppatch\apppatch64\AcLayers.dll
2009-08-28 19:42 284,672 a------- c:\windows\apppatch\apppatch64\AcGenral.dll
2009-08-28 19:42 100,352 a------- c:\windows\apppatch\apppatch64\acspecfc.dll
2009-08-28 19:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 19:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 19:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 19:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 17:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 17:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-22 02:19 278,528 a------- c:\users\desktop\ATIInfo.exe
2009-08-21 12:10 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-14 08:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 06:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 06:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 06:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 06:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 06:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 06:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 06:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 06:48 105,984 a------- c:\windows\system32\netiohlp.dll
2009-08-13 19:13 356,352 a------- c:\windows\system32\atipdlxx.dll
2009-08-13 19:13 274,432 a------- c:\windows\system32\Oemdspif.dll
2009-08-13 19:13 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-08-13 19:10 2,896,896 a------- c:\windows\system32\atidxx32.dll
2009-08-13 18:55 3,578,368 a------- c:\windows\system32\atiumdag.dll
2009-08-13 18:44 12,916,224 a------- c:\windows\system32\atioglxx.dll
2009-08-13 18:37 2,829,824 a------- c:\windows\system32\atiumdva.dll
2009-08-13 18:25 52,224 a------- c:\windows\system32\atimpc32.dll
2009-08-13 18:25 52,224 a------- c:\windows\system32\amdpcom32.dll
2009-08-13 18:24 200,704 a------- c:\windows\system32\atiadlxy.dll
2009-08-13 18:22 53,248 a------- c:\windows\system32\aticalrt.dll
2009-08-13 18:22 53,248 a------- c:\windows\system32\aticalcl.dll
2009-08-13 18:21 3,481,600 a------- c:\windows\system32\aticaldd.dll
2009-08-12 20:21 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-08-12 18:50 682,280 a------- c:\windows\system32\pbsvc.exe
2009-08-12 14:35 48,640 a------- c:\windows\mmfs.dll
2009-08-12 14:35 2,560 a------- c:\windows\Runservice.exe
2009-08-09 23:14 99,384 a------- c:\users\desktop\appdata\roaming\inst.exe
2009-08-09 23:14 82,816 a------- c:\users\desktop\appdata\roaming\pcouffin.sys
2009-08-07 19:51 15,308,424 a------- c:\windows\system32\xlive.dll
2009-08-07 19:51 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-08-06 13:06 59,904 a------- c:\windows\system32\zlib1.dll
2009-08-06 13:02 286,720 a------- c:\windows\system32\libcurl.dll
2009-08-06 13:02 1,028,096 a------- c:\windows\system32\libeay32.dll
2009-08-06 13:02 196,608 a------- c:\windows\system32\ssleay32.dll
2009-08-06 13:02 143,360 a------- c:\windows\system32\libexpatw.dll
2009-08-03 21:40 178,800 a------- c:\windows\system32\CmdLineExt_x64.dll
2009-08-03 15:35 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-03 15:18 174 a--sh--- c:\program files (x86)\desktop.ini
2009-08-03 15:06 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-08-03 15:06 82,432 a------- c:\windows\system32\axaltocm.dll
2009-08-03 10:36 7,680 a------- c:\windows\system32\kbd106n.dll
2009-08-03 10:23 145,920 a------- c:\windows\apppatch\apppatch64\iebrshim.dll
2009-08-03 10:23 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-08-03 10:21 675,152 a------- c:\windows\system32\gpprefcl.dll
2009-08-03 10:02 41,984 a------- c:\windows\system32\netfxperf.dll
2009-08-03 00:25 2,048 a------- c:\windows\system32\msxml3r.dll
2009-08-03 00:23 623,616 a------- c:\windows\system32\localspl.dll
2009-08-03 00:22 677,376 a------- c:\windows\system32\rpcrt4.dll
2009-08-03 00:20 37,888 a------- c:\windows\system32\printcom.dll
2009-08-03 00:11 2,048 a------- c:\windows\system32\msxml6r.dll
2009-08-03 00:06 84,480 a------- c:\windows\system32\INETRES.dll
2009-08-02 23:55 289,792 a------- c:\windows\system32\atmfd.dll
2009-08-02 23:55 156,672 a------- c:\windows\system32\t2embed.dll
2009-08-02 23:55 34,304 a------- c:\windows\system32\atmlib.dll
2009-08-02 23:55 23,552 a------- c:\windows\system32\lpk.dll
2009-08-02 23:55 72,704 a------- c:\windows\system32\fontsub.dll
2009-08-02 23:55 10,240 a------- c:\windows\system32\dciman32.dll
2009-08-02 23:53 72,704 a------- c:\windows\system32\admparse.dll
2009-08-02 23:53 48,128 a------- c:\windows\system32\mshtmler.dll
2009-08-02 23:14 83,456 a------- c:\windows\system32\wudriver.dll
2009-08-02 23:14 162,064 a------- c:\windows\system32\wuwebv.dll
2009-08-02 23:14 31,232 a------- c:\windows\system32\wuapp.exe
2009-08-02 22:19 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-08-02 22:19 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-07-20 23:52 499,712 a------- c:\windows\system32\msvcp71.dll
2009-07-20 23:52 348,160 a------- c:\windows\system32\msvcr71.dll
2006-11-02 08:14 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:14 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:14 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:14 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 03:52 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 03:52 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 03:52 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 03:52 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 11:55:57.60 ===============
Running processes:
C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-M883O.exe" /REG
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
DDS (Ver_09-10-13.01)

Microsoft® Windows Vista Ultimate 
Boot Device: \Device\HarddiskVolume2
Install Date: 8/2/2009 5:26:50 PM
System Uptime: 10/18/2009 3:19:04 AM (8 hours ago)

Motherboard: ASUSTeK Computer INC. | | Crosshair III Formula
Processor: AMD Phenom(tm) II X4 955 Processor | AM3 | 3600/200mhz


----------



## miller330i (Oct 18, 2009)

Just wanted to get all the logs in. If you need any more info please ask. I just had this thing running like I wanted it. Last time i do a risky favor for someone! Jeff


----------



## miller330i (Oct 18, 2009)

with webroot, and a couple other programs ai have killed off most of the viruses and trojans, but i still have an adware problem. Please look at the log and tell me what to do! Thanks! jeffrey


----------



## emeraldnzl (Nov 3, 2007)

Hello miller330i,

Welcome to TSG.

You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

If you do not have Malwarebytes please download from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*

*Next*

Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Under the *Standard Registry* box change it to *All*.
Check the boxes beside *LOP Check* and *Purity Check*.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply.

*So when you return please post
MBAM log
the two OTL logs - OTL.txt and Extras.txt
*
Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine.


----------



## miller330i (Oct 18, 2009)

OTL logfile created on: 10/22/2009 4:20:05 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Users\Desktop\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 55.15% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.46 Gb Total Space | 155.83 Gb Free Space | 55.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 279.45 Gb Total Space | 10.30 Gb Free Space | 3.69% Space Free | Partition Type: NTFS
Drive F: | 3.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP1
Current User Name: Desktop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
OTL Extras logfile created on: 10/22/2009 4:20:05 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Users\Desktop\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 55.15% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.46 Gb Total Space | 155.83 Gb Free Space | 55.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 279.45 Gb Total Space | 10.30 Gb Free Space | 3.69% Space Free | Partition Type: NTFS
Drive F: | 3.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP1
Current User Name: Desktop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
Malwarebytes' Anti-Malware 1.41
Database version: 3013
Windows 6.0.6002 Service Pack 2

10/22/2009 3:58:35 PM
mbam-log-2009-10-22 (15-58-35).txt

Scan type: Quick Scan
Objects scanned: 85472
Time elapsed: 2 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## emeraldnzl (Nov 3, 2007)

Hello 

Unless I am missing something that OTL log got cut off right at the start.

Please post the rest and the Extras log too if you have it.


----------



## miller330i (Oct 18, 2009)

========== Files/Folders - Created Within 30 Days ==========

[2 C:\Windows\SysWow64\*.tmp files]
[1 C:\Windows\*.tmp files]
[2009/10/20 23:12:51 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/14 12:06:06 | 00,000,000 | ---D | C] -- C:\ProgramData\ATI
[2009/10/21 11:18:11 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/10/03 10:29:12 | 00,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2009/10/18 11:00:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/13 09:13:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
[2009/10/20 23:38:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/10/17 22:46:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2009/10/17 08:55:20 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/10/18 23:31:31 | 00,000,000 | ---D | C] -- C:\ProgramData\WebRoot
[2009/10/17 08:55:09 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Any DVD Converter Professional
[2009/10/07 20:09:00 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Canon
[2009/10/15 14:12:17 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\FastStone
[2009/10/16 08:48:55 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\ICQ
[2009/10/18 11:00:34 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Malwarebytes
[2009/10/13 09:12:55 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Microsoft Game Studios
[2009/10/17 22:46:11 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Sunbelt
[2009/10/11 21:54:08 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\vlc
[2009/10/19 00:28:44 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Webroot
[1 C:\Users\Desktop\AppData\Local\*.tmp files]
[2009/10/21 12:49:00 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Apple
[2009/10/03 10:29:33 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\LogiShrd
[2009/10/13 09:13:25 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Microsoft Game Studios
[2009/10/22 14:35:45 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Visual Business Cards
[1 C:\Users\Desktop\AppData\Local\*.tmp files]
[2009/10/19 19:25:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2009/10/13 23:26:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2009/09/23 11:09:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\505games
[2009/10/17 08:55:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Any DVD Converter Professional
[2009/10/15 14:12:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Photo Resizer
[2009/10/16 08:48:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6.5
[2009/09/23 13:46:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ImageConverter Plus
[2009/09/23 12:52:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2009/10/21 11:18:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2009/10/13 09:07:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
[2009/10/18 11:00:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/10/13 23:32:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2009/10/01 16:26:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2009/10/01 23:16:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2009/10/13 09:13:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2009/10/13 23:03:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2009/10/02 10:49:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/10/19 19:25:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP
[2009/10/20 23:38:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2009/10/18 17:46:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2009/10/17 22:30:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sunbelt Software
[2009/10/17 22:10:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/10/15 08:40:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2009/10/22 14:32:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Visual Business Cards
[2009/10/18 00:26:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2009/10/03 10:27:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2009/10/14 11:57:11 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2009/09/23 12:52:37 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/09/23 12:52:36 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/10/01 16:26:17 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2009/10/22 14:35:46 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\Visual Business Cards
[2009/10/21 11:19:47 | 00,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2009/10/19 21:25:42 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/10/19 21:25:40 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/10/19 19:25:19 | 00,078,088 | ---- | C] (Privacyware/PWI, Inc.) -- C:\Windows\SysNative\drivers\pwipf6.sys
[2009/10/19 19:25:11 | 01,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll
[2009/10/19 19:22:24 | 00,078,088 | ---- | C] (Privacyware/PWI, Inc.) -- C:\Windows\SysWow64\drivers\pwipf6.sys
[2009/10/18 12:06:58 | 00,000,000 | --SD | C] -- C:\TheHammer3533T
[2009/10/18 12:06:26 | 00,000,000 | --SD | C] -- C:\TheHammer
[2009/10/18 12:06:26 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/17 22:21:11 | 00,000,000 | ---D | C] -- C:\sbtemp
[2009/10/17 10:17:17 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\OJOsoft Corporation
[2009/10/17 08:55:21 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\Any DVD Converter Professional
[2009/10/13 23:32:20 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/10/13 23:03:07 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2009/10/13 22:58:55 | 05,690,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/10/13 22:58:53 | 07,006,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2009/10/13 22:58:52 | 01,426,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2009/10/13 22:58:52 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2009/10/13 22:58:51 | 03,599,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/13 22:58:51 | 01,176,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/10/13 22:58:51 | 00,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/10/13 22:58:50 | 06,079,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/10/13 22:58:48 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/10/13 22:58:47 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2009/10/13 22:58:47 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2009/10/13 22:58:45 | 00,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2009/10/13 22:58:45 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2009/10/13 22:58:34 | 04,698,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2009/10/13 22:58:33 | 00,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2009/10/13 22:58:33 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2009/10/13 22:58:32 | 00,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msv1_0.dll
[2009/10/13 22:58:32 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/10/13 22:57:46 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\srv2.sys
[2009/10/13 22:57:45 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2009/10/13 22:57:45 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll
[2009/10/13 16:59:22 | 02,146,304 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2009/10/13 09:52:53 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/10/13 09:07:30 | 00,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
[2009/10/13 09:07:30 | 00,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2009/10/12 20:08:55 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Desktop\Halo.2.XP-TheBabeLover
[2009/10/03 12:38:47 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\SightSpeed Recordings
[2009/10/01 16:40:24 | 00,238,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MpSigStub.exe
[2009/09/23 13:46:35 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\ImageConverter Plus
[2009/09/23 13:46:34 | 00,180,224 | ---- | C] (fCoder Group International) -- C:\Windows\SysWow64\cnvshell.dll
[2009/09/23 13:46:34 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\Image Converter Plus
[2009/08/09 23:14:51 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\Desktop\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2 C:\Windows\SysWow64\*.tmp files]
[1 C:\Windows\*.tmp files]
[1 C:\Users\Desktop\AppData\Local\*.tmp files]
[2009/10/22 19:05:50 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/10/22 19:05:50 | 00,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/10/22 19:05:50 | 00,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/10/22 18:59:34 | 00,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/22 18:59:26 | 00,001,377 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2009/10/22 18:59:18 | 00,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/22 18:59:18 | 00,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/22 18:59:16 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/22 18:59:12 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/22 18:35:00 | 00,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/22 14:05:49 | 05,305,898 | -H-- | M] () -- C:\Users\Desktop\AppData\Local\IconCache.db
[2009/10/21 11:13:28 | 02,842,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/10/20 23:16:49 | 00,000,680 | ---- | M] () -- C:\Users\Desktop\AppData\Local\d3d9caps.dat
[2009/10/20 00:00:07 | 00,001,698 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L592D3875AA694C63B4900DCF28BFD983.job
[2009/10/19 22:52:14 | 00,001,684 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L7E41AE94A7394FECBDA9B88F3EFB8F6A.job
[2009/10/19 19:25:12 | 00,017,264 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe
[2009/10/19 19:22:58 | 00,000,164 | ---- | M] () -- C:\Windows\install.dat
[2009/10/19 19:22:24 | 00,078,088 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Windows\SysWow64\drivers\pwipf6.sys
[2009/10/19 19:22:24 | 00,078,088 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Windows\SysNative\drivers\pwipf6.sys
[2009/10/19 19:05:56 | 00,000,732 | ---- | M] () -- C:\Users\Desktop\AppData\Local\d3d9caps64.dat
[2009/10/19 00:24:55 | 00,000,164 | ---- | M] () -- C:\install.dat
[2009/10/13 16:59:22 | 02,146,304 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2009/10/12 21:16:04 | 00,000,133 | ---- | M] () -- C:\Users\Desktop\AppData\Roaming\default.pls
[2009/10/12 17:13:49 | 00,189,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2009/10/12 17:13:49 | 00,189,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/10/12 11:36:22 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/10/04 22:31:38 | 00,000,412 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2009/10/02 11:40:19 | 26,575,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mrt.exe
[2009/10/01 10:29:14 | 00,238,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MpSigStub.exe
[2009/09/23 12:11:33 | 00,018,052 | ---- | M] () -- C:\Program Files (x86)\unins000.dat
[2009/09/23 12:11:28 | 00,704,282 | ---- | M] () -- C:\Program Files (x86)\unins000.exe
[2009/09/23 05:55:23 | 00,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys

========== Files - No Company Name ==========
[2009/10/22 14:05:49 | 05,305,898 | -H-- | C] () -- C:\Users\Desktop\AppData\Local\IconCache.db
[2009/10/21 17:14:19 | 00,015,688 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2009/10/20 23:20:09 | 00,001,840 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistMSI3C6B.txt
[2009/10/20 23:20:04 | 00,012,862 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistUI3C6B.txt
[2009/10/19 20:58:52 | 00,001,698 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L592D3875AA694C63B4900DCF28BFD983.job
[2009/10/19 20:58:51 | 00,001,684 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L7E41AE94A7394FECBDA9B88F3EFB8F6A.job
[2009/10/19 19:25:15 | 00,017,264 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe
[2009/10/19 19:22:57 | 00,000,164 | ---- | C] () -- C:\Windows\install.dat
[2009/10/18 23:23:57 | 00,000,164 | ---- | C] () -- C:\install.dat
[2009/10/18 21:43:33 | 00,000,680 | ---- | C] () -- C:\Users\Desktop\AppData\Local\d3d9caps.dat
[2009/10/12 11:36:22 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/10/01 23:15:42 | 00,231,562 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL90SP1_KB973924MSI6C8A.txt
[2009/10/01 23:15:41 | 00,014,524 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL90SP1_KB973924UI6C8A.txt
[2009/10/01 23:15:11 | 00,557,508 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923MSI6C25.txt
[2009/10/01 23:15:10 | 00,014,540 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923UI6C25.txt
[2009/10/01 23:14:50 | 00,541,238 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923MSI6BD6.txt
[2009/10/01 23:14:46 | 00,014,492 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923UI6BD6.txt
[2009/09/23 12:09:15 | 00,704,282 | ---- | C] () -- C:\Program Files (x86)\unins000.exe
[2009/09/23 12:09:15 | 00,018,052 | ---- | C] () -- C:\Program Files (x86)\unins000.dat
[2009/09/18 12:18:50 | 00,000,612 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/15 09:27:07 | 00,016,384 | ---- | C] () -- C:\Users\Desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/12 14:35:43 | 00,001,377 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2009/08/12 14:35:41 | 00,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2009/08/11 18:59:20 | 00,000,133 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\default.pls
[2009/08/10 09:22:01 | 00,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/08/09 23:15:35 | 00,000,034 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\pcouffin.log
[2009/08/09 23:14:51 | 00,099,384 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\inst.exe
[2009/08/09 23:14:51 | 00,007,859 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\pcouffin.cat
[2009/08/09 23:14:51 | 00,001,167 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\pcouffin.inf
[2009/08/07 19:51:34 | 00,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/08/06 13:06:48 | 00,059,904 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2009/08/06 13:02:40 | 00,286,720 | ---- | C] () -- C:\Windows\SysWow64\libcurl.dll
[2009/08/06 13:02:22 | 00,143,360 | ---- | C] () -- C:\Windows\SysWow64\libexpatw.dll
[2009/08/03 18:57:18 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/08/03 16:03:41 | 00,598,240 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistMSI2007.txt
[2009/08/03 16:03:39 | 00,020,488 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistUI2007.txt
[2009/08/03 15:22:47 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/03 15:22:28 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/03 14:50:59 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009/08/03 14:39:34 | 00,000,327 | ---- | C] () -- C:\Windows\RefreshLock.ini
[2009/08/03 10:30:45 | 00,000,000 | ---- | C] () -- C:\Windows\LCDMedia.INI
[2009/08/02 22:36:17 | 00,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2009/08/02 22:35:19 | 00,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/08/02 22:33:44 | 00,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/08/02 22:28:02 | 00,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/08/02 22:28:02 | 00,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/08/02 22:28:00 | 00,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009/08/02 22:28:00 | 00,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009/08/02 22:19:34 | 00,000,989 | ---- | C] () -- C:\Windows\FF08_not_Spk_Hp.ini
[2009/08/02 22:19:34 | 00,000,928 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2009/08/02 22:19:12 | 00,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/08/02 22:19:11 | 00,127,488 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/08/02 21:03:00 | 00,041,125 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/08/02 21:02:40 | 00,034,721 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/08/02 21:02:40 | 00,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/08/02 21:00:48 | 00,051,960 | ---- | C] () -- C:\Users\Desktop\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/02 21:00:30 | 00,000,732 | ---- | C] () -- C:\Users\Desktop\AppData\Local\d3d9caps64.dat
[2009/06/02 18:11:16 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/05/29 16:52:26 | 00,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 16:47:06 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/04/21 18:26:56 | 00,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/09/12 16:21:02 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2007/09/04 12:56:10 | 00,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/02/05 20:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 08:24:55 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 08:24:55 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 05:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:34:27 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini

========== LOP Check ==========

[2009/10/19 00:28:44 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming
[2009/08/06 20:00:07 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\Ahead
[2009/10/17 08:55:20 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\Any DVD Converter Professional
[2009/08/03 07:49:43 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\ATI
[2009/10/07 20:09:00 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\Canon
[2009/08/09 09:55:53 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\DAEMON Tools Lite
[2009/08/05 09:54:51 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\Download Manager
[2009/08/07 19:11:21 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\DzSoft
[2009/10/16 10:26:09 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\ICQ
[2009/09/23 11:36:52 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\IGN_DLM
[2009/08/03 15:46:02 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\IObit
[2006/11/02 08:06:33 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\Media Center Programs
[2009/08/12 13:34:34 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\NewSoft
[2009/08/09 08:42:28 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\RegRun
[2009/08/02 22:33:39 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\ScanSoft
[2009/08/06 08:28:22 | 00,000,000 | RH-D | M] -- C:\Users\Desktop\AppData\Roaming\SecuROM
[2009/09/10 08:30:29 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\teamspeak2
[2009/10/22 19:07:25 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\uTorrent
[2009/08/09 18:28:00 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\VistaCodecs
[2009/08/09 23:15:35 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\Vso
[2009/09/22 10:04:39 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\Wargaming.Net
[2009/10/22 18:59:34 | 00,000,894 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/10/22 18:35:00 | 00,000,898 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009/10/22 18:59:16 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/10/22 18:58:13 | 00,018,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/10/04 22:31:38 | 00,000,412 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
[2009/10/20 00:00:07 | 00,001,698 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeper_L592D3875AA694C63B4900DCF28BFD983.job
[2009/10/19 22:52:14 | 00,001,684 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeper_L7E41AE94A7394FECBDA9B88F3EFB8F6A.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
------------------------------------------------------------------------


----------



## miller330i (Oct 18, 2009)

Malwarebytes' Anti-Malware 1.41
Database version: 3013
Windows 6.0.6002 Service Pack 2

10/22/2009 7:12:26 PM
mbam-log-2009-10-22 (19-12-26).txt

Scan type: Quick Scan
Objects scanned: 84876
Time elapsed: 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
OTL logfile created on: 10/22/2009 7:14:18 PM - Run 3
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Users\Desktop\Desktop\icons
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 61.67% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.46 Gb Total Space | 155.92 Gb Free Space | 55.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 279.45 Gb Total Space | 10.30 Gb Free Space | 3.69% Space Free | Partition Type: NTFS
Drive F: | 3.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP1
Current User Name: Desktop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.EXE (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Users\Desktop\Desktop\icons\OTL.exe (OldTimer Tools)
PRC - C:\Windows\DAODx.exe ()
PRC - C:\Windows\runservice.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\sysWOW64\wbem\wmiprvse.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Adobe Version Cue CS4 [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (AODService [Disabled | Stopped]) -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService [Disabled | Stopped]) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1ca148920d17d96 [Disabled | Stopped]) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (KeyIso [On_Demand | Stopped]) -- C:\Windows\SysWow64\keyiso.dll (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service [Auto | Stopped]) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LicCtrlService [Auto | Running]) -- C:\Windows\runservice.exe ()
SRV - (LightScribeService [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MSDTC [Unknown | Stopped]) -- C:\Windows\SysWow64\Msdtc [2006/11/02 06:34:14 | 00,000,000 | ---D | M]
SRV - (Nero BackItUp Scheduler 3 [Disabled | Stopped]) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (Netlogon [On_Demand | Stopped]) -- C:\Windows\SysWow64\netlogon.dll (Microsoft Corporation)
SRV - (NMIndexingService [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service [Disabled | Stopped]) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (PnkBstrA [Auto | Running]) -- C:\Windows\SysWow64\PnkBstrA.exe ()
SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Sound Blaster X-Fi MB Licensing Service [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
SRV - (vds [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vds.mof ()
SRV - (VSS [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vss.mof ()
SRV - (WebrootSpySweeperService [Auto | Running]) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (WRConsumerService [Auto | Running]) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV:64bit: - (AEADIFilters [Disabled | Stopped]) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV:64bit: - (AMD External Events Utility [Auto | Running]) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt [On_Demand | Stopped]) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (CscService [Auto | Running]) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (Fax [On_Demand | Stopped]) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation)
SRV:64bit: - (FLEXnet Licensing Service 64 [Disabled | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV:64bit: - (LVPrcS64 [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (MsMpSvc [Auto | Running]) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (UmRdpService [On_Demand | Stopped]) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (wbengine [On_Demand | Stopped]) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adfs [Auto | Running]) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (AsIO [System | Running]) -- C:\Windows\SysWow64\drivers\AsIO.sys ()
DRV - (atillk64 [On_Demand | Stopped]) -- C:\Program Files (x86)\ATI Technologies\AMD GPU Clock Tool\atillk64.sys (ATI Technologies Inc.)
DRV - (CSC [System | Running]) -- C:\Windows\CSC [2009/08/02 17:24:44 | 00,000,000 | ---D | M]
DRV - (mcdbus [On_Demand | Running]) -- C:\Windows\SysWow64\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV - (mpsdrv [On_Demand | Running]) -- C:\Windows\SysWow64\Wbem\mpsdrv.mof ()
DRV - (Partizan [Boot | Stopped]) -- C:\Windows\SysWow64\Partizan.RRI ()
DRV - (pwipf6 [System | Running]) -- C:\Windows\SysWow64\DRIVERS\pwipf6.sys (Privacyware/PWI, Inc.)
DRV - (RegGuard [On_Demand | Stopped]) -- C:\Windows\SysWow64\Drivers\regguard.sys (Greatis Software)
DRV - (RivaTuner64 [On_Demand | Stopped]) -- C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys ()
DRV - (Tcpip [Boot | Running]) -- C:\Windows\SysWow64\Wbem\tcpip.mof ()
DRV:64bit: - (adfs [Auto | Running]) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (ADIHdAudAddService [On_Demand | Running]) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (AmdLLD64 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (Advanced Micro Devices)
DRV:64bit: - (AmdTools [System | Stopped]) -- C:\Windows\SysNative\DRIVERS\AmdTools64.sys (AMD, Inc.)
DRV:64bit: - (AtiHdmiService [On_Demand | Running]) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (atikmdag [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiPcie [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (CSC [System | Running]) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (fvevol [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HdAudAddService [On_Demand | Stopped]) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (Lbd [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:64bit: - (LVPr2M64 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (LVPr2Mon [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (mcdbus [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (MpFilter [System | Running]) -- C:\Windows\SysNative\DRIVERS\MpFilter.sys (Microsoft Corporation)
DRV:64bit: - (MpNWMon [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\MpNWMon.sys (Microsoft Corporation)
DRV:64bit: - (MTsensor [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:64bit: - (PID_0928 [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\LV561V64.SYS (Logitech Inc.)
DRV:64bit: - (pwipf6 [System | Running]) -- C:\Windows\SysNative\DRIVERS\pwipf6.sys (Privacyware/PWI, Inc.)
DRV:64bit: - (PxHlpa64 [Boot | Running]) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (RTL8169 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (sptd [Boot | Running]) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (ssfs0bbc [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV:64bit: - (ssidrv [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV:64bit: - (StarPortLite [System | Running]) -- C:\Windows\SysNative\DRIVERS\StarPortLite.sys (Rocket Division Software)
DRV:64bit: - (WpdUsb [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Sky Web Search"
FF - prefs.js..browser.search.selectedEngine: "Sky Web Search"
FF - prefs.js..browser.startup.homepage: " "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/03 12:48:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/09/30 22:19:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/10/14 12:40:10 | 00,000,000 | ---D | M]

[2009/08/08 09:45:48 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Extensions
[2009/08/08 09:45:48 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/22 08:02:46 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Firefox\Profiles\kwgeslrt.default\extensions
[2009/09/23 13:54:59 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Firefox\Profiles\kwgeslrt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/19 18:25:46 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/09/30 22:19:50 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/21 12:10:23 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/24 13:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 13:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/07/13 17:16:26 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll
[2009/08/21 12:10:15 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll
[2009/07/13 17:15:48 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll
[2009/07/13 17:15:58 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/24 13:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/13 17:16:26 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll
[2009/08/24 11:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 11:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/08/24 11:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 11:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 11:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/08/24 11:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 11:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml


----------



## miller330i (Oct 18, 2009)

O1 HOSTS File: (794 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg64.dll (Google Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [SpySweeper] C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWow64\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWow64\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWow64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWow64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWow64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWow64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - application/octet-stream - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - application/x-complus - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - application/x-msdownload - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - deflate - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - gzip - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWow64\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - Reg Error: Key error. File not found
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/30 15:36:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/10/29 10:18:56 | 00,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/06/25 06:29:25 | 00,000,045 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{71927353-afab-11de-b56d-002618359de8}\Shell - "" = AutoRun
O33 - MountPoints2\{71927353-afab-11de-b56d-002618359de8}\Shell\AutoRun\command - "" = F:\Startup.exe -- [2007/05/07 03:15:11 | 01,705,336 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found


----------



## emeraldnzl (Nov 3, 2007)

Hello again miller330i,

Question: Did you choose to use *Sky Web Search* as your default browser? Tell me when you come back.

*Meantime*

It is a pretty big download at 28mb's but is very useful at detecting\cleaning rootkits or whatever it finds.

Please click *here* to download AVP Tool by Kaspersky.

Save it to your desktop. 
Reboot your computer into SafeMode.
_You can do this by restarting your computer and continually tapping the *F8* key until a menu appears.
Use your up arrow key to highlight SafeMode then hit *enter*_*.*​
Double click the setup file to run it.
Click Next to continue.
It will by default install it to your desktop folder.Click Next.
Hit ok at the prompt for scanning in Safe Mode.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.


[*] System Memory
[*]Startup Objects
[*]Disk Boot Sectors.
[*]My Computer.
[*]Also any other drives (Removable that you may have) 

After that click on *Security level* then choose *Customize* then click on the tab that says *Heuristic Analyzer* then choose *Enable Deep rootkit search* then choose *ok*.
Then choose OK again then you are back to the main screen.


Then click on Scan at the to right hand Corner.
It will automatically Neutralize any objects found.
If some objects are left un-neutralized then click the button that says Neutralize all
If it says it cannot be Neutralized then chooose The delete option when prompted.
After that is done click on the reports button at the bottom and save it to file, name it *Kas*.
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under *Detected* post those results in your next reply.

*Note: This tool will self uninstall when you close it so please save the log before closing it.​*
*​*


----------



## miller330i (Oct 18, 2009)

*Sky Web Search* I have no idea what that is, it justs opens to yahoo mail when i click on explorer. I also use firefox. When firefox opens, it is just blank. The homepage for exploere is yahoo and it says so in the tools section. Downloading what you recomended bow and also doing a Panda scan. At 26% it is showing 5 infected files. When i run the others nothing shows up. Thanks for the help! How do i get rid of SKY WEB SEARCH? Jeffrey


----------



## emeraldnzl (Nov 3, 2007)

> How do i get rid of SKY WEB SEARCH? Jeffrey


We will deal with that after the Kaspersky AVP scan.











> also doing a Panda scan


Let's just carry out the things I have told you. Other things can get in the way and mislead us. Having said that you may as well post the results.

Go on with the Kaspersky one though. It is better designed for your machine.


----------



## miller330i (Oct 18, 2009)

Scan
----
Scanned: 3733687
Detected: 16
Untreated: 0
Start time: 10/22/2009 10:06:26 PM
Duration: 09:53:46
Finish time: 10/23/2009 8:00:12 AM


Detected
--------
Status Object
------ ------
deleted: Trojan program Packed.Win32.Black.a File: C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{0BB51A05-ADA5-78A3-EEBF-22F9ABE5B8BF}-keymaker.exe//PE-Crypt.XorPE
deleted: Trojan program Packed.Win32.Krap.ag File: C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{10A5CE66-BDBF-1246-4F33-C99B3A7C9AAA}-msa.exe//PE-Crypt.XorPE
deleted: Trojan program Packed.Win32.Krap.ag File: C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{1CD4ACB7-3F1C-7F0B-7CC0-846423BEBE1C}-msa.exe//PE-Crypt.XorPE
deleted: Trojan program Packed.Win32.Krap.ag File: C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{237D92F5-3BA5-B805-8AC9-2E56D7EC9968}-msa.exe//PE-Crypt.XorPE
deleted: Trojan program Packed.Win32.Krap.ag File: C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{2D0498E8-0038-DE76-1EE6-15717366B211}-msa.exe//PE-Crypt.XorPE
deleted: Trojan program Packed.Win32.Krap.ag File: C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{2FC2514E-79F9-E95E-E309-CF7EC6A854CD}-msa.exe//PE-Crypt.XorPE
deleted: Trojan program Packed.Win32.Krap.ag File: C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{34C15DE0-CA4A-E5AF-F753-164D5625D67D}-msa.exe//PE-Crypt.XorPE
deleted: Trojan program Packed.Win32.Krap.ag File: C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{62A2B143-C1D6-50BA-8193-6BDC8FD3D860}-msa.exe//PE-Crypt.XorPE
deleted: Trojan program Packed.Win32.Krap.ag File: C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{6FBF14CE-90F8-246E-1C1F-C9271F26EAEC}-msa.exe//PE-Crypt.XorPE
deleted: Trojan program Packed.Win32.Krap.ag File: C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{810C4545-D94C-3E63-6EE3-D232E131D061}-msa.exe//PE-Crypt.XorPE
deleted: Trojan program Packed.Win32.Krap.ag File: C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{99DE39A1-3B3B-BA43-0B74-2862D1C17BD3}-msa.exe//PE-Crypt.XorPE
deleted: Trojan program Packed.Win32.Krap.ag File: C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{EBE97D09-08A7-FBFB-39CC-C6532239686B}-msa.exe//PE-Crypt.XorPE
deleted: Trojan program Packed.Win32.Krap.ag File: C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{EC619B8C-DFF1-6762-0BDE-1430B65E5B6C}-msa.exe//PE-Crypt.XorPE
deleted: Trojan program Packed.Win32.Krap.ag File: C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{EE004E8D-8656-E4A3-5ED0-E5C817F8A0CC}-msa.exe//PE-Crypt.XorPE
deleted: Trojan program Packed.Win32.Krap.ag File: C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{F95D12D2-5609-56CB-D0E3-227EB89804B2}-msa.exe//PE-Crypt.XorPE
deleted: Trojan program Trojan.Win32.Buzus.ccdm File: E:\cod\CompanyOfHeroesv2.600ANDCompanyOfHeroesOpposingFrontsv2.600ANDCompanYOfHeroesTalesOfValorv2.600Trainer.zip/Company of Heroes Promo Trainer.exe


Events
------
Time Name Status Reason
---- ---- ------ ------
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\WRConsumerService.exe ok scanned
10/22/2009 10:06:32 PM File: C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\ntdll.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\SysWOW64\ntdll.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\kernel32.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\kernel32.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\SETUPAPI.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\SETUPAPI.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\msvcrt.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\msvcrt.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\ADVAPI32.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\ADVAPI32.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\RPCRT4.dll ok  scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\RPCRT4.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\Secur32.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\Secur32.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\GDI32.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\GDI32.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\USER32.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\USER32.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\OLEAUT32.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\OLEAUT32.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\ole32.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\ole32.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\iphlpapi.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\iphlpapi.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\dhcpcsvc.DLL ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\dhcpcsvc.DLL ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\DNSAPI.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\DNSAPI.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\WS2_32.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\WS2_32.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\NSI.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\NSI.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\WINNSI.DLL ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\WINNSI.DLL ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\dhcpcsvc6.DLL ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\dhcpcsvc6.DLL ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\WTSAPI32.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\WTSAPI32.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\SHELL32.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\SHELL32.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\SHLWAPI.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\SHLWAPI.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\MSVCR80.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\MSVCR80.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\dbghelp.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Program Files (x86)\Webroot\WebrootSecurity\dbghelp.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\MSVCP80.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\MSVCP80.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\USERENV.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\USERENV.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\WINHTTP.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\WINHTTP.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\VERSION.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\VERSION.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\WININET.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\WININET.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\Normaliz.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\Normaliz.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\iertutil.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\iertutil.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\IMM32.DLL ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\IMM32.DLL ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\MSCTF.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\MSCTF.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\LPK.DLL ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\LPK.DLL ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\USP10.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\USP10.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\comctl32.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\PROPSYS.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\PROPSYS.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\apphelp.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\apphelp.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\CLBCatQ.DLL ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\CLBCatQ.DLL ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\PSAPI.DLL ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\PSAPI.DLL ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\urlmon.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\SysWOW64\urlmon.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\NTMARTA.DLL ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\NTMARTA.DLL ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\WLDAP32.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\WLDAP32.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\SAMLIB.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\SAMLIB.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\WINSTA.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\WINSTA.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\rasadhlp.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\rasadhlp.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\wbemprox.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\wbem\wbemprox.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\wbemcomn.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\wbemcomn.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\rsaenh.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\rsaenh.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\wscisvif.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\wscisvif.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\WSCAPI.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\WSCAPI.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\wscproxystub.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\wscproxystub.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\wbemsvc.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\wbem\wbemsvc.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\fastprox.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\wbem\fastprox.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\NTDSAPI.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\NTDSAPI.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\NETAPI32.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\NETAPI32.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\wmiutils.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\wbem\wmiutils.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\WmiPerfInst.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\SysWOW64\wbem\WmiPerfInst.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\pdh.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\pdh.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\perfproc.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\system32\perfproc.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\capicom.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\SysWow64\capicom.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\MSSIGN32.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\SysWow64\MSSIGN32.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\CRYPT32.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\SysWow64\CRYPT32.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\MSASN1.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\SysWow64\MSASN1.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\WINTRUST.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\SysWow64\WINTRUST.dll ok scanned
10/22/2009 10:06:32 PM Running module: WRConsumerService.exe\imagehlp.dll ok scanned
10/22/2009 10:06:32 PM File: C:\Windows\syswow64\imagehlp.dll ok scanned
10/22/2009 10:06:32 PM Running module: AAWService.exe\AAWService.exe ok scanned
10/22/2009 10:06:33 PM File: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\ntdll.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\SysWOW64\ntdll.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\kernel32.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\kernel32.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\ADVAPI32.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\ADVAPI32.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\RPCRT4.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\RPCRT4.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\Secur32.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\Secur32.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\PSAPI.DLL ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\PSAPI.DLL ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\USERENV.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\system32\USERENV.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\msvcrt.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\msvcrt.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\USER32.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\USER32.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\GDI32.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\GDI32.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\VERSION.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\system32\VERSION.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\RPAPI.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Program Files (x86)\Lavasoft\Ad-Aware\RPAPI.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\SHELL32.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\SHELL32.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\SHLWAPI.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\SHLWAPI.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\MSVCP90.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\MSVCP90.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\MSVCR90.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\MSVCR90.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\CRYPT32.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\system32\CRYPT32.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\MSASN1.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\system32\MSASN1.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\WINTRUST.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\system32\WINTRUST.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\imagehlp.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\imagehlp.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\FLTLIB.DLL ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\system32\FLTLIB.DLL ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\ole32.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\ole32.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\OLEAUT32.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\OLEAUT32.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\WININET.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\WININET.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\Normaliz.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\Normaliz.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\iertutil.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\iertutil.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\IMM32.DLL ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\system32\IMM32.DLL ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\MSCTF.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\MSCTF.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\LPK.DLL ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\LPK.DLL ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\USP10.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\USP10.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\comctl32.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\Resources.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Program Files (x86)\Lavasoft\Ad-Aware\Resources.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\NTMARTA.DLL ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\system32\NTMARTA.DLL ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\WLDAP32.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\WLDAP32.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\WS2_32.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\WS2_32.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\NSI.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\NSI.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\SAMLIB.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\system32\SAMLIB.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\WINSTA.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\system32\WINSTA.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\CLBCatQ.DLL ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\CLBCatQ.DLL ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\taskschd.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\SysWOW64\taskschd.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\XmlLite.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\SysWOW64\XmlLite.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\mstask.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\System32\mstask.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\NTDSAPI.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\System32\NTDSAPI.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\DNSAPI.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\System32\DNSAPI.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\NETAPI32.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\System32\NETAPI32.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\COMDLG32.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\syswow64\COMDLG32.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\lavalicense.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Program Files (x86)\Lavasoft\Ad-Aware\lavalicense.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\rsaenh.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\SysWOW64\rsaenh.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\wbemprox.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\system32\wbem\wbemprox.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\wbemcomn.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\SysWOW64\wbemcomn.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\wbemsvc.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\system32\wbem\wbemsvc.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\fastprox.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\system32\wbem\fastprox.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\ceapi.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Program Files (x86)\Lavasoft\Ad-Aware\ceapi.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\lavamessage.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Program Files (x86)\Lavasoft\Ad-Aware\lavamessage.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\ncrypt.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\SysWOW64\ncrypt.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\BCRYPT.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\system32\BCRYPT.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\GPAPI.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\SysWOW64\GPAPI.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\slc.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\SysWOW64\slc.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\cryptnet.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\SysWOW64\cryptnet.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\SensApi.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\SysWOW64\SensApi.dll ok scanned
10/22/2009 10:06:33 PM Running module: AAWService.exe\Cabinet.dll ok scanned
10/22/2009 10:06:33 PM File: C:\Windows\SysWOW64\Cabinet.dll ok scanned


----------



## miller330i (Oct 18, 2009)

10/22/2009 10:06:34 PM File: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll ok scanned
10/22/2009 10:06:34 PM Running module: WmiPrvSE.exe\perfcounter.dll ok scanned
10/22/2009 10:06:34 PM File: C:\Windows\Microsoft.NET\Framework\v2.0.50727\perfcounter.dll ok scanned
10/22/2009 10:06:34 PM Running module: WmiPrvSE.exe\MSVCR80.dll ok scanned
10/22/2009 10:06:34 PM File: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\MSVCR80.dll ok scanned
10/22/2009 10:06:34 PM Running module: WmiPrvSE.exe\mscorwks.dll ok scanned
10/22/2009 10:06:34 PM File: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll ok scanned
10/22/2009 10:06:34 PM Running module: WmiPrvSE.exe\CorperfmonExt.dll ok scanned
10/22/2009 10:06:34 PM File: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CorperfmonExt.dll ok scanned
10/22/2009 10:06:34 PM Running module: WmiPrvSE.exe\esentprf.dll ok scanned
10/22/2009 10:06:34 PM File: C:\Windows\system32\esentprf.dll ok scanned
10/22/2009 10:06:34 PM Running module: WmiPrvSE.exe\msdtcuiu.DLL ok scanned
10/22/2009 10:06:34 PM File: C:\Windows\system32\msdtcuiu.DLL ok scanned
10/22/2009 10:06:34 PM Running module: WmiPrvSE.exe\ATL.DLL ok scanned
10/22/2009 10:06:34 PM File: C:\Windows\system32\ATL.DLL ok scanned
10/22/2009 10:06:34 PM Running module: WmiPrvSE.exe\MSDTCPRX.dll ok scanned
10/22/2009 10:06:34 PM File: C:\Windows\system32\MSDTCPRX.dll ok scanned
10/22/2009 10:06:34 PM Running module: WmiPrvSE.exe\MTXCLU.DLL ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\MTXCLU.DLL ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\CLUSAPI.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\CLUSAPI.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\cryptdll.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\cryptdll.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\ACTIVEDS.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\ACTIVEDS.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\adsldpc.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\adsldpc.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\credui.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\credui.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\SHELL32.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\syswow64\SHELL32.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\RESUTILS.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\RESUTILS.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\USERENV.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\USERENV.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\VERSION.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\VERSION.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\bcrypt.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\bcrypt.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\ktmw32.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\ktmw32.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\msscntrs.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\msscntrs.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\perfdisk.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\perfdisk.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\perfnet.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\perfnet.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\perfos.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\perfos.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\perfproc.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\perfproc.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\pacerprf.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\pacerprf.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\TRAFFIC.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\TRAFFIC.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\IPHLPAPI.DLL ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\IPHLPAPI.DLL ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\dhcpcsvc.DLL ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\dhcpcsvc.DLL ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\WINNSI.DLL ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\WINNSI.DLL ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\dhcpcsvc6.DLL ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\dhcpcsvc6.DLL ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\rasctrs.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\rasctrs.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\rasman.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\rasman.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\winspool.drv ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\winspool.drv ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\tapiperf.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\tapiperf.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\Perfctrs.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\Perfctrs.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\perfts.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\perfts.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\WINSTA.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\WINSTA.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\UTILDLL.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\UTILDLL.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\SETUPAPI.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\syswow64\SETUPAPI.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\usbperf.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\usbperf.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\tquery.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\tquery.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\PROPSYS.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\PROPSYS.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\WINTRUST.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\WINTRUST.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\CRYPT32.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\CRYPT32.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\MSASN1.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\MSASN1.dll ok scanned
10/22/2009 10:06:35 PM Running module: WmiPrvSE.exe\imagehlp.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\syswow64\imagehlp.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\AAWWSC.exe ok scanned
10/22/2009 10:06:35 PM File: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\ntdll.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\SysWOW64\ntdll.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\kernel32.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\syswow64\kernel32.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\SHELL32.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\syswow64\SHELL32.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\msvcrt.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\syswow64\msvcrt.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\GDI32.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\syswow64\GDI32.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\USER32.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\syswow64\USER32.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\ADVAPI32.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\syswow64\ADVAPI32.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\RPCRT4.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\syswow64\RPCRT4.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\Secur32.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\syswow64\Secur32.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\SHLWAPI.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\syswow64\SHLWAPI.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\ole32.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\syswow64\ole32.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\MSVCP90.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\MSVCP90.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\MSVCR90.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\MSVCR90.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\PSAPI.DLL ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\syswow64\PSAPI.DLL ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\OLEAUT32.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\syswow64\OLEAUT32.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\IMM32.DLL ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\system32\IMM32.DLL ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\MSCTF.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\syswow64\MSCTF.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\LPK.DLL ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\syswow64\LPK.DLL ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\USP10.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\syswow64\USP10.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\comctl32.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\Resources.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Program Files (x86)\Lavasoft\Ad-Aware\Resources.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWWSC.exe\WSCUpdate.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Program Files (x86)\Lavasoft\Ad-Aware\WSCUpdate.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWTray.exe\AAWTray.exe ok scanned
10/22/2009 10:06:35 PM File: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe ok scanned
10/22/2009 10:06:35 PM Running module: AAWTray.exe\ntdll.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\SysWOW64\ntdll.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWTray.exe\kernel32.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\syswow64\kernel32.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWTray.exe\USER32.dll ok scanned
10/22/2009 10:06:35 PM File: C:\Windows\syswow64\USER32.dll ok scanned
10/22/2009 10:06:35 PM Running module: AAWTray.exe\GDI32.dll ok scanned
10/22/2009 10:06:36 PM File: C:\Windows\syswow64\GDI32.dll ok scanned
10/22/2009 10:06:36 PM Running module: AAWTray.exe\ADVAPI32.dll ok scanned
10/22/2009 10:06:36 PM File: C:\Windows\syswow64\ADVAPI32.dll ok scanned
10/22/2009 10:06:36 PM Running module: AAWTray.exe\RPCRT4.dll ok scanned
10/22/2009 10:06:36 PM File: C:\Windows\syswow64\RPCRT4.dll ok scanned
10/22/2009 10:06:36 PM Running module: AAWTray.exe\Secur32.dll ok scanned
10/22/2009 10:06:36 PM File: C:\Windows\syswow64\Secur32.dll ok scanned
10/22/2009 10:06:36 PM Running module: AAWTray.exe\SHELL32.dll ok scanned
10/22/2009 10:06:36 PM File: C:\Windows\syswow64\SHELL32.dll ok scanned
10/22/2009 10:06:36 PM Running module: AAWTray.exe\msvcrt.dll ok scanned
10/22/2009 10:06:36 PM File: C:\Windows\syswow64\msvcrt.dll ok scanned
10/22/2009 10:06:36 PM Running module: AAWTray.exe\SHLWAPI.dll ok scanned
10/22/2009 10:06:36 PM File: C:\Windows\syswow64\SHLWAPI.dll ok scanned
10/22/2009 10:06:36 PM Running module: AAWTray.exe\MSVCP90.dll ok scanned
10/22/2009 10:06:36 PM File: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\MSVCP90.dll ok scanned
10/22/2009 10:06:36 PM Running module: AAWTray.exe\MSVCR90.dll ok scanned
10/22/2009 10:06:36 PM File: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\MSVCR90.dll ok scanned
10/22/2009 10:06:36 PM Running module: AAWTray.exe\PSAPI.DLL ok scanned
10/22/2009 10:06:36 PM File: C:\Windows\syswow64\PSAPI.DLL ok scanned
10/22/2009 10:06:36 PM Running module: AAWTray.exe\IMM32.DLL ok scanned
10/22/2009 10:06:36 PM File: C:\Windows\system32\IMM32.DLL ok scanned
10/22/2009 10:06:36 PM Running module: AAWTray.exe\MSCTF.dll ok scanned
10/22/2009 10:06:36 PM File: C:\Windows\syswow64\MSCTF.dll ok scanned
10/22/2009 10:06:36 PM Running module: AAWTray.exe\LPK.DLL ok scanned
10/22/2009 10:06:36 PM File: C:\Windows\syswow64\LPK.DLL ok scanned
10/22/2009 10:06:36 PM Running module: AAWTray.exe\USP10.dll ok scanned
10/22/2009 10:06:36 PM File: C:\Windows\syswow64\USP10.dll ok scanned
10/22/2009 10:06:36 PM Running module: AAWTray.exe\comctl32.dll ok scanned
10/22/2009 10:06:36 PM File: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll ok scanned
10/22/2009 10:06:36 PM Running module: AAWTray.exe\Resources.dll ok scanned
10/22/2009 10:06:36 PM File: C:\Program Files (x86)\Lavasoft\Ad-Aware\Resources.dll ok scanned
10/22/2009 10:06:36 PM Running module: AAWTray.exe\ole32.dll ok scanned
10/22/2009 10:06:36 PM File: C:\Windows\syswow64\ole32.dll ok scanned
10/22/2009 10:06:36 PM Running module: AAWTray.exe\USERENV.dll ok scanned
10/22/2009 10:06:36 PM File: C:\Windows\system32\USERENV.dll ok scanned
10/22/2009 10:06:36 PM File: c:\windows\system32\cmd.exe ok scanned
10/22/2009 10:06:36 PM File: c:\windows\syswow64\mshta.exe ok scanned
10/22/2009 10:06:36 PM File: c:\windows\system32\notepad.exe ok scanned
10/22/2009 10:06:36 PM File: c:\windows\regedit.exe ok scanned
10/22/2009 10:06:36 PM File: C:\Windows\regedit.exe ok scanned
10/22/2009 10:06:36 PM File: c:\program files (x86)\adobe\acrobat 9.0\acrobat\acrobat.exe ok scanned
10/22/2009 10:06:36 PM File: c:\program files (x86)\adobe\adobe premiere pro cs4\adobe premiere pro.exe ok scanned
10/22/2009 10:06:36 PM File: c:\program files (x86)\windows media player\wmplayer.exe ok scanned
10/22/2009 10:06:36 PM File: c:\program files (x86)\adobe\adobe media encoder cs4\adobe media encoder.exe ok scanned
10/22/2009 10:06:37 PM File: c:\windows\system32\rundll32.exe ok scanned
10/22/2009 10:06:37 PM File: c:\windows\system32\cryptext.dll ok scanned
10/22/2009 10:06:37 PM File: C:\Windows\system32\cryptext.dll ok scanned
10/22/2009 10:06:37 PM File: c:\program files (x86)\windows mail\wab.exe ok scanned
10/22/2009 10:06:37 PM File: c:\program files (x86)\creative\mediasource5\ctcmsu.exe//# ok scanned
10/22/2009 10:06:37 PM File: c:\program files (x86)\creative\mediasource5\ctcmsu.exe ok scanned
10/22/2009 10:06:38 PM File: c:\program files (x86)\adobe\adobe contribute cs4\contribute.exe ok scanned
10/22/2009 10:06:38 PM File: c:\program files (x86)\vso\convertx\3\convertxtodvd.exe ok scanned
10/22/2009 10:06:38 PM File: c:\progra~2\damnnf~1\damnnf~1.exe packed file ASPack 
10/22/2009 10:06:39 PM File: c:\progra~2\damnnf~1\damnnf~1.exe//ASPack ok scanned
10/22/2009 10:06:39 PM File: c:\progra~2\damnnf~1\damnnf~1.exe ok scanned
10/22/2009 10:06:39 PM File: c:\program files (x86)\divx\divx player\divx player.exe packed file PE_Patch.PECompact 
10/22/2009 10:06:39 PM File: c:\program files (x86)\divx\divx player\divx player.exe//PE_Patch.PECompact packed file PecBundle 
10/22/2009 10:06:39 PM File: c:\program files (x86)\divx\divx player\divx player.exe//PE_Patch.PECompact//PecBundle packed file PECompact 
10/22/2009 10:06:39 PM File: c:\program files (x86)\divx\divx player\divx player.exe//PE_Patch.PECompact//PecBundle//PECompact ok scanned
10/22/2009 10:06:39 PM File: c:\program files (x86)\divx\divx player\divx player.exe//PE_Patch.PECompact//PecBundle ok scanned
10/22/2009 10:06:39 PM File: c:\program files (x86)\divx\divx player\divx player.exe//PE_Patch.PECompact ok scanned
10/22/2009 10:06:39 PM File: c:\program files (x86)\divx\divx player\divx player.exe ok scanned
10/22/2009 10:06:39 PM File: c:\program files (x86)\download manager\dlm.exe ok scanned
10/22/2009 10:06:39 PM File: c:\windows\system32\mspaint.exe ok scanned
10/22/2009 10:06:39 PM File: c:\windows\explorer.exe ok scanned
10/22/2009 10:06:39 PM File: c:\windows\system32\fontview.exe ok scanned
10/22/2009 10:06:39 PM File: c:\program files (x86)\internet explorer\iexplore.exe ok scanned
10/22/2009 10:06:39 PM File: c:\windows\winhlp32.exe ok scanned
10/22/2009 10:06:40 PM File: c:\program files (x86)\windows photo gallery\photoviewer.dll ok scanned
10/22/2009 10:06:40 PM File: c:\program files (x86)\java\jre6\bin\javaw.exe ok scanned
10/22/2009 10:06:40 PM File: c:\program files (x86)\java\jre6\bin\javaws.exe ok scanned
10/22/2009 10:06:40 PM File: c:\windows\system32\wscript.exe ok scanned
10/22/2009 10:06:40 PM File: c:\program files (x86)\adobe\adobe utilities\extendscript toolkit cs4\extendscript toolkit.exe ok scanned
10/22/2009 10:06:41 PM File: c:\program files (x86)\mediamonkey\mediamonkey.exe ok scanned
10/22/2009 10:06:42 PM File: c:\program files (x86)\adobe\adobe after effects cs4\mocha\bin\mocha for after effects.exe ok scanned
10/22/2009 10:06:42 PM File: c:\windows\system32\mmc.exe ok scanned
10/22/2009 10:06:42 PM File: c:\windows\system32\msinfo32.exe ok scanned
10/22/2009 10:06:42 PM File: c:\windows\system32\shell32.dll ok scanned
10/22/2009 10:06:42 PM File: c:\windows\system32\desk.cpl ok scanned
10/22/2009 10:06:42 PM File: c:\windows\system32\rasphone.exe ok scanned
10/22/2009 10:06:42 PM File: c:\windows\system32\perfmon.msc ok scanned
10/22/2009 10:06:44 PM File: c:\program files\adobe\adobe photoshop cs4 (64 bit)\photoshop.exe ok scanned
10/22/2009 10:06:44 PM File: c:\windows\system32\msrating.dll ok scanned
10/22/2009 10:06:44 PM File: C:\Windows\system32\rundll32.exe ok scanned
10/22/2009 10:06:44 PM File: C:\Windows\system32\msrating.dll ok scanned
10/22/2009 10:06:44 PM File: c:\program files (x86)\windows nt\accessories\wordpad.exe ok scanned
10/22/2009 10:06:44 PM File: c:\windows\syswow64\notepad.exe ok scanned
10/22/2009 10:06:44 PM File: c:\program files (x86)\spybot - search & destroy\blindman.exe ok scanned
10/22/2009 10:06:45 PM File: c:\program files (x86)\spybot - search & destroy\spybotsd.exe ok scanned
10/22/2009 10:06:45 PM File: c:\windows\system32\wpnpinst.exe ok scanned
10/22/2009 10:06:46 PM File: c:\progra~2\winzip\winzip32.exe ok scanned
10/22/2009 10:06:46 PM File: c:\progra~2\micros~1\office11\wordview.exe ok scanned
10/22/2009 10:06:46 PM File: c:\windows\system32\eventvwr.exe ok scanned
10/22/2009 10:06:47 PM File: c:\windows\system32\migwiz\migwiz.exe ok scanned
10/22/2009 10:06:47 PM File: c:\windows\system32\sdclt.exe ok scanned
10/22/2009 10:06:47 PM File: c:\program files\7-zip\7zfm.exe ok scanned
10/22/2009 10:06:48 PM File: c:\program files (x86)\adobe\adobe dreamweaver cs4\dreamweaver.exe ok scanned
10/22/2009 10:06:48 PM File: C:\Windows\system32\shell32.dll ok scanned
10/22/2009 10:06:48 PM File: C:\Windows\explorer.exe ok scanned
10/22/2009 10:06:48 PM File: c:\windows\system32\userinit.exe ok scanned
10/22/2009 10:06:48 PM File: c:\program files\microsoft security essentials\msseces.exe ok scanned
10/22/2009 10:06:48 PM File: c:\program files (x86)\windows sidebar\sidebar.exe ok scanned
10/22/2009 10:06:48 PM File: c:\windows\system32\oobefldr.dll ok scanned
10/22/2009 10:06:48 PM File: C:\Windows\system32\oobefldr.dll ok scanned
10/22/2009 10:06:48 PM File: c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe ok scanned
10/22/2009 10:06:48 PM File: c:\windows\system32\aelupsvc.dll ok scanned
10/22/2009 10:06:48 PM File: c:\windows\system32\appinfo.dll ok scanned
10/22/2009 10:06:48 PM File: c:\windows\system32\appmgmts.dll ok scanned
10/22/2009 10:06:48 PM File: c:\windows\system32\audiosrv.dll ok scanned
10/22/2009 10:06:48 PM File: c:\windows\system32\bfe.dll ok scanned
10/22/2009 10:06:48 PM File: c:\windows\system32\browser.dll ok scanned
10/22/2009 10:06:48 PM File: c:\windows\system32\certprop.dll ok scanned
10/22/2009 10:06:48 PM File: c:\windows\system32\cryptsvc.dll ok scanned
10/22/2009 10:06:48 PM File: c:\windows\system32\cscsvc.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\dhcpcsvc.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\dnsrslvr.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\dot3svc.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\ehome\ehstart.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\emdmgmt.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\es.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\fdphost.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\fdrespub.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\hidserv.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\ikeext.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\ipbusenum.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\iphlpsvc.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\msdtckrm.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\srvsvc.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\wkssvc.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\lltdsvc.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\lmhsvc.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\mcx2svc.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\mmcss.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\mpssvc.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\iscsiexe.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\netman.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\netprofm.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\nlasvc.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\nsisvc.dll ok scanned
10/22/2009 10:06:49 PM File: c:\windows\system32\pcasvc.dll ok scanned
10/22/2009 10:06:50 PM File: c:\windows\system32\pla.dll ok scanned
10/22/2009 10:06:50 PM File: c:\windows\system32\umpnpmgr.dll ok scanned
10/22/2009 10:06:50 PM File: c:\windows\system32\p2psvc.dll ok scanned
10/22/2009 10:06:50 PM File: c:\windows\system32\ipsecsvc.dll ok scanned
10/22/2009 10:06:50 PM File: c:\windows\system32\profsvc.dll ok scanned
10/22/2009 10:06:50 PM File: c:\windows\system32\qwave.dll ok scanned
10/22/2009 10:06:50 PM File: c:\windows\system32\rasauto.dll ok scanned
10/22/2009 10:06:50 PM File: c:\windows\system32\rasmans.dll ok scanned
10/22/2009 10:06:50 PM File: c:\windows\system32\mprdim.dll ok scanned
10/22/2009 10:06:50 PM File: c:\windows\system32\regsvc.dll ok scanned
10/22/2009 10:06:50 PM File: c:\windows\system32\scardsvr.dll ok scanned
10/22/2009 10:06:50 PM File: c:\windows\system32\schedsvc.dll ok scanned
10/22/2009 10:06:50 PM File: c:\windows\system32\seclogon.dll ok scanned
10/22/2009 10:06:50 PM File: c:\windows\system32\sens.dll ok scanned
10/22/2009 10:06:50 PM File: c:\windows\system32\sessenv.dll ok scanned
10/22/2009 10:06:50 PM File: c:\windows\system32\ipnathlp.dll ok scanned
10/22/2009 10:06:50 PM File: c:\windows\system32\shsvcs.dll ok scanned
10/22/2009 10:06:50 PM File: c:\windows\system32\sluinotify.dll ok scanned
10/22/2009 10:06:50 PM File: c:\windows\system32\ssdpsrv.dll ok scanned
10/22/2009 10:06:50 PM File: c:\windows\system32\sstpsvc.dll ok scanned
10/22/2009 10:06:50 PM File: c:\windows\system32\swprv.dll ok scanned
10/22/2009 10:06:50 PM File: c:\windows\system32\sysmain.dll ok scanned
10/22/2009 10:06:51 PM File: c:\windows\system32\tabsvc.dll ok scanned
10/22/2009 10:06:51 PM File: c:\windows\system32\tapisrv.dll ok scanned
10/22/2009 10:06:51 PM File: c:\windows\system32\termsrv.dll ok scanned
10/22/2009 10:06:51 PM File: c:\windows\system32\umrdp.dll ok scanned
10/22/2009 10:06:51 PM File: c:\windows\system32\upnphost.dll ok scanned
10/22/2009 10:06:51 PM File: c:\windows\system32\uxsms.dll ok scanned
10/22/2009 10:06:51 PM File: c:\windows\system32\w32time.dll ok scanned
10/22/2009 10:06:51 PM File: c:\windows\system32\wcncsvc.dll ok scanned
10/22/2009 10:06:51 PM File: c:\windows\system32\wcspluginservice.dll ok scanned
10/22/2009 10:06:51 PM File: c:\windows\system32\webclnt.dll ok scanned
10/22/2009 10:06:51 PM File: c:\windows\system32\wecsvc.dll ok scanned
10/22/2009 10:06:51 PM File: c:\windows\system32\wercplsupport.dll ok scanned
10/22/2009 10:06:51 PM File: c:\windows\system32\winhttp.dll ok scanned
10/22/2009 10:06:51 PM File: c:\windows\system32\wbem\wmisvc.dll ok scanned
10/22/2009 10:06:51 PM File: c:\windows\system32\wsmsvc.dll ok scanned
10/22/2009 10:06:51 PM File: c:\windows\system32\wlansvc.dll ok scanned
10/22/2009 10:06:51 PM File: c:\windows\system32\wpdbusenum.dll ok scanned
10/22/2009 10:06:51 PM File: c:\windows\system32\wscsvc.dll ok scanned
10/22/2009 10:06:51 PM File: c:\windows\system32\wuaueng.dll ok scanned
10/22/2009 10:06:51 PM File: c:\windows\system32\wudfsvc.dll ok scanned
10/22/2009 10:06:51 PM File: C:\Windows\system32\winhttp.dll ok scanned
10/22/2009 10:06:51 PM File: c:\windows\system32\drivers\acpi.sys ok scanned
10/22/2009 10:06:52 PM File: c:\windows\system32\drivers\adihdaud.sys ok scanned
10/22/2009 10:06:52 PM File: c:\windows\system32\drivers\adp94xx.sys ok scanned


----------



## miller330i (Oct 18, 2009)

\parport.sys ok scanned
10/22/2009 10:06:58 PM File: c:\windows\system32\drivers\partmgr.sys ok scanned
10/22/2009 10:06:58 PM File: c:\windows\system32\drivers\pci.sys ok scanned
10/22/2009 10:06:58 PM File: c:\windows\system32\drivers\pciide.sys ok scanned
10/22/2009 10:06:58 PM File: c:\windows\system32\drivers\pcmcia.sys ok scanned
10/22/2009 10:06:58 PM File: c:\windows\system32\drivers\pcouffin.sys ok scanned
10/22/2009 10:06:58 PM File: c:\windows\system32\drivers\peauth.sys ok scanned
10/22/2009 10:06:58 PM File: c:\windows\syswow64\perfhost.exe ok scanned
10/22/2009 10:06:58 PM File: c:\windows\system32\drivers\raspptp.sys ok scanned
10/22/2009 10:06:58 PM File: c:\windows\system32\drivers\processr.sys ok scanned
10/22/2009 10:06:58 PM File: c:\windows\system32\drivers\pacer.sys ok scanned
10/22/2009 10:06:58 PM File: c:\windows\system32\drivers\ql2300.sys ok scanned
10/22/2009 10:06:58 PM File: c:\windows\system32\drivers\ql40xx.sys ok scanned
10/22/2009 10:06:58 PM File: c:\windows\system32\drivers\qwavedrv.sys ok scanned
10/22/2009 10:06:58 PM File: c:\windows\system32\drivers\rasacd.sys ok scanned
10/22/2009 10:06:58 PM File: c:\windows\system32\drivers\rasl2tp.sys ok scanned
10/22/2009 10:06:58 PM File: c:\windows\system32\drivers\raspppoe.sys ok scanned
10/22/2009 10:06:58 PM File: c:\windows\system32\drivers\rassstp.sys ok scanned
10/22/2009 10:06:58 PM File: c:\windows\system32\drivers\rdbss.sys ok scanned
10/22/2009 10:06:58 PM File: c:\windows\system32\drivers\rdpcdd.sys ok scanned
10/22/2009 10:06:58 PM File: c:\windows\system32\drivers\rdpdr.sys ok scanned
10/22/2009 10:06:59 PM File: c:\windows\system32\drivers\rdpencdd.sys ok scanned
10/22/2009 10:06:59 PM File: c:\program files (x86)\rivatuner v2.24\rivatuner64.sys ok scanned
10/22/2009 10:06:59 PM File: c:\windows\system32\locator.exe ok scanned
10/22/2009 10:06:59 PM File: c:\windows\system32\drivers\rspndr.sys ok scanned
10/22/2009 10:06:59 PM File: c:\windows\system32\drivers\rtlh64.sys ok scanned
10/22/2009 10:06:59 PM File: c:\windows\system32\drivers\sbp2port.sys ok scanned
10/22/2009 10:06:59 PM File: c:\windows\system32\sdrsvc.dll ok scanned
10/22/2009 10:06:59 PM File: c:\windows\system32\drivers\serenum.sys ok scanned
10/22/2009 10:06:59 PM File: c:\windows\system32\drivers\serial.sys ok scanned
10/22/2009 10:06:59 PM File: c:\windows\system32\drivers\sermouse.sys ok scanned
10/22/2009 10:06:59 PM File: c:\windows\system32\drivers\sffdisk.sys ok scanned
10/22/2009 10:06:59 PM File: c:\windows\system32\drivers\sffp_mmc.sys ok scanned
10/22/2009 10:06:59 PM File: c:\windows\system32\drivers\sffp_sd.sys ok scanned
10/22/2009 10:06:59 PM File: c:\windows\system32\drivers\sfloppy.sys ok scanned
10/22/2009 10:06:59 PM File: c:\windows\system32\drivers\sisraid2.sys ok scanned
10/22/2009 10:06:59 PM File: c:\windows\system32\drivers\sisraid4.sys ok scanned
10/22/2009 10:06:59 PM File: c:\windows\system32\slsvc.exe ok scanned
10/22/2009 10:06:59 PM File: c:\windows\system32\drivers\smb.sys ok scanned
10/22/2009 10:06:59 PM File: c:\windows\system32\snmptrap.exe ok scanned
10/22/2009 10:06:59 PM  File: c:\program files (x86)\common files\creative labs shared\service\xmblicensing.exe ok scanned
10/22/2009 10:06:59 PM File: c:\windows\system32\spoolsv.exe ok scanned
10/22/2009 10:06:59 PM File: c:\windows\system32\drivers\sptd.sys skipped locked
10/22/2009 10:06:59 PM File: c:\windows\system32\drivers\srv.sys ok scanned
10/22/2009 10:06:59 PM File: c:\windows\system32\drivers\srv2.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\srvnet.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\swenum.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\symc8xx.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\sym_hi.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\sym_u3.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\tcpip.sys ok scanned
10/22/2009 10:07:00 PM File: C:\Windows\system32\drivers\tcpip.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\tcpipreg.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\tdpipe.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\tdtcp.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\tdx.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\termdd.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\tssecsrv.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\tunmp.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\tunnel.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\uagp35.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\udfs.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\ui0detect.exe ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\uliagpkx.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\uliahci.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\ulsata.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\ulsata2.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\umbus.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\usbccgp.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\usbcir.sys ok scanned
10/22/2009 10:07:00 PM File: c:\windows\system32\drivers\usbehci.sys ok scanned
10/22/2009 10:07:01 PM File: c:\windows\system32\drivers\usbhub.sys ok scanned
10/22/2009 10:07:01 PM File: c:\windows\system32\drivers\usbohci.sys ok scanned
10/22/2009 10:07:01 PM File: c:\windows\system32\drivers\usbprint.sys ok scanned
10/22/2009 10:07:01 PM File: c:\windows\system32\drivers\usbscan.sys ok scanned
10/22/2009 10:07:01 PM File: c:\windows\system32\drivers\usbstor.sys ok scanned
10/22/2009 10:07:01 PM File: c:\windows\system32\drivers\usbuhci.sys ok scanned
10/22/2009 10:07:01 PM File: c:\windows\system32\vds.exe ok scanned
10/22/2009 10:07:01 PM File: c:\windows\system32\drivers\vgapnp.sys ok scanned
10/22/2009 10:07:01 PM File: c:\windows\system32\drivers\vga.sys ok scanned
10/22/2009 10:07:01 PM File: c:\windows\system32\drivers\viaide.sys ok scanned
10/22/2009 10:07:01 PM File: c:\windows\system32\drivers\volmgr.sys ok scanned
10/22/2009 10:07:01 PM File: c:\windows\system32\drivers\volmgrx.sys ok scanned
10/22/2009 10:07:01 PM File: c:\windows\system32\drivers\volsnap.sys ok scanned
10/22/2009 10:07:01 PM File: c:\windows\system32\drivers\vsmraid.sys ok scanned
10/22/2009 10:07:01 PM File: c:\windows\system32\vssvc.exe ok scanned
10/22/2009 10:07:01 PM File: c:\windows\system32\drivers\wacompen.sys ok scanned
10/22/2009 10:07:01 PM File: c:\windows\system32\drivers\wanarp.sys ok scanned
10/22/2009 10:07:01 PM File: C:\Windows\system32\drivers\wanarp.sys ok scanned
10/22/2009 10:07:01 PM File: c:\windows\system32\wbengine.exe ok scanned
10/22/2009 10:07:01 PM File: c:\windows\system32\drivers\wd.sys ok scanned
10/22/2009 10:07:01 PM File: c:\windows\system32\drivers\wdf01000.sys ok scanned
10/22/2009 10:07:01 PM File: c:\windows\system32\drivers\wmiacpi.sys ok scanned
10/22/2009 10:07:01 PM File: c:\windows\system32\wbem\wmiapsrv.exe ok scanned
10/22/2009 10:07:02 PM File: c:\windows\system32\drivers\ws2ifsl.sys ok scanned
10/22/2009 10:07:02 PM File: c:\windows\system32\searchindexer.exe ok scanned
10/22/2009 10:07:02 PM File: c:\windows\system32\drivers\wudfrd.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\acpi.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\adihdaud.sys ok scanned
10/22/2009 10:07:02 PM File: c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\amdlld64.sys ok scanned
10/22/2009 10:07:02 PM File: c:\windows\system32\drivers\amdtools64.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\syswow64\drivers\asio.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\asyncmac.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\atapi.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\atihdmi.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\atikmdag.sys ok scanned
10/22/2009 10:07:02 PM File: c:\windows\system32\drivers\atipcie.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\bowser.sys ok scanned
10/22/2009 10:07:02 PM File: c:\program files (x86)\canon\cal\calmain.exe ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\cdfs.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\cdrom.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\clfs.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\crcdisk.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\csc.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\dfsc.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\disk.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\drmkaud.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\e1g6032e.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\ecache.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\fdc.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\fileinfo.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\filetrace.sys ok scanned
10/22/2009 10:07:02 PM File: c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe ok scanned
10/22/2009 10:07:02 PM File: c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice64.exe ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\flpydisk.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\fltmgr.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\fvevol.sys ok scanned
10/22/2009 10:07:02 PM File: C:\Windows\system32\drivers\gearaspiwdm.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\hdaudio.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\hdaudbus.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\hidusb.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\http.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\i8042prt.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\intelppm.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\ipfltdrv.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\ipnat.sys ok scanned
10/22/2009 10:07:03 PM File: c:\program files\ipod\bin\ipodservice.exe ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\irenum.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\msiscsi.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\kbdclass.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\kbdhid.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\ksecdd.sys ok scanned
10/22/2009 10:07:03 PM File: c:\program files (x86)\lavasoft\ad-aware\aawservice.exe ok scanned
10/22/2009 10:07:03 PM File: c:\windows\system32\drivers\lbd.sys ok scanned
10/22/2009 10:07:03 PM File: c:\windows\runservice.exe ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\lltdio.sys ok scanned
10/22/2009 10:07:03 PM File: c:\windows\system32\drivers\lvpr2m64.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\lvpr2m64.sys ok scanned
10/22/2009 10:07:03 PM File: c:\program files\common files\logishrd\lvmvfm\lvprcsrv.exe ok scanned
10/22/2009 10:07:03 PM File: c:\windows\system32\drivers\mcdbus.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\modem.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\monitor.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\mouclass.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\mouhid.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\mountmgr.sys ok scanned
10/22/2009 10:07:03 PM File: c:\windows\system32\drivers\mpfilter.sys ok scanned
10/22/2009 10:07:03 PM File: c:\windows\system32\drivers\mpnwmon.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\mpsdrv.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\mrxsmb.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\mrxsmb10.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\mrxsmb20.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\msisadrv.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\mskssrv.sys ok scanned
10/22/2009 10:07:03 PM File: c:\program files\microsoft security essentials\msmpeng.exe ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\mspclock.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\mspqm.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\mssmbios.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\mstee.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\asacpi.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\mup.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\nwifi.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\ndis.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\ndistapi.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\ndisuio.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\ndiswan.sys ok scanned
10/22/2009 10:07:03 PM File: c:\program files (x86)\nero\nero8\nero backitup\nbservice.exe ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\netbios.sys ok scanned
10/22/2009 10:07:03 PM File: C:\Windows\system32\drivers\netbt.sys ok scanned
10/22/2009 10:07:04 PM File: c:\program files (x86)\common files\nero\lib\nmindexingservice.exe ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\nsiproxy.sys ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\ohci1394.sys ok scanned
10/22/2009 10:07:04 PM File: c:\program files (x86)\common files\microsoft shared\source engine\ose.exe ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\partmgr.sys ok scanned
10/22/2009 10:07:04 PM File: c:\windows\system32\drivers\pavboot64.sys ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\pci.sys ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\pciide.sys ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\peauth.sys ok scanned
10/22/2009 10:07:04 PM File: c:\windows\system32\drivers\lv561v64.sys ok scanned
10/22/2009 10:07:04 PM File: c:\windows\syswow64\ioctlsvc.exe ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\raspptp.sys ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\processr.sys ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\pacer.sys ok scanned
10/22/2009 10:07:04 PM File: c:\windows\system32\drivers\pwipf6.sys ok scanned
10/22/2009 10:07:04 PM File: c:\windows\system32\drivers\pxhlpa64.sys ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\rasacd.sys ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\rasl2tp.sys ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\raspppoe.sys ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\rassstp.sys ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\rdbss.sys ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\rdpcdd.sys ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\rdpdr.sys ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\rdpencdd.sys ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\regsvc.dll ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\rspndr.sys ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\rtlh64.sys ok scanned
10/22/2009 10:07:04 PM File: c:\program files (x86)\spybot - search & destroy\sdwinsec.exe ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\sdrsvc.dll ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\smb.sys ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\sptd.sys skipped locked
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\srv.sys ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\srv2.sys ok scanned
10/22/2009 10:07:04 PM File: C:\Windows\system32\drivers\srvnet.sys ok scanned
10/22/2009 10:07:05 PM File: c:\windows\system32\drivers\ssfs0bbc.sys ok scanned
10/22/2009 10:07:05 PM File: c:\windows\system32\drivers\ssidrv.sys ok scanned
10/22/2009 10:07:05 PM File: c:\windows\system32\drivers\starportlite.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\swenum.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\swprv.dll ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\tcpipreg.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\tdpipe.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\tdtcp.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\tdx.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\termdd.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\tssecsrv.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\tunmp.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\tunnel.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\udfs.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\umbus.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\usbccgp.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\usbehci.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\usbhub.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\usbohci.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\usbprint.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\usbscan.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\usbstor.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\usbuhci.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\vgapnp.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\volmgr.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\volmgrx.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\volsnap.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\wdf01000.sys ok scanned
10/22/2009 10:07:05 PM File: c:\program files (x86)\webroot\webrootsecurity\spysweeper.exe ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\wmiacpi.sys ok scanned
10/22/2009 10:07:05 PM File: c:\windows\system32\drivers\wpdusb.sys ok scanned
10/22/2009 10:07:05 PM File: c:\program files (x86)\webroot\webrootsecurity\wrconsumerservice.exe ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\wudfrd.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\amdtools64.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\atipcie.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\lbd.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\mcdbus.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\mpfilter.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\mpnwmon.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\lv561v64.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\pwipf6.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\pxhlpa64.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\ssfs0bbc.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\ssidrv.sys ok scanned
10/22/2009 10:07:05 PM File: C:\Windows\system32\drivers\starportlite.sys ok scanned
10/22/2009 10:07:06 PM File: C:\Windows\system32\drivers\wpdusb.sys ok scanned
10/22/2009 10:07:06 PM File: c:\windows\system32\autochk.exe ok scanned
10/22/2009 10:07:06 PM File: C:\Windows\system32\autochk.exe ok scanned
10/22/2009 10:07:06 PM File: c:\windows\system32\lsdelete.exe ok scanned
10/22/2009 10:07:06 PM File: C:\Windows\system32\lsdelete.exe ok scanned
10/22/2009 10:07:06 PM File: c:\windows\system32\unregmp2.exe ok scanned
10/22/2009 10:07:06 PM File: c:\windows\syswow64\ie4uinit.exe ok scanned
10/22/2009 10:07:06 PM File: c:\windows\system32\iedkcs32.dll ok scanned
10/22/2009 10:07:06 PM File: c:\windows\system32\regsvr32.exe ok scanned
10/22/2009 10:07:06 PM File: c:\windows\system32\themeui.dll ok scanned
10/22/2009 10:07:06 PM File: c:\program files (x86)\windows mail\winmail.exe ok scanned
10/22/2009 10:07:06 PM File: c:\windows\syswow64\rundll32.exe ok scanned
10/22/2009 10:07:06 PM File: c:\windows\syswow64\mscories.dll ok scanned
10/22/2009 10:07:06 PM File: c:\windows\system32\ie4uinit.exe ok scanned
10/22/2009 10:07:06 PM File: C:\Windows\system32\iedkcs32.dll ok scanned
10/22/2009 10:07:06 PM File: C:\Windows\system32\regsvr32.exe ok scanned
10/22/2009 10:07:06 PM File: c:\windows\system32\mscories.dll ok scanned
10/22/2009 10:07:06 PM File: c:\windows\system32\msrle32.dll ok scanned
10/22/2009 10:07:06 PM File: c:\windows\system32\msvidc32.dll ok scanned
10/22/2009 10:07:06 PM File: c:\windows\system32\imaadp32.acm ok scanned
10/22/2009 10:07:06 PM File: c:\windows\system32\msg711.acm ok scanned
10/22/2009 10:07:06 PM File: c:\windows\system32\msgsm32.acm ok scanned
10/22/2009 10:07:06 PM File: c:\windows\system32\msadp32.acm ok scanned
10/22/2009 10:07:06 PM File: c:\windows\system32\midimap.dll ok scanned
10/22/2009 10:07:07 PM File: c:\windows\system32\msacm32.drv ok scanned
10/22/2009 10:07:07 PM File: c:\windows\system32\msyuv.dll ok scanned
10/22/2009 10:07:07 PM File: C:\Windows\system32\msyuv.dll ok scanned
10/22/2009 10:07:07 PM File: c:\windows\system32\iyuv_32.dll ok scanned
10/22/2009 10:07:07 PM File: c:\windows\system32\tsbyuv.dll ok scanned
10/22/2009 10:07:07 PM File: c:\windows\syswow64\l3codeca.acm ok scanned
10/22/2009 10:07:07 PM File: c:\windows\system32\wdmaud.drv ok scanned
10/22/2009 10:07:07 PM File: C:\Windows\system32\wdmaud.drv ok scanned
10/22/2009 10:07:07 PM File: C:\Windows\system32\msrle32.dll ok scanned
10/22/2009 10:07:07 PM File: C:\Windows\system32\msvidc32.dll ok scanned
10/22/2009 10:07:07 PM File: C:\Windows\system32\imaadp32.acm ok scanned
10/22/2009 10:07:07 PM File: C:\Windows\system32\msg711.acm ok scanned
10/22/2009 10:07:07 PM File: C:\Windows\system32\msgsm32.acm ok scanned
10/22/2009 10:07:07 PM File: C:\Windows\system32\msadp32.acm ok scanned
10/22/2009 10:07:07 PM File: C:\Windows\system32\midimap.dll ok scanned
10/22/2009 10:07:07 PM File: C:\Windows\system32\msacm32.drv ok scanned
10/22/2009 10:07:07 PM File: C:\Windows\system32\iyuv_32.dll ok scanned
10/22/2009 10:07:07 PM File: c:\windows\system32\lvcod64.dll ok scanned
10/22/2009 10:07:07 PM File: C:\Windows\system32\tsbyuv.dll ok scanned
10/22/2009 10:07:07 PM File: c:\windows\system32\l3codeca.acm ok scanned
10/22/2009 10:07:07 PM File: c:\windows\system32\vfwwdm32.dll ok scanned
10/22/2009 10:07:07 PM File: C:\Windows\system32\vfwwdm32.dll ok scanned
10/22/2009 10:07:07 PM File: c:\windows\syswow64\logon.scr ok scanned
10/22/2009 10:07:07 PM File: c:\windows\system32\logon.scr ok scanned
10/22/2009 10:07:07 PM File: c:\windows\system32\browseui.dll ok scanned
10/22/2009 10:07:07 PM File: c:\windows\system32\shdocvw.dll ok scanned
10/22/2009 10:07:07 PM File: c:\windows\system32\dsuiext.dll ok scanned
10/22/2009 10:07:08 PM File: c:\windows\system32\dsquery.dll ok scanned
10/22/2009 10:07:08 PM File: c:\windows\system32\rshx32.dll ok scanned
10/22/2009 10:07:08 PM File: C:\Windows\system32\rshx32.dll ok scanned
10/22/2009 10:07:08 PM File: c:\windows\system32\propsys.dll ok scanned
10/22/2009 10:07:08 PM File: c:\windows\system32\ntshrui.dll ok scanned
10/22/2009 10:07:08 PM File: C:\Windows\system32\ntshrui.dll ok scanned
10/22/2009 10:07:08 PM File: c:\windows\system32\networkexplorer.dll ok scanned


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------
All objects 1042 0 0 0 0 0 4 0 0
System memory 615 0 0 0 0 0 0 0 0
Startup objects 427 0 0 0 0 0 4 0 0
Disk boot sectors 0 0 0 0 0 0 0 0 0
Documents 0 0 0 0 0 0 0 0 0
Mail databases 0 0 0 0 0 0 0 0 0
Computer 0 0 0 0 0 0 0 0 0
Local Disk (C 0 0 0 0 0 0 0 0 0


Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes


----------



## emeraldnzl (Nov 3, 2007)

Hello again miller330i,


Close all windows and open *OTL* again. 
Click *Run Scan* and let the program run uninterrupted
It will produce a log for you. Post the log here.


----------



## miller330i (Oct 18, 2009)

OTL logfile created on: 10/23/2009 4:10:49 PM - Run 4
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Users\Desktop\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 49.22% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.46 Gb Total Space | 156.16 Gb Free Space | 55.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 279.45 Gb Total Space | 10.30 Gb Free Space | 3.69% Space Free | Partition Type: NTFS
Drive F: | 3.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP1
Current User Name: Desktop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files (x86)\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Users\Desktop\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\DAODx.exe ()
PRC - C:\Windows\runservice.exe ()
PRC - C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

========== Win32 Services (SafeList) ==========

SRV - (Adobe Version Cue CS4 [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (AODService [Disabled | Stopped]) -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService [Disabled | Stopped]) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1ca148920d17d96 [Disabled | Stopped]) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service [Auto | Stopped]) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LicCtrlService [Auto | Running]) -- C:\Windows\runservice.exe ()
SRV - (LightScribeService [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MSDTC [Unknown | Stopped]) -- C:\Windows\SysWow64\Msdtc [2006/11/02 06:34:14 | 00,000,000 | ---D | M]
SRV - (Nero BackItUp Scheduler 3 [Disabled | Stopped]) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NMIndexingService [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service [Disabled | Stopped]) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (PnkBstrA [Auto | Running]) -- C:\Windows\SysWow64\PnkBstrA.exe ()
SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Sound Blaster X-Fi MB Licensing Service [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
SRV - (vds [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vds.mof ()
SRV - (VSS [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vss.mof ()
SRV - (WebrootSpySweeperService [Auto | Running]) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (WRConsumerService [Auto | Running]) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV:*64bit:* - (AEADIFilters [Disabled | Stopped]) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV:*64bit:* - (AMD External Events Utility [Auto | Running]) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:*64bit:* - (AppMgmt [On_Demand | Stopped]) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:*64bit:* - (CscService [Auto | Running]) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (Fax [On_Demand | Stopped]) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation)
SRV:*64bit:* - (FLEXnet Licensing Service 64 [Disabled | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:*64bit:* - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV:*64bit:* - (LVPrcS64 [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:*64bit:* - (MsMpSvc [Auto | Running]) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:*64bit:* - (UmRdpService [On_Demand | Stopped]) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:*64bit:* - (wbengine [On_Demand | Stopped]) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:*64bit:* - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adfs [Auto | Running]) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (AsIO [System | Running]) -- C:\Windows\SysWow64\drivers\AsIO.sys ()
DRV - (atillk64 [On_Demand | Stopped]) -- C:\Program Files (x86)\ATI Technologies\AMD GPU Clock Tool\atillk64.sys (ATI Technologies Inc.)
DRV - (CSC [System | Running]) -- C:\Windows\CSC [2009/08/02 17:24:44 | 00,000,000 | ---D | M]
DRV - (is-US5VGdrv [System | Stopped]) -- C:\Windows\SysWow64\DRIVERS\34972332.sys (Kaspersky Lab)
DRV - (mcdbus [On_Demand | Running]) -- C:\Windows\SysWow64\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV - (mpsdrv [On_Demand | Running]) -- C:\Windows\SysWow64\Wbem\mpsdrv.mof ()
DRV - (Partizan [Boot | Stopped]) -- C:\Windows\SysWow64\Partizan.RRI ()
DRV - (pwipf6 [System | Running]) -- C:\Windows\SysWow64\DRIVERS\pwipf6.sys (Privacyware/PWI, Inc.)
DRV - (RegGuard [On_Demand | Stopped]) -- C:\Windows\SysWow64\Drivers\regguard.sys (Greatis Software)
DRV - (RivaTuner64 [On_Demand | Stopped]) -- C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys ()
DRV - (Tcpip [Boot | Running]) -- C:\Windows\SysWow64\Wbem\tcpip.mof ()
DRV - (utm3mzg3 [On_Demand | Stopped]) -- C:\Windows\SysWow64\Drivers\utm3mzg3.sys ()
DRV:*64bit:* - (adfs [Auto | Running]) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:*64bit:* - (ADIHdAudAddService [On_Demand | Running]) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:*64bit:* - (AmdLLD64 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (Advanced Micro Devices)
DRV:*64bit:* - (AmdTools [System | Stopped]) -- C:\Windows\SysNative\DRIVERS\AmdTools64.sys (AMD, Inc.)
DRV:*64bit:* - (AtiHdmiService [On_Demand | Running]) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:*64bit:* - (atikmdag [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:*64bit:* - (AtiPcie [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:*64bit:* - (CSC [System | Running]) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:*64bit:* - (fvevol [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\fvevol.sys (Microsoft Corporation)
DRV:*64bit:* - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:*64bit:* - (HdAudAddService [On_Demand | Stopped]) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:*64bit:* - (Lbd [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:*64bit:* - (LVPr2M64 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:*64bit:* - (LVPr2Mon [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:*64bit:* - (mcdbus [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:*64bit:* - (MpFilter [System | Running]) -- C:\Windows\SysNative\DRIVERS\MpFilter.sys (Microsoft Corporation)
DRV:*64bit:* - (MpNWMon [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\MpNWMon.sys (Microsoft Corporation)
DRV:*64bit:* - (MTsensor [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:*64bit:* - (pavboot [Boot | Running]) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:*64bit:* - (PID_0928 [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\LV561V64.SYS (Logitech Inc.)
DRV:*64bit:* - (pwipf6 [System | Running]) -- C:\Windows\SysNative\DRIVERS\pwipf6.sys (Privacyware/PWI, Inc.)
DRV:*64bit:* - (PxHlpa64 [Boot | Running]) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:*64bit:* - (RTL8169 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:*64bit:* - (sptd [Boot | Running]) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:*64bit:* - (ssfs0bbc [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV:*64bit:* - (ssidrv [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV:*64bit:* - (StarPortLite [System | Running]) -- C:\Windows\SysNative\DRIVERS\StarPortLite.sys (Rocket Division Software)
DRV:*64bit:* - (WpdUsb [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Desktop\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Sky Web Search"
FF - prefs.js..browser.search.selectedEngine: "Sky Web Search"
FF - prefs.js..browser.startup.homepage: " "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/03 12:48:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/09/30 22:19:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/10/14 12:40:10 | 00,000,000 | ---D | M]

[2009/08/08 09:45:48 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Extensions
[2009/08/08 09:45:48 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/23 08:12:27 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Firefox\Profiles\kwgeslrt.default\extensions
[2009/09/23 13:54:59 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Firefox\Profiles\kwgeslrt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/23 08:12:27 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/09/30 22:19:50 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/21 12:10:23 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/24 13:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 13:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/07/13 17:16:26 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll
[2009/08/21 12:10:15 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll
[2009/07/13 17:15:48 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll
[2009/07/13 17:15:58 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/24 13:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/13 17:16:26 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll
[2009/08/24 11:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 11:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/08/24 11:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 11:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 11:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/08/24 11:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 11:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (794 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:*64bit:* - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg64.dll (Google Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:*64bit:* - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found


----------



## miller330i (Oct 18, 2009)

OTL logfile created on: 10/23/2009 4:10:49 PM - Run 4
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Users\Desktop\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 49.22% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.46 Gb Total Space | 156.16 Gb Free Space | 55.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 279.45 Gb Total Space | 10.30 Gb Free Space | 3.69% Space Free | Partition Type: NTFS
Drive F: | 3.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP1
Current User Name: Desktop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files (x86)\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Users\Desktop\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\DAODx.exe ()
PRC - C:\Windows\runservice.exe ()
PRC - C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

========== Win32 Services (SafeList) ==========

SRV - (Adobe Version Cue CS4 [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (AODService [Disabled | Stopped]) -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService [Disabled | Stopped]) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1ca148920d17d96 [Disabled | Stopped]) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service [Auto | Stopped]) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LicCtrlService [Auto | Running]) -- C:\Windows\runservice.exe ()
SRV - (LightScribeService [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MSDTC [Unknown | Stopped]) -- C:\Windows\SysWow64\Msdtc [2006/11/02 06:34:14 | 00,000,000 | ---D | M]
SRV - (Nero BackItUp Scheduler 3 [Disabled | Stopped]) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NMIndexingService [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service [Disabled | Stopped]) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (PnkBstrA [Auto | Running]) -- C:\Windows\SysWow64\PnkBstrA.exe ()
SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Sound Blaster X-Fi MB Licensing Service [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
SRV - (vds [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vds.mof ()
SRV - (VSS [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vss.mof ()
SRV - (WebrootSpySweeperService [Auto | Running]) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (WRConsumerService [Auto | Running]) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV:*64bit:* - (AEADIFilters [Disabled | Stopped]) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV:*64bit:* - (AMD External Events Utility [Auto | Running]) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:*64bit:* - (AppMgmt [On_Demand | Stopped]) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:*64bit:* - (CscService [Auto | Running]) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (Fax [On_Demand | Stopped]) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation)
SRV:*64bit:* - (FLEXnet Licensing Service 64 [Disabled | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:*64bit:* - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV:*64bit:* - (LVPrcS64 [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:*64bit:* - (MsMpSvc [Auto | Running]) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:*64bit:* - (UmRdpService [On_Demand | Stopped]) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:*64bit:* - (wbengine [On_Demand | Stopped]) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:*64bit:* - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adfs [Auto | Running]) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (AsIO [System | Running]) -- C:\Windows\SysWow64\drivers\AsIO.sys ()
DRV - (atillk64 [On_Demand | Stopped]) -- C:\Program Files (x86)\ATI Technologies\AMD GPU Clock Tool\atillk64.sys (ATI Technologies Inc.)
DRV - (CSC [System | Running]) -- C:\Windows\CSC [2009/08/02 17:24:44 | 00,000,000 | ---D | M]
DRV - (is-US5VGdrv [System | Stopped]) -- C:\Windows\SysWow64\DRIVERS\34972332.sys (Kaspersky Lab)
DRV - (mcdbus [On_Demand | Running]) -- C:\Windows\SysWow64\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV - (mpsdrv [On_Demand | Running]) -- C:\Windows\SysWow64\Wbem\mpsdrv.mof ()
DRV - (Partizan [Boot | Stopped]) -- C:\Windows\SysWow64\Partizan.RRI ()
DRV - (pwipf6 [System | Running]) -- C:\Windows\SysWow64\DRIVERS\pwipf6.sys (Privacyware/PWI, Inc.)
DRV - (RegGuard [On_Demand | Stopped]) -- C:\Windows\SysWow64\Drivers\regguard.sys (Greatis Software)
DRV - (RivaTuner64 [On_Demand | Stopped]) -- C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys ()
DRV - (Tcpip [Boot | Running]) -- C:\Windows\SysWow64\Wbem\tcpip.mof ()
DRV - (utm3mzg3 [On_Demand | Stopped]) -- C:\Windows\SysWow64\Drivers\utm3mzg3.sys ()
DRV:*64bit:* - (adfs [Auto | Running]) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:*64bit:* - (ADIHdAudAddService [On_Demand | Running]) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:*64bit:* - (AmdLLD64 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (Advanced Micro Devices)
DRV:*64bit:* - (AmdTools [System | Stopped]) -- C:\Windows\SysNative\DRIVERS\AmdTools64.sys (AMD, Inc.)
DRV:*64bit:* - (AtiHdmiService [On_Demand | Running]) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:*64bit:* - (atikmdag [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:*64bit:* - (AtiPcie [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:*64bit:* - (CSC [System | Running]) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:*64bit:* - (fvevol [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\fvevol.sys (Microsoft Corporation)
DRV:*64bit:* - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:*64bit:* - (HdAudAddService [On_Demand | Stopped]) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:*64bit:* - (Lbd [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:*64bit:* - (LVPr2M64 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:*64bit:* - (LVPr2Mon [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:*64bit:* - (mcdbus [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:*64bit:* - (MpFilter [System | Running]) -- C:\Windows\SysNative\DRIVERS\MpFilter.sys (Microsoft Corporation)
DRV:*64bit:* - (MpNWMon [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\MpNWMon.sys (Microsoft Corporation)
DRV:*64bit:* - (MTsensor [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:*64bit:* - (pavboot [Boot | Running]) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:*64bit:* - (PID_0928 [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\LV561V64.SYS (Logitech Inc.)
DRV:*64bit:* - (pwipf6 [System | Running]) -- C:\Windows\SysNative\DRIVERS\pwipf6.sys (Privacyware/PWI, Inc.)
DRV:*64bit:* - (PxHlpa64 [Boot | Running]) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:*64bit:* - (RTL8169 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:*64bit:* - (sptd [Boot | Running]) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:*64bit:* - (ssfs0bbc [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV:*64bit:* - (ssidrv [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV:*64bit:* - (StarPortLite [System | Running]) -- C:\Windows\SysNative\DRIVERS\StarPortLite.sys (Rocket Division Software)
DRV:*64bit:* - (WpdUsb [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Desktop\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


----------



## miller330i (Oct 18, 2009)

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Sky Web Search"
FF - prefs.js..browser.search.selectedEngine: "Sky Web Search"
FF - prefs.js..browser.startup.homepage: " "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/03 12:48:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/09/30 22:19:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/10/14 12:40:10 | 00,000,000 | ---D | M]

[2009/08/08 09:45:48 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Extensions
[2009/08/08 09:45:48 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/23 08:12:27 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Firefox\Profiles\kwgeslrt.default\extensions
[2009/09/23 13:54:59 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Firefox\Profiles\kwgeslrt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/23 08:12:27 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/09/30 22:19:50 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/21 12:10:23 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/24 13:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 13:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/07/13 17:16:26 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll
[2009/08/21 12:10:15 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll
[2009/07/13 17:15:48 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll
[2009/07/13 17:15:58 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/24 13:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/13 17:16:26 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll
[2009/08/24 11:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 11:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/08/24 11:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 11:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 11:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/08/24 11:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 11:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (794 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:*64bit:* - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg64.dll (Google Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:*64bit:* - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-US5VG.lnk = C:\Users\Desktop\Desktop\Virus Removal Tool\is-US5VG\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:*64bit:* - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:*64bit:* - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:*64bit:* - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:*64bit:* - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:*64bit:* - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWow64\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWow64\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWow64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18:*64bit:* - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:*64bit:* - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWow64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWow64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWow64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)


----------



## miller330i (Oct 18, 2009)

O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:*64bit:* - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWow64\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - Reg Error: Key error. File not found
O29:*64bit:* - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/30 15:36:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/10/29 10:18:56 | 00,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/06/25 06:29:25 | 00,000,045 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{71927353-afab-11de-b56d-002618359de8}\Shell - "" = AutoRun
O33 - MountPoints2\{71927353-afab-11de-b56d-002618359de8}\Shell\AutoRun\command - "" = F:\Startup.exe -- [2007/05/07 03:15:11 | 01,705,336 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
*64bit:* O35 - comfile [open] -- "%1" %* File not found
*64bit:* O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\Windows\SysWow64\*.tmp files]
[1 C:\Windows\*.tmp files]
[2009/10/20 23:12:51 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/14 12:06:06 | 00,000,000 | ---D | C] -- C:\ProgramData\ATI
[2009/10/22 21:51:09 | 00,000,000 | ---D | C] -- C:\ProgramData\is-US5VG
[2009/10/21 11:18:11 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/10/03 10:29:12 | 00,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2009/10/18 11:00:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/13 09:13:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
[2009/10/20 23:38:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/10/17 22:46:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2009/10/17 08:55:20 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/10/18 23:31:31 | 00,000,000 | ---D | C] -- C:\ProgramData\WebRoot
[2009/10/17 08:55:09 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Any DVD Converter Professional
[2009/10/07 20:09:00 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Canon
[2009/10/15 14:12:17 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\FastStone
[2009/10/16 08:48:55 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\ICQ
[2009/10/18 11:00:34 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Malwarebytes
[2009/10/13 09:12:55 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Microsoft Game Studios
[2009/10/17 22:46:11 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Sunbelt
[2009/10/11 21:54:08 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\vlc
[2009/10/19 00:28:44 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Webroot
[1 C:\Users\Desktop\AppData\Local\*.tmp files]
[2009/10/21 12:49:00 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Apple
[2009/10/03 10:29:33 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\LogiShrd
[2009/10/13 09:13:25 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Microsoft Game Studios
[2009/10/22 14:35:45 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Visual Business Cards
[1 C:\Users\Desktop\AppData\Local\*.tmp files]
[2009/10/19 19:25:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2009/10/13 23:26:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2009/10/17 08:55:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Any DVD Converter Professional
[2009/10/15 14:12:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Photo Resizer
[2009/10/16 08:48:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6.5
[2009/10/21 11:18:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2009/10/13 09:07:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
[2009/10/18 11:00:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/10/13 23:32:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2009/10/01 16:26:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2009/10/01 23:16:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2009/10/13 09:13:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2009/10/13 23:03:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2009/10/02 10:49:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/10/19 19:25:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP
[2009/10/22 20:52:35 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2009/10/20 23:38:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2009/10/18 17:46:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2009/10/17 22:30:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sunbelt Software
[2009/10/17 22:10:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/10/15 08:40:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2009/10/22 14:32:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Visual Business Cards
[2009/10/18 00:26:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2009/10/03 10:27:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2009/10/14 11:57:11 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2009/10/01 16:26:17 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2009/10/23 16:01:58 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Users\Desktop\Desktop\OTL.exe
[2009/10/22 21:49:19 | 00,200,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysWow64\drivers\34972332.sys
[2009/10/22 21:49:19 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Desktop\Virus Removal Tool
[2009/10/22 14:35:46 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\Visual Business Cards
[2009/10/21 11:19:47 | 00,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2009/10/19 21:25:42 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/10/19 21:25:40 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/10/19 19:25:19 | 00,078,088 | ---- | C] (Privacyware/PWI, Inc.) -- C:\Windows\SysNative\drivers\pwipf6.sys
[2009/10/19 19:25:11 | 01,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll
[2009/10/19 19:22:24 | 00,078,088 | ---- | C] (Privacyware/PWI, Inc.) -- C:\Windows\SysWow64\drivers\pwipf6.sys
[2009/10/18 12:06:58 | 00,000,000 | --SD | C] -- C:\TheHammer3533T
[2009/10/18 12:06:26 | 00,000,000 | --SD | C] -- C:\TheHammer
[2009/10/18 12:06:26 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/17 22:21:11 | 00,000,000 | ---D | C] -- C:\sbtemp
[2009/10/17 10:17:17 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\OJOsoft Corporation
[2009/10/17 08:55:21 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\Any DVD Converter Professional
[2009/10/13 23:32:20 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/10/13 23:03:07 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2009/10/13 22:58:55 | 05,690,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/10/13 22:58:53 | 07,006,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2009/10/13 22:58:52 | 01,426,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2009/10/13 22:58:52 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2009/10/13 22:58:51 | 03,599,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/13 22:58:51 | 01,176,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/10/13 22:58:51 | 00,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/10/13 22:58:50 | 06,079,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/10/13 22:58:48 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/10/13 22:58:47 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2009/10/13 22:58:47 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2009/10/13 22:58:45 | 00,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2009/10/13 22:58:45 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2009/10/13 22:58:34 | 04,698,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2009/10/13 22:58:33 | 00,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2009/10/13 22:58:33 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2009/10/13 22:58:32 | 00,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msv1_0.dll
[2009/10/13 22:58:32 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/10/13 22:57:46 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\srv2.sys
[2009/10/13 22:57:45 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2009/10/13 22:57:45 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll
[2009/10/13 16:59:22 | 02,146,304 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2009/10/13 09:52:53 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/10/13 09:07:30 | 00,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
[2009/10/13 09:07:30 | 00,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2009/10/12 20:08:55 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Desktop\Halo.2.XP-TheBabeLover
[2009/10/03 12:38:47 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\SightSpeed Recordings
[2009/10/01 16:40:24 | 00,238,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MpSigStub.exe
[2009/08/09 23:14:51 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\Desktop\AppData\Roaming\pcouffin.sys


----------



## miller330i (Oct 18, 2009)

========== Files - Modified Within 30 Days ==========

[2 C:\Windows\SysWow64\*.tmp files]
[1 C:\Windows\*.tmp files]
[1 C:\Users\Desktop\AppData\Local\*.tmp files]
[2009/10/23 16:02:01 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\Desktop\Desktop\OTL.exe
[2009/10/23 15:35:00 | 00,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/23 15:35:00 | 00,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/23 14:40:25 | 00,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/23 14:40:25 | 00,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/23 12:48:48 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/10/23 12:48:48 | 00,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/10/23 12:48:48 | 00,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/10/23 12:40:39 | 00,001,377 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2009/10/23 12:40:29 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/23 12:40:25 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/23 12:28:33 | 02,842,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/10/22 23:15:45 | 00,038,400 | ---- | M] () -- C:\Users\Desktop\Desktop\Polarity.doc
[2009/10/22 23:15:41 | 00,030,720 | ---- | M] () -- C:\Users\Desktop\Desktop\Geometry.doc
[2009/10/22 23:15:36 | 00,027,136 | ---- | M] () -- C:\Users\Desktop\Desktop\Calorimetry.doc
[2009/10/22 23:15:30 | 00,035,840 | ---- | M] () -- C:\Users\Desktop\Desktop\Thermo.doc
[2009/10/22 23:15:25 | 00,034,304 | ---- | M] () -- C:\Users\Desktop\Desktop\Lewis.doc
[2009/10/22 23:11:28 | 00,000,680 | ---- | M] () -- C:\Users\Desktop\AppData\Local\d3d9caps.dat
[2009/10/22 22:05:49 | 00,007,168 | ---- | M] () -- C:\Windows\SysWow64\drivers\utm3mzg3.sys
[2009/10/22 21:51:09 | 00,001,803 | ---- | M] () -- C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-US5VG.lnk
[2009/10/20 00:00:07 | 00,001,698 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L592D3875AA694C63B4900DCF28BFD983.job
[2009/10/19 22:52:14 | 00,001,684 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L7E41AE94A7394FECBDA9B88F3EFB8F6A.job
[2009/10/19 19:25:12 | 00,017,264 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe
[2009/10/19 19:22:58 | 00,000,164 | ---- | M] () -- C:\Windows\install.dat
[2009/10/19 19:22:24 | 00,078,088 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Windows\SysWow64\drivers\pwipf6.sys
[2009/10/19 19:22:24 | 00,078,088 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Windows\SysNative\drivers\pwipf6.sys
[2009/10/19 19:05:56 | 00,000,732 | ---- | M] () -- C:\Users\Desktop\AppData\Local\d3d9caps64.dat
[2009/10/19 00:24:55 | 00,000,164 | ---- | M] () -- C:\install.dat
[2009/10/13 16:59:22 | 02,146,304 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2009/10/12 21:16:04 | 00,000,133 | ---- | M] () -- C:\Users\Desktop\AppData\Roaming\default.pls
[2009/10/12 17:13:49 | 00,189,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2009/10/12 17:13:49 | 00,189,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/10/12 11:36:22 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/10/04 22:31:38 | 00,000,412 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2009/10/02 11:40:19 | 26,575,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mrt.exe
[2009/10/01 10:29:14 | 00,238,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MpSigStub.exe

========== Files - No Company Name ==========
[2009/10/22 23:15:45 | 00,038,400 | ---- | C] () -- C:\Users\Desktop\Desktop\Polarity.doc
[2009/10/22 23:15:41 | 00,030,720 | ---- | C] () -- C:\Users\Desktop\Desktop\Geometry.doc
[2009/10/22 23:15:36 | 00,027,136 | ---- | C] () -- C:\Users\Desktop\Desktop\Calorimetry.doc
[2009/10/22 23:15:30 | 00,035,840 | ---- | C] () -- C:\Users\Desktop\Desktop\Thermo.doc
[2009/10/22 23:15:24 | 00,034,304 | ---- | C] () -- C:\Users\Desktop\Desktop\Lewis.doc
[2009/10/22 22:05:49 | 00,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\utm3mzg3.sys
[2009/10/22 21:51:09 | 00,001,803 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-US5VG.lnk
[2009/10/21 17:14:19 | 00,015,688 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2009/10/20 23:20:09 | 00,001,840 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistMSI3C6B.txt
[2009/10/20 23:20:04 | 00,012,862 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistUI3C6B.txt
[2009/10/19 20:58:52 | 00,001,698 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L592D3875AA694C63B4900DCF28BFD983.job
[2009/10/19 20:58:51 | 00,001,684 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L7E41AE94A7394FECBDA9B88F3EFB8F6A.job
[2009/10/19 19:25:15 | 00,017,264 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe
[2009/10/19 19:22:57 | 00,000,164 | ---- | C] () -- C:\Windows\install.dat
[2009/10/18 23:23:57 | 00,000,164 | ---- | C] () -- C:\install.dat
[2009/10/18 21:43:33 | 00,000,680 | ---- | C] () -- C:\Users\Desktop\AppData\Local\d3d9caps.dat
[2009/10/12 11:36:22 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/10/01 23:15:42 | 00,231,562 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL90SP1_KB973924MSI6C8A.txt
[2009/10/01 23:15:41 | 00,014,524 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL90SP1_KB973924UI6C8A.txt
[2009/10/01 23:15:11 | 00,557,508 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923MSI6C25.txt
[2009/10/01 23:15:10 | 00,014,540 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923UI6C25.txt
[2009/10/01 23:14:50 | 00,541,238 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923MSI6BD6.txt
[2009/10/01 23:14:46 | 00,014,492 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923UI6BD6.txt
[2009/09/23 12:09:15 | 00,704,282 | ---- | C] () -- C:\Program Files (x86)\unins000.exe
[2009/09/23 12:09:15 | 00,018,052 | ---- | C] () -- C:\Program Files (x86)\unins000.dat
[2009/09/18 12:18:50 | 00,000,612 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/15 09:27:07 | 00,016,384 | ---- | C] () -- C:\Users\Desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/12 14:35:43 | 00,001,377 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2009/08/12 14:35:41 | 00,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2009/08/11 18:59:20 | 00,000,133 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\default.pls
[2009/08/10 09:22:01 | 00,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/08/09 23:15:35 | 00,000,034 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\pcouffin.log
[2009/08/09 23:14:51 | 00,099,384 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\inst.exe
[2009/08/09 23:14:51 | 00,007,859 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\pcouffin.cat
[2009/08/09 23:14:51 | 00,001,167 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\pcouffin.inf
[2009/08/07 19:51:34 | 00,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/08/06 13:06:48 | 00,059,904 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2009/08/06 13:02:40 | 00,286,720 | ---- | C] () -- C:\Windows\SysWow64\libcurl.dll
[2009/08/06 13:02:22 | 00,143,360 | ---- | C] () -- C:\Windows\SysWow64\libexpatw.dll
[2009/08/03 18:57:18 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/08/03 16:03:41 | 00,598,240 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistMSI2007.txt
[2009/08/03 16:03:39 | 00,020,488 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistUI2007.txt
[2009/08/03 15:22:47 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/03 15:22:28 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/03 14:50:59 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009/08/03 14:39:34 | 00,000,327 | ---- | C] () -- C:\Windows\RefreshLock.ini
[2009/08/03 10:30:45 | 00,000,000 | ---- | C] () -- C:\Windows\LCDMedia.INI
[2009/08/02 22:36:17 | 00,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2009/08/02 22:35:19 | 00,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/08/02 22:33:44 | 00,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/08/02 22:28:02 | 00,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/08/02 22:28:02 | 00,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/08/02 22:28:00 | 00,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009/08/02 22:28:00 | 00,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009/08/02 22:19:34 | 00,000,989 | ---- | C] () -- C:\Windows\FF08_not_Spk_Hp.ini
[2009/08/02 22:19:34 | 00,000,928 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2009/08/02 22:19:12 | 00,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/08/02 22:19:11 | 00,127,488 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/08/02 21:03:00 | 00,041,125 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/08/02 21:02:40 | 00,034,721 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/08/02 21:02:40 | 00,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/08/02 21:00:48 | 00,051,960 | ---- | C] () -- C:\Users\Desktop\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/02 21:00:30 | 00,000,732 | ---- | C] () -- C:\Users\Desktop\AppData\Local\d3d9caps64.dat
[2009/06/02 18:11:16 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/05/29 16:52:26 | 00,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 16:47:06 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/04/21 18:26:56 | 00,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/09/12 16:21:02 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2007/09/04 12:56:10 | 00,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/02/05 20:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 08:24:55 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 08:24:55 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 05:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:34:27 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini

========== LOP Check ==========

[2009/10/19 00:28:44 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming
[2009/08/06 20:00:07 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\Ahead
[2009/10/17 08:55:20 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\Any DVD Converter Professional
[2009/08/03 07:49:43 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\ATI
[2009/10/07 20:09:00 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\Canon
[2009/08/09 09:55:53 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\DAEMON Tools Lite
[2009/08/05 09:54:51 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\Download Manager
[2009/08/07 19:11:21 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\DzSoft
[2009/10/16 10:26:09 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\ICQ
[2009/09/23 11:36:52 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\IGN_DLM
[2009/08/03 15:46:02 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\IObit
[2006/11/02 08:06:33 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\Media Center Programs
[2009/08/12 13:34:34 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\NewSoft
[2009/08/09 08:42:28 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\RegRun
[2009/08/02 22:33:39 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\ScanSoft
[2009/08/06 08:28:22 | 00,000,000 | RH-D | M] -- C:\Users\Desktop\AppData\Roaming\SecuROM
[2009/09/10 08:30:29 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\teamspeak2
[2009/10/22 19:07:25 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\uTorrent
[2009/08/09 18:28:00 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\VistaCodecs
[2009/08/09 23:15:35 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\Vso
[2009/09/22 10:04:39 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\Wargaming.Net
[2009/10/23 15:35:00 | 00,000,894 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/10/23 15:35:00 | 00,000,898 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009/10/23 12:40:29 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/10/22 22:03:28 | 00,019,420 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/10/04 22:31:38 | 00,000,412 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
[2009/10/20 00:00:07 | 00,001,698 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeper_L592D3875AA694C63B4900DCF28BFD983.job
[2009/10/19 22:52:14 | 00,001,684 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeper_L7E41AE94A7394FECBDA9B88F3EFB8F6A.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >


----------



## emeraldnzl (Nov 3, 2007)

Hello miller330i,

Please disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent our tools from working.
Please disable TeaTimer for now. TeaTimer can be re-activated once we have finished cleaning your machine.

Open Spybot Search & Destroy.
In the Mode menu click "*Advanced mode*" if not already selected.
Choose "*Yes*" at the Warning prompt.
Expand the "*Tools*" menu.
Click "*Resident*".
Uncheck the "*Resident "TeaTimer" (Protection of overall system settings) active.*" box.
In the File menu click "*Exit*" to exit Spybot Search & Destroy.
Reboot your computer.

*Step 2*

*How to turn Windows Defender on or off*

1. Open *Windows Defender* by clicking the *Start* button , clicking *All Programs*, and then clicking *Windows Defender*.

2. Click *Tools*, and then click *Options*.

3. Under Administrator options, select or clear the *Use Windows Defender* check box, and then click *Save*.

Administrator permission required. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

If those instructions are not appropriate for your version of Windows go to this link for instructions on how to enable/disable Windows Defender

http://windowshelp.microsoft.com/Windows/en-US/help/31d797aa-091d-4d67-a556-dbfaf21bf0dc1033.mspx

*Now*

Please run OTL.exe

Under the *Custom Scans/Fixes* box at the bottom, paste in the following


```
:processes

:OTL
FF - prefs.js..browser.search.defaultenginename: "Sky Web Search"
FF - prefs.js..browser.search.selectedEngine: "Sky Web Search"
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O33 - MountPoints2\{71927353-afab-11de-b56d-002618359de8}\Shell - "" = AutoRun
O33 - MountPoints2\{71927353-afab-11de-b56d-002618359de8}\Shell\AutoRun\command - "" = F:\Startup.exe -- [2007/05/07 03:15:11 | 01,705,336 | R--- | M] (Microsoft Corporation)

:Services

:Reg

:Files
C:\Users\Desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.
*Next*

Please run a free online scan with the *ESET Online Scanner*
*Note*_: You will need to use Internet Explorer for this scan_
Tick the box next to *YES, I accept the Terms of Use*
Click *Start*
When asked, allow the ActiveX control to install
Click *Start*
Make sure that the options *Remove found threats* and the option *Scan unwanted applications* is checked
Click *Scan* (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use *Notepad* to open the logfile located at C:\Program Files\EsetOnlineScanner\*log.txt*
Copy and paste that log as a reply to this topic
*So when you return please post
OTL fix log
Eset scan results
*


----------



## miller330i (Oct 18, 2009)

OTL Extras logfile created on: 10/23/2009 7:30:02 PM - Run 5
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Users\Desktop\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 47.93% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.46 Gb Total Space | 156.14 Gb Free Space | 55.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 279.45 Gb Total Space | 10.30 Gb Free Space | 3.69% Space Free | Partition Type: NTFS
Drive F: | 3.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP1
Current User Name: Desktop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (All) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\ieframe.DLL (Microsoft Corporation)
.js[@ = jsfile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\ieframe.DLL (Microsoft Corporation)
.js [@ = jsfile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- rundll32.exe C:\Windows\SysWOW64\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = E6 FF 13 44 88 14 CA 01 [binary data]
"VistaSp2" = A9 2A 8B 0D 8C 14 CA 01 [binary data]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1


----------



## miller330i (Oct 18, 2009)

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09748B8F-26C9-4268-92E9-35BE33AF3044}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2334317D-D528-4568-8C23-343EE8E7B2C9}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{3E58BD70-B61A-4AD5-9320-DAF56D6F12ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{47722031-9846-4F8C-A406-FA4D24DAC35A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4B78BE52-2A59-4C73-A5D9-F118B1A5B2CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{58BA6704-E600-4D52-A75B-5A92291013F6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5A435A10-F92C-4F57-BB1D-2DFCA6DB15C7}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{66BF2411-C284-48FB-AFF8-E9F49A48E9E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6F147C7A-EF0C-4A0D-8E50-041A7D8AEA05}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{758AC075-E538-43B5-A8A0-ABE75D41F6CA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7809BD24-A907-417D-AF20-BB84044A96A7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{7DC87543-0A6A-469F-AA55-8D141C462393}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7EACDB09-8289-4171-8623-F0D8F3700999}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{87EA6957-08C5-4235-9E03-891F161CA5D2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A599463B-28C8-45ED-9A6E-AD91108AB607}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A6A9E4AC-B78C-4BE1-B673-26B2B22B35B5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AD95E2DA-683F-4A01-BCA2-900D25966741}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B0795E3B-B712-4040-BEE0-85ED8FE14304}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C8605B3E-14E9-4CF1-84C2-1EE5ED797DA6}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{D3FD7F1E-4516-40F2-B77E-0A4451353A72}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D4C7E0A3-665D-41A4-8DAB-336835E3E708}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EADF0E51-13E5-4F21-A0A1-4F42ADBBCA85}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{F8D62D61-5831-4991-829D-800140C331BD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03382DE7-CAF2-4117-9DDD-80CE5885AC2C}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe | 
"{09CD19F0-AB1B-4E08-9116-FF3746726492}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"{0F9F8460-7593-4C93-A576-2500BBA16E4B}" = protocol=58 | dir=in | [email protected],-28545 | 
"{199D83D0-AE2A-479C-93BD-B9F836852568}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{1DD6C9D9-A915-497D-A25F-B1B9D93FA16E}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{2DBC174A-2167-4AA1-BDCD-D518C14F3DD5}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2.exe | 
"{3302345F-8EFE-404F-8462-7E459DCFACC9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{35C579FD-2AB2-4FF0-8D0B-998FE090F2EF}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{3E997488-CE4F-4161-BD20-4DA9DE2D4BBF}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{502D6675-35EE-49ED-89AD-0A35125F572D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{51D6766B-5D9A-4B51-9EBE-C244AE30DD07}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | 
"{55A3A6E9-5579-4C81-B5CA-8206AF882FF3}" = protocol=1 | dir=out | [email protected],-28544 | 
"{590CB188-7A67-4C7F-8326-256033F36A71}" = protocol=58 | dir=out | [email protected],-28546 | 
"{66474F59-8306-43D1-A30B-C0BA6AEACD3C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo 2\halo2.exe | 
"{68124CD8-0D50-44FF-B88C-6B3660965989}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo 2\halo2.exe | 
"{6B9B57AB-E6E9-4EC2-831B-24348E462DD6}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{7E9157AA-599E-4117-BEC8-FAF0C60DB749}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{83B98A47-E5E0-4FEB-867B-E9A1470FAC98}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2.exe | 
"{938358D8-D1FB-4905-9B0B-F273E3D0E8F8}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | 
"{9A68E73C-AB62-4510-8B63-185F8ECE18F7}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{9F9E07B2-B2AE-4986-94E0-036CCB0FF9AB}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{A51EE574-A61D-465F-846F-21326C367CCB}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{AEC7B1C9-4C41-4867-9F0E-C1A20192C892}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"{B4009947-B834-49F0-84E2-6706DF1C3A4E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B943441E-D7CE-4991-A22B-F31B5BDC05FC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{C42EFB38-7EDC-4495-BB22-8503263D14CC}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe | 
"{C46046D1-84F0-4CF3-BF5C-BD3C185E7A7E}" = protocol=1 | dir=in | [email protected],-28543 | 
"{CA3D664D-E7D9-4F35-AB64-E9287DDD40AA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{DC4B4001-B096-40A6-BA8F-DCE05E4070F1}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | 
"{EA114F4E-C41F-4848-820F-CAC06B1EF6F3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F052132A-2FAF-48F5-930B-5CD84F28252F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{F1218826-9D28-461A-A978-670B9B9FB7FD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{F26D4724-C123-4657-A59B-B275CACB5C04}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | 
"{FFAA5CE1-8590-4FBE-9AC2-C4E34878E9DB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"TCP Query User{0405B8DA-BF66-4FD4-9220-1E72F522020A}C:\program files (x86)\thq\1company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\1company of heroes\reliccoh.exe | 
"TCP Query User{0C16A5CD-40EF-426E-826D-4307FDE13428}C:\program files (x86)\thq\1company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\1company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{1F902532-FF85-4DF1-9E51-45F2DDF01115}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{54B0BAFB-B703-4425-BADE-E1F22248F379}E:\games\company.of.heroes.tales.of.valor.fullrip-kaos\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=e:\games\company.of.heroes.tales.of.valor.fullrip-kaos\relicdownloader\relicdownloader.exe | 
"TCP Query User{70CE9441-1187-4AA5-A0E4-CCD521790655}E:\games\company.of.heroes.tales.of.valor.fullrip-kaos\reliccoh.exe" = protocol=6 | dir=in | app=e:\games\company.of.heroes.tales.of.valor.fullrip-kaos\reliccoh.exe | 
"TCP Query User{8487473E-0681-4EAE-AC94-6A5A99E7CE89}C:\program files (x86)\square enix\order of war (demo)\oow_final.bin" = protocol=6 | dir=in | app=c:\program files (x86)\square enix\order of war (demo)\oow_final.bin | 
"TCP Query User{972BB5E9-02AF-477C-AF0B-0E16CF274A56}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{EFA80E47-E823-4ABC-9243-AB5978A3C84D}E:\games\call of duty - world at war\codwawmp.exe" = protocol=6 | dir=in | app=e:\games\call of duty - world at war\codwawmp.exe | 
"UDP Query User{4925BF1A-4C98-490F-86EC-EB6E3C23A4D6}E:\games\company.of.heroes.tales.of.valor.fullrip-kaos\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=e:\games\company.of.heroes.tales.of.valor.fullrip-kaos\relicdownloader\relicdownloader.exe | 
"UDP Query User{4E931B66-B3D5-4276-84C5-262BEE0A92B9}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{51610B32-369B-4599-B3F0-661EC23D2706}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{55D7EB18-8E29-45B5-BE19-4908D676009F}E:\games\company.of.heroes.tales.of.valor.fullrip-kaos\reliccoh.exe" = protocol=17 | dir=in | app=e:\games\company.of.heroes.tales.of.valor.fullrip-kaos\reliccoh.exe | 
"UDP Query User{748E0354-3AB2-46D7-8114-D2F4DAFDBFC0}C:\program files (x86)\thq\1company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\1company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{A5B8B9C1-A2CE-453E-8D02-EDB26C464366}C:\program files (x86)\thq\1company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\1company of heroes\reliccoh.exe | 
"UDP Query User{E5F9EBAD-57B7-4962-83C4-98258B6981F3}E:\games\call of duty - world at war\codwawmp.exe" = protocol=17 | dir=in | app=e:\games\call of duty - world at war\codwawmp.exe | 
"UDP Query User{F3B9ABA5-212A-4ADC-ADD6-668728010208}C:\program files (x86)\square enix\order of war (demo)\oow_final.bin" = protocol=17 | dir=in | app=c:\program files (x86)\square enix\order of war (demo)\oow_final.bin |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{239A8D60-270B-42e8-82D3-60D70A2942E0}" = Canon MF4100 Series
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{5759E649-E281-46C2-BB4B-50413623DCDF}" = iTunes
"{59B4B93D-FC47-4F16-AE8E-CD103F022654}" = Microsoft Security Essentials
"{5AC267EB-6FBC-D3DC-1C09-EF62556092FD}" = ccc-utility64
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B88F5E68-B0FB-950F-EC6F-82FB18DF3E5D}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D4DF3FD3-4467-47EF-8D4A-AF1E691E34F5}" = Logitech Webcam Software
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EB731227-8AC5-4889-ACE9-7D87864A9F19}" = Logitech GamePanel Software 3.02.173
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{07E1A8A8-EEE0-198D-9AB7-8CBE42A830F4}" = Catalyst Control Center Core Implementation
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}" = Canon MF Toolbox 4.9.1.1.mf04
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_is1" = Men of War (Remove Only)
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_update1.11.3.0" = Update 1.11.3.0 for "Men of War"
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{186326B4-AF94-B714-7A5C-678524061EFD}" = CCC Help English
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1033}" = Nero 8
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F5B0A0A-ACBA-1C8D-DD8C-AB20597DABE9}" = ccc-core-static
"{20AEA7B1-6155-44A2-B58E-430F2C9F4ABD}" = AMD OverDrive
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1" = Webroot Internet Security Essentials
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A94E148-9C8B-4FE9-99DD-93072F99BE20}" = Sound Blaster X-Fi MB
"{3BDDF462-8A95-4C50-86DA-4D41F3483EA5}" = Canon MF Toolbox 4.9.1.1.mf04
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D1ACE56-38B1-1055-5926-EADFB056F2F2}" = Catalyst Control Center InstallProxy
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73877A89-A11E-43D6-9A15-A77FF0F48C8F}" = AMD GPU Clock Tool
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.6.4.158
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{79FAE709-37BC-FBAD-53DB-6B8609231007}" = Catalyst Control Center Graphics Full Existing
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB445D0-CD91-47CC-B1A9-A654B4B261E4}" = AMD CPUInfo
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{922A36F5-6663-45C0-A515-B63C4E585195}" = TweakIt
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_913" = Adobe Acrobat 9.1.3 - CPSID_49522
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC67C580-EFEA-1B4C-F86C-C360C0593FE3}" = Catalyst Control Center Graphics Previews Vista
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.1
"{D27DBCEF-7D01-C5DF-659E-F27A24AC2181}" = Catalyst Control Center Graphics Previews Common
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DA52CFD6-183B-4C45-B36F-4A59750427CB}_is1" = Rise of Flight
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DD929BD3-5D41-4407-BE04-119B4A631869}" = Canon MF Toolbox 4.9.1.1.mf04
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0DFA6F8-C275-823C-9A73-A1608D84E333}" = Catalyst Control Center Graphics Full New
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EC4899D2-9915-4603-ABEE-8B15CACE2888}" = AMD LCD Keyboard Applet
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A06E47-FD0D-CCB2-CEDA-659131E90F3C}" = Catalyst Control Center Graphics Light
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FABB748F-B1AA-ECD0-11CC-28DCAEA2EAA5}" = Catalyst Control Center HydraVision Full
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.07 beta
"Absolute Uninstaller Pro_is1" = Absolute Uninstaller Pro v5.0.1.3
"ActiveScan 2.0" = Panda ActiveScan 2.0


----------



## miller330i (Oct 18, 2009)

Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"ALchemy X-FiMB" = Creative ALchemy (X-Fi MB Edition)
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 3.7.8
"AnyDVD" = AnyDVD
"ArmA 2" = ArmA 2 Uninstall
"Automatch test for "Men of War"_is1" = Automatch test 1.12.3 for "Men of War"
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Company of Heroes" = Company of Heroes
"CSCLIB" = Canon Camera Support Core Library
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Download Manager" = Download Manager 2.3.9
"DPP" = Canon Utilities Digital Photo Professional 2.1
"DzSoftWebPhotoResizer_is1" = Quick Photo Resizer 2.6.2
"eCalc Calculator" = eCalc Calculator
"EndItAll_is1" = EndItAll 2.0
"EOS Utility" = Canon Utilities EOS Utility
"FastStone Photo Resizer" = FastStone Photo Resizer 2.8
"Google Chrome" = Google Chrome
"Halo 2" = Halo 2 for Windows Vista
"Hearts of Iron III Sprite Packs" = Hearts of Iron III Sprite Packs
"HijackThis" = HijackThis 2.0.2
"ImageConverter Plus_is1" = ImageConverter Plus 7.1
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.6 Beta Test Version
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.7.0
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"RivaTuner" = RivaTuner v2.24
"Smart Defrag_is1" = Smart Defrag 1.20
"StarBurn_is1" = StarBurn Version 12r8 (Build 0x20090731)
"System Recon 2.1" = System Recon 2.1
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"uTorrent" = µTorrent
"Visual Business Cards 4_is1" = Visual Business Cards 4
"VLC media player" = VLC media player 1.0.2
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/23/2009 3:28:44 PM | Computer Name = Desktop1 | Source = EventSystem | ID = 4609
Description =

Error - 10/23/2009 3:28:48 PM | Computer Name = Desktop1 | Source = PerfNet | ID = 2004
Description =

Error - 10/23/2009 3:29:00 PM | Computer Name = Desktop1 | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line 
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 10/23/2009 3:29:04 PM | Computer Name = Desktop1 | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 10/23/2009 3:29:04 PM | Computer Name = Desktop1 | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 10/23/2009 3:30:51 PM | Computer Name = Desktop1 | Source = PerfNet | ID = 2004
Description =

Error - 10/23/2009 3:36:51 PM | Computer Name = Desktop1 | Source = PerfNet | ID = 2004
Description =

Error - 10/23/2009 3:40:53 PM | Computer Name = Desktop1 | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line 
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 10/23/2009 3:41:07 PM | Computer Name = Desktop1 | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 10/23/2009 3:41:07 PM | Computer Name = Desktop1 | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

[ Media Center Events ]
Error - 8/15/2009 3:34:56 AM | Computer Name = Desktop1 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/12/2009 3:33:10 PM | Computer Name = Desktop1 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 10/23/2009 1:05:15 AM | Computer Name = Desktop1 | Source = DCOM | ID = 10005
Description =

Error - 10/23/2009 1:05:15 AM | Computer Name = Desktop1 | Source = DCOM | ID = 10005
Description =

Error - 10/23/2009 3:28:37 PM | Computer Name = Desktop1 | Source = DCOM | ID = 10005
Description =

Error - 10/23/2009 3:28:42 PM | Computer Name = Desktop1 | Source = Service Control Manager | ID = 7001
Description =

Error - 10/23/2009 3:28:42 PM | Computer Name = Desktop1 | Source = Service Control Manager | ID = 7026
Description =

Error - 10/23/2009 3:28:44 PM | Computer Name = Desktop1 | Source = DCOM | ID = 10005
Description =

Error - 10/23/2009 3:28:47 PM | Computer Name = Desktop1 | Source = DCOM | ID = 10005
Description =

Error - 10/23/2009 3:28:50 PM | Computer Name = Desktop1 | Source = DCOM | ID = 10005
Description =

Error - 10/23/2009 3:28:50 PM | Computer Name = Desktop1 | Source = DCOM | ID = 10005
Description =

Error - 10/23/2009 3:40:43 PM | Computer Name = Desktop1 | Source = Service Control Manager | ID = 7026
Description =

< End of report >


----------



## miller330i (Oct 18, 2009)

OTL logfile created on: 10/23/2009 7:30:02 PM - Run 5
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Users\Desktop\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 47.93% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.46 Gb Total Space | 156.14 Gb Free Space | 55.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 279.45 Gb Total Space | 10.30 Gb Free Space | 3.69% Space Free | Partition Type: NTFS
Drive F: | 3.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP1
Current User Name: Desktop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files (x86)\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Users\Desktop\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\DAODx.exe ()
PRC - C:\Windows\runservice.exe ()
PRC - C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

========== Win32 Services (SafeList) ==========

SRV - (Adobe Version Cue CS4 [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (AODService [Disabled | Stopped]) -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService [Disabled | Stopped]) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1ca148920d17d96 [Disabled | Stopped]) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LicCtrlService [Auto | Running]) -- C:\Windows\runservice.exe ()
SRV - (LightScribeService [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MSDTC [Unknown | Stopped]) -- C:\Windows\SysWow64\Msdtc [2006/11/02 06:34:14 | 00,000,000 | ---D | M]
SRV - (Nero BackItUp Scheduler 3 [Disabled | Stopped]) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NMIndexingService [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service [Disabled | Stopped]) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (PnkBstrA [Auto | Running]) -- C:\Windows\SysWow64\PnkBstrA.exe ()
SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Sound Blaster X-Fi MB Licensing Service [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
SRV - (vds [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vds.mof ()
SRV - (VSS [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vss.mof ()
SRV - (WebrootSpySweeperService [Auto | Running]) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (WRConsumerService [Auto | Running]) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV:*64bit:* - (AEADIFilters [Disabled | Stopped]) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV:*64bit:* - (AMD External Events Utility [Auto | Running]) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:*64bit:* - (AppMgmt [On_Demand | Stopped]) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:*64bit:* - (CscService [Auto | Running]) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (Fax [On_Demand | Stopped]) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation)
SRV:*64bit:* - (FLEXnet Licensing Service 64 [Disabled | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:*64bit:* - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV:*64bit:* - (LVPrcS64 [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:*64bit:* - (MsMpSvc [Auto | Running]) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:*64bit:* - (UmRdpService [On_Demand | Stopped]) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:*64bit:* - (wbengine [On_Demand | Stopped]) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:*64bit:* - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adfs [Auto | Running]) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (AsIO [System | Running]) -- C:\Windows\SysWow64\drivers\AsIO.sys ()
DRV - (atillk64 [On_Demand | Stopped]) -- C:\Program Files (x86)\ATI Technologies\AMD GPU Clock Tool\atillk64.sys (ATI Technologies Inc.)
DRV - (CSC [System | Running]) -- C:\Windows\CSC [2009/08/02 17:24:44 | 00,000,000 | ---D | M]
DRV - (is-US5VGdrv [System | Stopped]) -- C:\Windows\SysWow64\DRIVERS\34972332.sys (Kaspersky Lab)
DRV - (mcdbus [On_Demand | Running]) -- C:\Windows\SysWow64\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV - (mpsdrv [On_Demand | Running]) -- C:\Windows\SysWow64\Wbem\mpsdrv.mof ()
DRV - (Partizan [Boot | Stopped]) -- C:\Windows\SysWow64\Partizan.RRI ()
DRV - (pwipf6 [System | Running]) -- C:\Windows\SysWow64\DRIVERS\pwipf6.sys (Privacyware/PWI, Inc.)
DRV - (RegGuard [On_Demand | Stopped]) -- C:\Windows\SysWow64\Drivers\regguard.sys (Greatis Software)
DRV - (RivaTuner64 [On_Demand | Stopped]) -- C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys ()
DRV - (Tcpip [Boot | Running]) -- C:\Windows\SysWow64\Wbem\tcpip.mof ()
DRV - (utm3mzg3 [On_Demand | Stopped]) -- C:\Windows\SysWow64\Drivers\utm3mzg3.sys ()
DRV:*64bit:* - (adfs [Auto | Running]) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:*64bit:* - (ADIHdAudAddService [On_Demand | Running]) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:*64bit:* - (AmdLLD64 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (Advanced Micro Devices)
DRV:*64bit:* - (AmdTools [System | Stopped]) -- C:\Windows\SysNative\DRIVERS\AmdTools64.sys (AMD, Inc.)
DRV:*64bit:* - (AtiHdmiService [On_Demand | Running]) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:*64bit:* - (atikmdag [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:*64bit:* - (AtiPcie [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:*64bit:* - (CSC [System | Running]) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:*64bit:* - (fvevol [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\fvevol.sys (Microsoft Corporation)
DRV:*64bit:* - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:*64bit:* - (HdAudAddService [On_Demand | Stopped]) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:*64bit:* - (Lbd [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:*64bit:* - (LVPr2M64 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:*64bit:* - (LVPr2Mon [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:*64bit:* - (mcdbus [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:*64bit:* - (MpFilter [System | Running]) -- C:\Windows\SysNative\DRIVERS\MpFilter.sys (Microsoft Corporation)
DRV:*64bit:* - (MpNWMon [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\MpNWMon.sys (Microsoft Corporation)
DRV:*64bit:* - (MTsensor [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:*64bit:* - (pavboot [Boot | Running]) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:*64bit:* - (PID_0928 [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\LV561V64.SYS (Logitech Inc.)
DRV:*64bit:* - (pwipf6 [System | Running]) -- C:\Windows\SysNative\DRIVERS\pwipf6.sys (Privacyware/PWI, Inc.)
DRV:*64bit:* - (PxHlpa64 [Boot | Running]) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:*64bit:* - (RTL8169 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:*64bit:* - (sptd [Boot | Running]) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:*64bit:* - (ssfs0bbc [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV:*64bit:* - (ssidrv [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV:*64bit:* - (StarPortLite [System | Running]) -- C:\Windows\SysNative\DRIVERS\StarPortLite.sys (Rocket Division Software)
DRV:*64bit:* - (WpdUsb [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Desktop\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


----------



## miller330i (Oct 18, 2009)

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Sky Web Search"
FF - prefs.js..browser.search.selectedEngine: "Sky Web Search"
FF - prefs.js..browser.startup.homepage: " "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/03 12:48:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/09/30 22:19:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/10/14 12:40:10 | 00,000,000 | ---D | M]

[2009/08/08 09:45:48 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Extensions
[2009/08/08 09:45:48 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/23 08:12:27 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Firefox\Profiles\kwgeslrt.default\extensions
[2009/09/23 13:54:59 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Firefox\Profiles\kwgeslrt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/23 08:12:27 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/09/30 22:19:50 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/21 12:10:23 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/24 13:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 13:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/07/13 17:16:26 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll
[2009/08/21 12:10:15 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll
[2009/07/13 17:15:48 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll
[2009/07/13 17:15:58 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/24 13:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/13 17:16:26 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll
[2009/08/24 11:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 11:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/08/24 11:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 11:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 11:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/08/24 11:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 11:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (794 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:*64bit:* - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg64.dll (Google Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:*64bit:* - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-US5VG.lnk = C:\Users\Desktop\Desktop\Virus Removal Tool\is-US5VG\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:*64bit:* - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:*64bit:* - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:*64bit:* - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:*64bit:* - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:*64bit:* - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18:*64bit:* - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/30 15:36:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/10/29 10:18:56 | 00,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/06/25 06:29:25 | 00,000,045 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{71927353-afab-11de-b56d-002618359de8}\Shell - "" = AutoRun
O33 - MountPoints2\{71927353-afab-11de-b56d-002618359de8}\Shell\AutoRun\command - "" = F:\Startup.exe -- [2007/05/07 03:15:11 | 01,705,336 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
*64bit:* O35 - comfile [open] -- "%1" %* File not found
*64bit:* O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\Windows\SysWow64\*.tmp files]
[1 C:\Windows\*.tmp files]
[2009/10/20 23:12:51 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/14 12:06:06 | 00,000,000 | ---D | C] -- C:\ProgramData\ATI
[2009/10/22 21:51:09 | 00,000,000 | ---D | C] -- C:\ProgramData\is-US5VG
[2009/10/21 11:18:11 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/10/03 10:29:12 | 00,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2009/10/18 11:00:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/13 09:13:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
[2009/10/20 23:38:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/10/17 22:46:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2009/10/17 08:55:20 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/10/18 23:31:31 | 00,000,000 | ---D | C] -- C:\ProgramData\WebRoot
[2009/10/17 08:55:09 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Any DVD Converter Professional
[2009/10/07 20:09:00 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Canon
[2009/10/15 14:12:17 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\FastStone
[2009/10/16 08:48:55 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\ICQ
[2009/10/18 11:00:34 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Malwarebytes
[2009/10/13 09:12:55 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Microsoft Game Studios
[2009/10/17 22:46:11 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Sunbelt
[2009/10/11 21:54:08 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\vlc
[2009/10/19 00:28:44 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Webroot
[1 C:\Users\Desktop\AppData\Local\*.tmp files]
[2009/10/23 16:47:24 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Adobe
[2009/10/21 12:49:00 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Apple
[2009/10/03 10:29:33 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\LogiShrd
[2009/10/13 09:13:25 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Microsoft Game Studios
[2009/10/22 14:35:45 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Visual Business Cards
[1 C:\Users\Desktop\AppData\Local\*.tmp files]
[2009/10/19 19:25:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2009/10/13 23:26:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2009/10/17 08:55:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Any DVD Converter Professional
[2009/10/15 14:12:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Photo Resizer
[2009/10/16 08:48:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6.5
[2009/10/21 11:18:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2009/10/13 09:07:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
[2009/10/18 11:00:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/10/13 23:32:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2009/10/01 16:26:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2009/10/01 23:16:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2009/10/13 09:13:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2009/10/13 23:03:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2009/10/02 10:49:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/10/19 19:25:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP
[2009/10/22 20:52:35 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2009/10/20 23:38:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2009/10/18 17:46:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2009/10/17 22:30:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sunbelt Software
[2009/10/17 22:10:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/10/15 08:40:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2009/10/22 14:32:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Visual Business Cards
[2009/10/18 00:26:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2009/10/03 10:27:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2009/10/14 11:57:11 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2009/10/01 16:26:17 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2009/10/23 16:01:58 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Users\Desktop\Desktop\OTL.exe
[2009/10/22 21:49:19 | 00,200,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysWow64\drivers\34972332.sys
[2009/10/22 21:49:19 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Desktop\Virus Removal Tool
[2009/10/22 14:35:46 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\Visual Business Cards
[2009/10/21 11:19:47 | 00,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2009/10/19 21:25:42 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/10/19 21:25:40 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/10/19 19:25:19 | 00,078,088 | ---- | C] (Privacyware/PWI, Inc.) -- C:\Windows\SysNative\drivers\pwipf6.sys
[2009/10/19 19:25:11 | 01,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll
[2009/10/19 19:22:24 | 00,078,088 | ---- | C] (Privacyware/PWI, Inc.) -- C:\Windows\SysWow64\drivers\pwipf6.sys
[2009/10/18 12:06:58 | 00,000,000 | --SD | C] -- C:\TheHammer3533T
[2009/10/18 12:06:26 | 00,000,000 | --SD | C] -- C:\TheHammer
[2009/10/18 12:06:26 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/17 22:21:11 | 00,000,000 | ---D | C] -- C:\sbtemp
[2009/10/17 10:17:17 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\OJOsoft Corporation
[2009/10/17 08:55:21 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\Any DVD Converter Professional
[2009/10/13 23:32:20 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/10/13 23:03:07 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2009/10/13 22:58:55 | 05,690,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/10/13 22:58:53 | 07,006,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2009/10/13 22:58:52 | 01,426,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2009/10/13 22:58:52 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2009/10/13 22:58:51 | 03,599,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/13 22:58:51 | 01,176,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/10/13 22:58:51 | 00,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/10/13 22:58:50 | 06,079,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/10/13 22:58:48 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/10/13 22:58:47 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2009/10/13 22:58:47 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2009/10/13 22:58:45 | 00,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2009/10/13 22:58:45 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2009/10/13 22:58:34 | 04,698,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2009/10/13 22:58:33 | 00,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2009/10/13 22:58:33 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2009/10/13 22:58:32 | 00,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msv1_0.dll
[2009/10/13 22:58:32 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/10/13 22:57:46 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\srv2.sys
[2009/10/13 22:57:45 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2009/10/13 22:57:45 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll
[2009/10/13 16:59:22 | 02,146,304 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2009/10/13 09:52:53 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/10/13 09:07:30 | 00,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
[2009/10/13 09:07:30 | 00,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2009/10/12 20:08:55 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Desktop\Halo.2.XP-TheBabeLover
[2009/10/03 12:38:47 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\SightSpeed Recordings
[2009/10/01 16:40:24 | 00,238,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MpSigStub.exe
[2009/08/09 23:14:51 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\Desktop\AppData\Roaming\pcouffin.sys


----------



## miller330i (Oct 18, 2009)

========== Files - Modified Within 30 Days ==========

[2 C:\Windows\SysWow64\*.tmp files]
[1 C:\Windows\*.tmp files]
[1 C:\Users\Desktop\AppData\Local\*.tmp files]
[2009/10/23 18:40:25 | 00,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/23 18:40:25 | 00,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/23 18:35:00 | 00,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/23 16:02:01 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\Desktop\Desktop\OTL.exe
[2009/10/23 15:35:00 | 00,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/23 12:48:48 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/10/23 12:48:48 | 00,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/10/23 12:48:48 | 00,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/10/23 12:40:39 | 00,001,377 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2009/10/23 12:40:29 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/23 12:40:25 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/23 12:28:33 | 02,842,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/10/22 23:15:45 | 00,038,400 | ---- | M] () -- C:\Users\Desktop\Desktop\Polarity.doc
[2009/10/22 23:15:41 | 00,030,720 | ---- | M] () -- C:\Users\Desktop\Desktop\Geometry.doc
[2009/10/22 23:15:36 | 00,027,136 | ---- | M] () -- C:\Users\Desktop\Desktop\Calorimetry.doc
[2009/10/22 23:15:30 | 00,035,840 | ---- | M] () -- C:\Users\Desktop\Desktop\Thermo.doc
[2009/10/22 23:15:25 | 00,034,304 | ---- | M] () -- C:\Users\Desktop\Desktop\Lewis.doc
[2009/10/22 23:11:28 | 00,000,680 | ---- | M] () -- C:\Users\Desktop\AppData\Local\d3d9caps.dat
[2009/10/22 22:05:49 | 00,007,168 | ---- | M] () -- C:\Windows\SysWow64\drivers\utm3mzg3.sys
[2009/10/22 21:51:09 | 00,001,803 | ---- | M] () -- C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-US5VG.lnk
[2009/10/20 00:00:07 | 00,001,698 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L592D3875AA694C63B4900DCF28BFD983.job
[2009/10/19 22:52:14 | 00,001,684 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L7E41AE94A7394FECBDA9B88F3EFB8F6A.job
[2009/10/19 19:25:12 | 00,017,264 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe
[2009/10/19 19:22:58 | 00,000,164 | ---- | M] () -- C:\Windows\install.dat
[2009/10/19 19:22:24 | 00,078,088 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Windows\SysWow64\drivers\pwipf6.sys
[2009/10/19 19:22:24 | 00,078,088 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Windows\SysNative\drivers\pwipf6.sys
[2009/10/19 19:05:56 | 00,000,732 | ---- | M] () -- C:\Users\Desktop\AppData\Local\d3d9caps64.dat
[2009/10/19 00:24:55 | 00,000,164 | ---- | M] () -- C:\install.dat
[2009/10/13 16:59:22 | 02,146,304 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2009/10/12 21:16:04 | 00,000,133 | ---- | M] () -- C:\Users\Desktop\AppData\Roaming\default.pls
[2009/10/12 17:13:49 | 00,189,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2009/10/12 17:13:49 | 00,189,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/10/12 11:36:22 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/10/04 22:31:38 | 00,000,412 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2009/10/02 11:40:19 | 26,575,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mrt.exe
[2009/10/01 10:29:14 | 00,238,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MpSigStub.exe

========== Files - No Company Name ==========
[2009/10/22 23:15:45 | 00,038,400 | ---- | C] () -- C:\Users\Desktop\Desktop\Polarity.doc
[2009/10/22 23:15:41 | 00,030,720 | ---- | C] () -- C:\Users\Desktop\Desktop\Geometry.doc
[2009/10/22 23:15:36 | 00,027,136 | ---- | C] () -- C:\Users\Desktop\Desktop\Calorimetry.doc
[2009/10/22 23:15:30 | 00,035,840 | ---- | C] () -- C:\Users\Desktop\Desktop\Thermo.doc
[2009/10/22 23:15:24 | 00,034,304 | ---- | C] () -- C:\Users\Desktop\Desktop\Lewis.doc
[2009/10/22 22:05:49 | 00,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\utm3mzg3.sys
[2009/10/22 21:51:09 | 00,001,803 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-US5VG.lnk
[2009/10/21 17:14:19 | 00,015,688 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2009/10/20 23:20:09 | 00,001,840 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistMSI3C6B.txt
[2009/10/20 23:20:04 | 00,012,862 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistUI3C6B.txt
[2009/10/19 20:58:52 | 00,001,698 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L592D3875AA694C63B4900DCF28BFD983.job
[2009/10/19 20:58:51 | 00,001,684 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L7E41AE94A7394FECBDA9B88F3EFB8F6A.job
[2009/10/19 19:25:15 | 00,017,264 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe
[2009/10/19 19:22:57 | 00,000,164 | ---- | C] () -- C:\Windows\install.dat
[2009/10/18 23:23:57 | 00,000,164 | ---- | C] () -- C:\install.dat
[2009/10/18 21:43:33 | 00,000,680 | ---- | C] () -- C:\Users\Desktop\AppData\Local\d3d9caps.dat
[2009/10/12 11:36:22 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/10/01 23:15:42 | 00,231,562 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL90SP1_KB973924MSI6C8A.txt
[2009/10/01 23:15:41 | 00,014,524 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL90SP1_KB973924UI6C8A.txt
[2009/10/01 23:15:11 | 00,557,508 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923MSI6C25.txt
[2009/10/01 23:15:10 | 00,014,540 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923UI6C25.txt
[2009/10/01 23:14:50 | 00,541,238 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923MSI6BD6.txt
[2009/10/01 23:14:46 | 00,014,492 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923UI6BD6.txt
[2009/09/23 12:09:15 | 00,704,282 | ---- | C] () -- C:\Program Files (x86)\unins000.exe
[2009/09/23 12:09:15 | 00,018,052 | ---- | C] () -- C:\Program Files (x86)\unins000.dat
[2009/09/18 12:18:50 | 00,000,612 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/15 09:27:07 | 00,016,384 | ---- | C] () -- C:\Users\Desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/12 14:35:43 | 00,001,377 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2009/08/12 14:35:41 | 00,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2009/08/11 18:59:20 | 00,000,133 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\default.pls
[2009/08/10 09:22:01 | 00,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/08/09 23:15:35 | 00,000,034 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\pcouffin.log
[2009/08/09 23:14:51 | 00,099,384 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\inst.exe
[2009/08/09 23:14:51 | 00,007,859 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\pcouffin.cat
[2009/08/09 23:14:51 | 00,001,167 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\pcouffin.inf
[2009/08/07 19:51:34 | 00,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/08/06 13:06:48 | 00,059,904 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2009/08/06 13:02:40 | 00,286,720 | ---- | C] () -- C:\Windows\SysWow64\libcurl.dll
[2009/08/06 13:02:22 | 00,143,360 | ---- | C] () -- C:\Windows\SysWow64\libexpatw.dll
[2009/08/03 18:57:18 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/08/03 16:03:41 | 00,598,240 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistMSI2007.txt
[2009/08/03 16:03:39 | 00,020,488 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistUI2007.txt
[2009/08/03 15:22:47 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/03 15:22:28 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/03 14:50:59 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009/08/03 14:39:34 | 00,000,327 | ---- | C] () -- C:\Windows\RefreshLock.ini
[2009/08/03 10:30:45 | 00,000,000 | ---- | C] () -- C:\Windows\LCDMedia.INI
[2009/08/02 22:36:17 | 00,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2009/08/02 22:35:19 | 00,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/08/02 22:33:44 | 00,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/08/02 22:28:02 | 00,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/08/02 22:28:02 | 00,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/08/02 22:28:00 | 00,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009/08/02 22:28:00 | 00,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009/08/02 22:19:34 | 00,000,989 | ---- | C] () -- C:\Windows\FF08_not_Spk_Hp.ini
[2009/08/02 22:19:34 | 00,000,928 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2009/08/02 22:19:12 | 00,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/08/02 22:19:11 | 00,127,488 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/08/02 21:03:00 | 00,041,125 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/08/02 21:02:40 | 00,034,721 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/08/02 21:02:40 | 00,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/08/02 21:00:48 | 00,051,960 | ---- | C] () -- C:\Users\Desktop\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/02 21:00:30 | 00,000,732 | ---- | C] () -- C:\Users\Desktop\AppData\Local\d3d9caps64.dat
[2009/06/02 18:11:16 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/05/29 16:52:26 | 00,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 16:47:06 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/04/21 18:26:56 | 00,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/09/12 16:21:02 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2007/09/04 12:56:10 | 00,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/02/05 20:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 08:24:55 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 08:24:55 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 05:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:34:27 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini

========== LOP Check ==========


----------



## miller330i (Oct 18, 2009)

[2009/10/19 00:28:44 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming
[2009/08/06 20:00:07 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\Ahead
[2009/10/17 08:55:20 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\Any DVD Converter Professional
[2009/08/03 07:49:43 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\ATI
[2009/10/07 20:09:00 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\Canon
[2009/08/09 09:55:53 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\DAEMON Tools Lite
[2009/08/05 09:54:51 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\Download Manager
[2009/08/07 19:11:21 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\DzSoft
[2009/10/16 10:26:09 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\ICQ
[2009/09/23 11:36:52 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\IGN_DLM
[2009/08/03 15:46:02 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\IObit
[2006/11/02 08:06:33 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\Media Center Programs
[2009/08/12 13:34:34 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\NewSoft
[2009/08/09 08:42:28 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\RegRun
[2009/08/02 22:33:39 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\ScanSoft
[2009/08/06 08:28:22 | 00,000,000 | RH-D | M] -- C:\Users\Desktop\AppData\Roaming\SecuROM
[2009/09/10 08:30:29 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\teamspeak2
[2009/10/22 19:07:25 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\uTorrent
[2009/08/09 18:28:00 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\VistaCodecs
[2009/08/09 23:15:35 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\Vso
[2009/09/22 10:04:39 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\Wargaming.Net
[2009/10/23 15:35:00 | 00,000,894 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/10/23 18:35:00 | 00,000,898 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009/10/23 12:40:29 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/10/22 22:03:28 | 00,019,420 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/10/04 22:31:38 | 00,000,412 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
[2009/10/20 00:00:07 | 00,001,698 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeper_L592D3875AA694C63B4900DCF28BFD983.job
[2009/10/19 22:52:14 | 00,001,684 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeper_L7E41AE94A7394FECBDA9B88F3EFB8F6A.job

========== Purity Check ==========

========== Custom Scans ==========

< Code: >

< --------- >

< rocesses >

< >

< :OTL >

< FF - prefs.js..browser.search.defaultenginename: "Sky Web Search" >

< FF - prefs.js..browser.search.selectedEngine: "Sky Web Search" >

< O4 - HKLM..\Run: [] File not found >

< O4 - HKCU..\Run: [AdobeBridge] File not found >

< O33 - MountPoints2\{71927353-afab-11de-b56d-002618359de8}\Shell - "" = AutoRun >

< O33 - MountPoints2\{71927353-afab-11de-b56d-002618359de8}\Shell\AutoRun\command - "" = F:\Startup.exe -- [2007/05/07 03:15:11 | 01,705,336 | R--- | M] (Microsoft Corporation) >

< >

< :Services >

< >

< :Reg >

< >

< :Files >

< C:\Users\Desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >
[2009/09/03 15:01:18 | 00,016,384 | ---- | M] () -- C:\Users\Desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Users\Desktop\AppData\Local\*.tmp files]

< >

< :Commands >

< [purity] >

< [emptytemp] >

< [resethosts] >

< [Reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >


----------



## emeraldnzl (Nov 3, 2007)

Hello miller330i,

Doesn't look like that OTL script ran.

Let's try again. Tell me if you are not sure about anything.

Please run OTL.exe

Under the *Custom Scans/Fixes* box at the bottom, paste in the following


```
:processes

:OTL
FF - prefs.js..browser.search.defaultenginename: "Sky Web Search"
FF - prefs.js..browser.search.selectedEngine: "Sky Web Search"
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O33 - MountPoints2\{71927353-afab-11de-b56d-002618359de8}\Shell - "" = AutoRun
O33 - MountPoints2\{71927353-afab-11de-b56d-002618359de8}\Shell\AutoRun\command - "" = F:\Startup.exe -- [2007/05/07 03:15:11 | 01,705,336 | R--- | M] (Microsoft Corporation)

:Services

:Reg

:Files
C:\Users\Desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:Commands
[emptytemp]
[Reboot]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.


----------



## miller330i (Oct 18, 2009)

OTL logfile created on: 10/23/2009 9:01:32 PM - Run 6
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Users\Desktop\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 43.25% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.46 Gb Total Space | 156.06 Gb Free Space | 55.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 279.45 Gb Total Space | 10.30 Gb Free Space | 3.69% Space Free | Partition Type: NTFS
Drive F: | 3.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP1
Current User Name: Desktop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe ()
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files (x86)\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Users\Desktop\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\DAODx.exe ()
PRC - C:\Windows\runservice.exe ()
PRC - C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

========== Win32 Services (SafeList) ==========

SRV - (Adobe Version Cue CS4 [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (AODService [Disabled | Stopped]) -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService [Disabled | Stopped]) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1ca148920d17d96 [Disabled | Stopped]) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service [Auto | Stopped]) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LicCtrlService [Auto | Running]) -- C:\Windows\runservice.exe ()
SRV - (LightScribeService [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MSDTC [Unknown | Stopped]) -- C:\Windows\SysWow64\Msdtc [2006/11/02 06:34:14 | 00,000,000 | ---D | M]
SRV - (Nero BackItUp Scheduler 3 [Disabled | Stopped]) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NMIndexingService [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service [Disabled | Stopped]) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (PnkBstrA [Auto | Running]) -- C:\Windows\SysWow64\PnkBstrA.exe ()
SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Sound Blaster X-Fi MB Licensing Service [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
SRV - (vds [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vds.mof ()
SRV - (VSS [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vss.mof ()
SRV - (WebrootSpySweeperService [Auto | Running]) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (WRConsumerService [Auto | Running]) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV:*64bit:* - (AEADIFilters [Disabled | Stopped]) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV:*64bit:* - (AMD External Events Utility [Auto | Running]) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:*64bit:* - (AppMgmt [On_Demand | Stopped]) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:*64bit:* - (CscService [Auto | Running]) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (Fax [On_Demand | Stopped]) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation)
SRV:*64bit:* - (FLEXnet Licensing Service 64 [Disabled | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:*64bit:* - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV:*64bit:* - (LVPrcS64 [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:*64bit:* - (MsMpSvc [Auto | Running]) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:*64bit:* - (UmRdpService [On_Demand | Stopped]) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:*64bit:* - (wbengine [On_Demand | Stopped]) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:*64bit:* - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adfs [Auto | Running]) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (AsIO [System | Running]) -- C:\Windows\SysWow64\drivers\AsIO.sys ()
DRV - (atillk64 [On_Demand | Stopped]) -- C:\Program Files (x86)\ATI Technologies\AMD GPU Clock Tool\atillk64.sys (ATI Technologies Inc.)
DRV - (CSC [System | Running]) -- C:\Windows\CSC [2009/08/02 17:24:44 | 00,000,000 | ---D | M]
DRV - (is-US5VGdrv [System | Stopped]) -- C:\Windows\SysWow64\DRIVERS\34972332.sys (Kaspersky Lab)
DRV - (mcdbus [On_Demand | Running]) -- C:\Windows\SysWow64\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV - (mpsdrv [On_Demand | Running]) -- C:\Windows\SysWow64\Wbem\mpsdrv.mof ()
DRV - (Partizan [Boot | Stopped]) -- C:\Windows\SysWow64\Partizan.RRI ()
DRV - (pwipf6 [System | Running]) -- C:\Windows\SysWow64\DRIVERS\pwipf6.sys (Privacyware/PWI, Inc.)
DRV - (RegGuard [On_Demand | Stopped]) -- C:\Windows\SysWow64\Drivers\regguard.sys (Greatis Software)
DRV - (RivaTuner64 [On_Demand | Stopped]) -- C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys ()
DRV - (Tcpip [Boot | Running]) -- C:\Windows\SysWow64\Wbem\tcpip.mof ()
DRV - (utm3mzg3 [On_Demand | Stopped]) -- C:\Windows\SysWow64\Drivers\utm3mzg3.sys ()
DRV:*64bit:* - (adfs [Auto | Running]) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:*64bit:* - (ADIHdAudAddService [On_Demand | Running]) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:*64bit:* - (AmdLLD64 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (Advanced Micro Devices)
DRV:*64bit:* - (AmdTools [System | Stopped]) -- C:\Windows\SysNative\DRIVERS\AmdTools64.sys (AMD, Inc.)
DRV:*64bit:* - (AtiHdmiService [On_Demand | Running]) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:*64bit:* - (atikmdag [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:*64bit:* - (AtiPcie [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:*64bit:* - (CSC [System | Running]) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:*64bit:* - (fvevol [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\fvevol.sys (Microsoft Corporation)
DRV:*64bit:* - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:*64bit:* - (HdAudAddService [On_Demand | Stopped]) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:*64bit:* - (Lbd [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:*64bit:* - (LVPr2M64 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:*64bit:* - (LVPr2Mon [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:*64bit:* - (mcdbus [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:*64bit:* - (MpFilter [System | Running]) -- C:\Windows\SysNative\DRIVERS\MpFilter.sys (Microsoft Corporation)
DRV:*64bit:* - (MpNWMon [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\MpNWMon.sys (Microsoft Corporation)
DRV:*64bit:* - (MTsensor [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:*64bit:* - (pavboot [Boot | Running]) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:*64bit:* - (PID_0928 [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\LV561V64.SYS (Logitech Inc.)
DRV:*64bit:* - (pwipf6 [System | Running]) -- C:\Windows\SysNative\DRIVERS\pwipf6.sys (Privacyware/PWI, Inc.)
DRV:*64bit:* - (PxHlpa64 [Boot | Running]) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:*64bit:* - (RTL8169 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:*64bit:* - (sptd [Boot | Running]) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:*64bit:* - (ssfs0bbc [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV:*64bit:* - (ssidrv [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV:*64bit:* - (StarPortLite [System | Running]) -- C:\Windows\SysNative\DRIVERS\StarPortLite.sys (Rocket Division Software)
DRV:*64bit:* - (WpdUsb [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Desktop\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========


----------



## miller330i (Oct 18, 2009)

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Sky Web Search"
FF - prefs.js..browser.search.selectedEngine: "Sky Web Search"
FF - prefs.js..browser.startup.homepage: " "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/03 12:48:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/09/30 22:19:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/10/14 12:40:10 | 00,000,000 | ---D | M]

[2009/08/08 09:45:48 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Extensions
[2009/08/08 09:45:48 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/23 08:12:27 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Firefox\Profiles\kwgeslrt.default\extensions
[2009/09/23 13:54:59 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Firefox\Profiles\kwgeslrt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/23 08:12:27 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/09/30 22:19:50 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/21 12:10:23 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/24 13:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 13:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/07/13 17:16:26 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll
[2009/08/21 12:10:15 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll
[2009/07/13 17:15:48 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll
[2009/07/13 17:15:58 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/24 13:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/13 17:16:26 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll
[2009/08/24 11:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 11:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/08/24 11:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 11:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 11:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/08/24 11:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 11:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (794 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:*64bit:* - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg64.dll (Google Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:*64bit:* - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-US5VG.lnk = C:\Users\Desktop\Desktop\Virus Removal Tool\is-US5VG\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:*64bit:* - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:*64bit:* - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:*64bit:* - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:*64bit:* - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:*64bit:* - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18:*64bit:* - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/30 15:36:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/10/29 10:18:56 | 00,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/06/25 06:29:25 | 00,000,045 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{71927353-afab-11de-b56d-002618359de8}\Shell - "" = AutoRun
O33 - MountPoints2\{71927353-afab-11de-b56d-002618359de8}\Shell\AutoRun\command - "" = F:\Startup.exe -- [2007/05/07 03:15:11 | 01,705,336 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
*64bit:* O35 - comfile [open] -- "%1" %* File not found
*64bit:* O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\Windows\SysWow64\*.tmp files]
[1 C:\Windows\*.tmp files]
[2009/10/20 23:12:51 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/14 12:06:06 | 00,000,000 | ---D | C] -- C:\ProgramData\ATI
[2009/10/22 21:51:09 | 00,000,000 | ---D | C] -- C:\ProgramData\is-US5VG
[2009/10/21 11:18:11 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/10/03 10:29:12 | 00,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2009/10/18 11:00:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/13 09:13:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
[2009/10/20 23:38:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/10/17 22:46:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2009/10/17 08:55:20 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/10/18 23:31:31 | 00,000,000 | ---D | C] -- C:\ProgramData\WebRoot
[2009/10/17 08:55:09 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Any DVD Converter Professional
[2009/10/07 20:09:00 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Canon
[2009/10/15 14:12:17 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\FastStone
[2009/10/16 08:48:55 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\ICQ
[2009/10/18 11:00:34 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Malwarebytes
[2009/10/13 09:12:55 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Microsoft Game Studios
[2009/10/17 22:46:11 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Sunbelt
[2009/10/11 21:54:08 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\vlc
[2009/10/19 00:28:44 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Webroot
[1 C:\Users\Desktop\AppData\Local\*.tmp files]
[2009/10/23 16:47:24 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Adobe
[2009/10/21 12:49:00 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Apple
[2009/10/03 10:29:33 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\LogiShrd
[2009/10/13 09:13:25 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Microsoft Game Studios
[2009/10/22 14:35:45 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Visual Business Cards
[1 C:\Users\Desktop\AppData\Local\*.tmp files]
[2009/10/19 19:25:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2009/10/13 23:26:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2009/10/17 08:55:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Any DVD Converter Professional
[2009/10/23 19:37:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2009/10/15 14:12:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Photo Resizer
[2009/10/16 08:48:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6.5
[2009/10/21 11:18:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2009/10/13 09:07:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
[2009/10/18 11:00:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/10/13 23:32:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2009/10/01 16:26:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2009/10/01 23:16:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2009/10/13 09:13:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2009/10/13 23:03:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2009/10/02 10:49:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/10/19 19:25:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP
[2009/10/22 20:52:35 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2009/10/20 23:38:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2009/10/18 17:46:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2009/10/17 22:30:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sunbelt Software
[2009/10/17 22:10:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/10/15 08:40:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2009/10/22 14:32:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Visual Business Cards
[2009/10/18 00:26:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2009/10/03 10:27:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2009/10/14 11:57:11 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2009/10/01 16:26:17 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2009/10/23 16:01:58 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Users\Desktop\Desktop\OTL.exe
[2009/10/22 21:49:19 | 00,200,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysWow64\drivers\34972332.sys
[2009/10/22 21:49:19 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Desktop\Virus Removal Tool
[2009/10/22 14:35:46 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\Visual Business Cards
[2009/10/21 11:19:47 | 00,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2009/10/19 21:25:42 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/10/19 21:25:40 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/10/19 19:25:19 | 00,078,088 | ---- | C] (Privacyware/PWI, Inc.) -- C:\Windows\SysNative\drivers\pwipf6.sys
[2009/10/19 19:25:11 | 01,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll
[2009/10/19 19:22:24 | 00,078,088 | ---- | C] (Privacyware/PWI, Inc.) -- C:\Windows\SysWow64\drivers\pwipf6.sys
[2009/10/18 12:06:58 | 00,000,000 | --SD | C] -- C:\TheHammer3533T
[2009/10/18 12:06:26 | 00,000,000 | --SD | C] -- C:\TheHammer
[2009/10/18 12:06:26 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/17 22:21:11 | 00,000,000 | ---D | C] -- C:\sbtemp
[2009/10/17 10:17:17 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\OJOsoft Corporation
[2009/10/17 08:55:21 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\Any DVD Converter Professional
[2009/10/13 23:32:20 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/10/13 23:03:07 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2009/10/13 22:58:55 | 05,690,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/10/13 22:58:53 | 07,006,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2009/10/13 22:58:52 | 01,426,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2009/10/13 22:58:52 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2009/10/13 22:58:51 | 03,599,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/13 22:58:51 | 01,176,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/10/13 22:58:51 | 00,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/10/13 22:58:50 | 06,079,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/10/13 22:58:48 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/10/13 22:58:47 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2009/10/13 22:58:47 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2009/10/13 22:58:45 | 00,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2009/10/13 22:58:45 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2009/10/13 22:58:34 | 04,698,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2009/10/13 22:58:33 | 00,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2009/10/13 22:58:33 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2009/10/13 22:58:32 | 00,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msv1_0.dll
[2009/10/13 22:58:32 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/10/13 22:57:46 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\srv2.sys
[2009/10/13 22:57:45 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2009/10/13 22:57:45 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll
[2009/10/13 16:59:22 | 02,146,304 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2009/10/13 09:52:53 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/10/13 09:07:30 | 00,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
[2009/10/13 09:07:30 | 00,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2009/10/12 20:08:55 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Desktop\Halo.2.XP-TheBabeLover
[2009/10/03 12:38:47 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\SightSpeed Recordings
[2009/10/01 16:40:24 | 00,238,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MpSigStub.exe
[2009/08/09 23:14:51 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\Desktop\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========


----------



## miller330i (Oct 18, 2009)

[2 C:\Windows\SysWow64\*.tmp files]
[1 C:\Windows\*.tmp files]
[1 C:\Users\Desktop\AppData\Local\*.tmp files]
[2009/10/23 20:40:25 | 00,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/23 20:40:25 | 00,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/23 20:35:01 | 00,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/23 16:02:01 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\Desktop\Desktop\OTL.exe
[2009/10/23 15:35:00 | 00,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/23 12:48:48 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/10/23 12:48:48 | 00,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/10/23 12:48:48 | 00,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/10/23 12:40:39 | 00,001,377 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2009/10/23 12:40:29 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/23 12:40:25 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/23 12:28:33 | 02,842,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/10/22 23:15:45 | 00,038,400 | ---- | M] () -- C:\Users\Desktop\Desktop\Polarity.doc
[2009/10/22 23:15:41 | 00,030,720 | ---- | M] () -- C:\Users\Desktop\Desktop\Geometry.doc
[2009/10/22 23:15:36 | 00,027,136 | ---- | M] () -- C:\Users\Desktop\Desktop\Calorimetry.doc
[2009/10/22 23:15:30 | 00,035,840 | ---- | M] () -- C:\Users\Desktop\Desktop\Thermo.doc
[2009/10/22 23:15:25 | 00,034,304 | ---- | M] () -- C:\Users\Desktop\Desktop\Lewis.doc
[2009/10/22 23:11:28 | 00,000,680 | ---- | M] () -- C:\Users\Desktop\AppData\Local\d3d9caps.dat
[2009/10/22 22:05:49 | 00,007,168 | ---- | M] () -- C:\Windows\SysWow64\drivers\utm3mzg3.sys
[2009/10/22 21:51:09 | 00,001,803 | ---- | M] () -- C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-US5VG.lnk
[2009/10/20 00:00:07 | 00,001,698 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L592D3875AA694C63B4900DCF28BFD983.job
[2009/10/19 22:52:14 | 00,001,684 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L7E41AE94A7394FECBDA9B88F3EFB8F6A.job
[2009/10/19 19:25:12 | 00,017,264 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe
[2009/10/19 19:22:58 | 00,000,164 | ---- | M] () -- C:\Windows\install.dat
[2009/10/19 19:22:24 | 00,078,088 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Windows\SysWow64\drivers\pwipf6.sys
[2009/10/19 19:22:24 | 00,078,088 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Windows\SysNative\drivers\pwipf6.sys
[2009/10/19 19:05:56 | 00,000,732 | ---- | M] () -- C:\Users\Desktop\AppData\Local\d3d9caps64.dat
[2009/10/19 00:24:55 | 00,000,164 | ---- | M] () -- C:\install.dat
[2009/10/13 16:59:22 | 02,146,304 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2009/10/12 21:16:04 | 00,000,133 | ---- | M] () -- C:\Users\Desktop\AppData\Roaming\default.pls
[2009/10/12 17:13:49 | 00,189,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2009/10/12 17:13:49 | 00,189,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/10/12 11:36:22 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/10/04 22:31:38 | 00,000,412 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2009/10/02 11:40:19 | 26,575,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mrt.exe
[2009/10/01 10:29:14 | 00,238,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MpSigStub.exe

========== Files - No Company Name ==========
[2009/10/22 23:15:45 | 00,038,400 | ---- | C] () -- C:\Users\Desktop\Desktop\Polarity.doc
[2009/10/22 23:15:41 | 00,030,720 | ---- | C] () -- C:\Users\Desktop\Desktop\Geometry.doc
[2009/10/22 23:15:36 | 00,027,136 | ---- | C] () -- C:\Users\Desktop\Desktop\Calorimetry.doc
[2009/10/22 23:15:30 | 00,035,840 | ---- | C] () -- C:\Users\Desktop\Desktop\Thermo.doc
[2009/10/22 23:15:24 | 00,034,304 | ---- | C] () -- C:\Users\Desktop\Desktop\Lewis.doc
[2009/10/22 22:05:49 | 00,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\utm3mzg3.sys
[2009/10/22 21:51:09 | 00,001,803 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-US5VG.lnk
[2009/10/21 17:14:19 | 00,015,688 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2009/10/20 23:20:09 | 00,001,840 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistMSI3C6B.txt
[2009/10/20 23:20:04 | 00,012,862 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistUI3C6B.txt
[2009/10/19 20:58:52 | 00,001,698 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L592D3875AA694C63B4900DCF28BFD983.job
[2009/10/19 20:58:51 | 00,001,684 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L7E41AE94A7394FECBDA9B88F3EFB8F6A.job
[2009/10/19 19:25:15 | 00,017,264 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe
[2009/10/19 19:22:57 | 00,000,164 | ---- | C] () -- C:\Windows\install.dat
[2009/10/18 23:23:57 | 00,000,164 | ---- | C] () -- C:\install.dat
[2009/10/18 21:43:33 | 00,000,680 | ---- | C] () -- C:\Users\Desktop\AppData\Local\d3d9caps.dat
[2009/10/12 11:36:22 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/10/01 23:15:42 | 00,231,562 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL90SP1_KB973924MSI6C8A.txt
[2009/10/01 23:15:41 | 00,014,524 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL90SP1_KB973924UI6C8A.txt
[2009/10/01 23:15:11 | 00,557,508 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923MSI6C25.txt
[2009/10/01 23:15:10 | 00,014,540 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923UI6C25.txt
[2009/10/01 23:14:50 | 00,541,238 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923MSI6BD6.txt
[2009/10/01 23:14:46 | 00,014,492 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923UI6BD6.txt
[2009/09/23 12:09:15 | 00,704,282 | ---- | C] () -- C:\Program Files (x86)\unins000.exe
[2009/09/23 12:09:15 | 00,018,052 | ---- | C] () -- C:\Program Files (x86)\unins000.dat
[2009/09/18 12:18:50 | 00,000,612 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/15 09:27:07 | 00,016,384 | ---- | C] () -- C:\Users\Desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/12 14:35:43 | 00,001,377 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2009/08/12 14:35:41 | 00,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2009/08/11 18:59:20 | 00,000,133 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\default.pls
[2009/08/10 09:22:01 | 00,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/08/09 23:15:35 | 00,000,034 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\pcouffin.log
[2009/08/09 23:14:51 | 00,099,384 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\inst.exe
[2009/08/09 23:14:51 | 00,007,859 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\pcouffin.cat
[2009/08/09 23:14:51 | 00,001,167 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\pcouffin.inf
[2009/08/07 19:51:34 | 00,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/08/06 13:06:48 | 00,059,904 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2009/08/06 13:02:40 | 00,286,720 | ---- | C] () -- C:\Windows\SysWow64\libcurl.dll
[2009/08/06 13:02:22 | 00,143,360 | ---- | C] () -- C:\Windows\SysWow64\libexpatw.dll
[2009/08/03 18:57:18 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/08/03 16:03:41 | 00,598,240 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistMSI2007.txt
[2009/08/03 16:03:39 | 00,020,488 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistUI2007.txt
[2009/08/03 15:22:47 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/03 15:22:28 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/03 14:50:59 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009/08/03 14:39:34 | 00,000,327 | ---- | C] () -- C:\Windows\RefreshLock.ini
[2009/08/03 10:30:45 | 00,000,000 | ---- | C] () -- C:\Windows\LCDMedia.INI
[2009/08/02 22:36:17 | 00,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2009/08/02 22:35:19 | 00,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/08/02 22:33:44 | 00,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/08/02 22:28:02 | 00,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/08/02 22:28:02 | 00,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/08/02 22:28:00 | 00,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009/08/02 22:28:00 | 00,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009/08/02 22:19:34 | 00,000,989 | ---- | C] () -- C:\Windows\FF08_not_Spk_Hp.ini
[2009/08/02 22:19:34 | 00,000,928 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2009/08/02 22:19:12 | 00,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/08/02 22:19:11 | 00,127,488 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/08/02 21:03:00 | 00,041,125 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/08/02 21:02:40 | 00,034,721 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/08/02 21:02:40 | 00,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/08/02 21:00:48 | 00,051,960 | ---- | C] () -- C:\Users\Desktop\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/02 21:00:30 | 00,000,732 | ---- | C] () -- C:\Users\Desktop\AppData\Local\d3d9caps64.dat
[2009/06/02 18:11:16 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/05/29 16:52:26 | 00,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 16:47:06 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/04/21 18:26:56 | 00,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/09/12 16:21:02 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2007/09/04 12:56:10 | 00,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/02/05 20:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 08:24:55 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 08:24:55 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 05:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:34:27 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini

========== Custom Scans ==========

< Code: >

< --------- >

< rocesses >

< >

< :OTL >

< FF - prefs.js..browser.search.defaultenginename: "Sky Web Search" >

< FF - prefs.js..browser.search.selectedEngine: "Sky Web Search" >

< O4 - HKLM..\Run: [] File not found >

< O4 - HKCU..\Run: [AdobeBridge] File not found >

< O33 - MountPoints2\{71927353-afab-11de-b56d-002618359de8}\Shell - "" = AutoRun >

< O33 - MountPoints2\{71927353-afab-11de-b56d-002618359de8}\Shell\AutoRun\command - "" = F:\Startup.exe -- [2007/05/07 03:15:11 | 01,705,336 | R--- | M] (Microsoft Corporation) >

< >

< :Services >

< >

< :Reg >

< >

< :Files >

< C:\Users\Desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >
[2009/09/03 15:01:18 | 00,016,384 | ---- | M] () -- C:\Users\Desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Users\Desktop\AppData\Local\*.tmp files]

< >

< :Commands >

< [emptytemp] >

< [Reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >


----------



## miller330i (Oct 18, 2009)

Eset is 50% done 3 infected files so far. Thanks for the help!


----------



## emeraldnzl (Nov 3, 2007)

Well we have a problem with the running of that script.









Let's leave it for now and wait for the Eset one.

After that, if still necessary, we will go through step by step with the instructions for the OTL scrip and see if we can manage to run it properly.


----------



## miller330i (Oct 18, 2009)

Maybe I am copying the wrong things. I dont know as I havent done this earlier. ESET is still running, about 75% done now. Still showing 3 errors, (3 win32/autoit.gen). Thanks for the help! Jeffrey


----------



## emeraldnzl (Nov 3, 2007)

> Maybe I am copying the wrong things.


Could be that or any of a number of other reasons. Let's not worry now.

We will fix it in good time









Night time where I am so this will be my last post to you for a few hours.

Look forward to the scan results when they come.


----------



## miller330i (Oct 18, 2009)

C:\Program Files (x86)\VistaCodecPack\Tools\Settings32.exe Win32/Packed.Autoit.Gen application deleted - quarantined
C:\ProgramData\VistaCodecs\{824A49A1-1AB1-4A00-91E5-C3B2C299366D}\Vista Codec Package.msi Win32/Packed.Autoit.Gen application deleted - quarantined
E:\Nero-8.3.13.0_all_update.exe Win32/Toolbar.AskSBar application deleted - quarantined


----------



## emeraldnzl (Nov 3, 2007)

Hello miller330i,

*Download and scan with* *SUPERAntiSpyware* Free for Home Users

Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._
Click the "*Close*" button to leave the control center screen.
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*.
On the left, make sure you check *C:\Fixed Drive*.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click "*Next*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._
_Please copy and paste the Scan Log results in your next reply, also tell me how your machine is now._
Click *Close* to exit the program.


----------



## miller330i (Oct 18, 2009)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/25/2009 at 00:14 AM
Application Version : 4.29.1004
Core Rules Database Version : 4188
Trace Rules Database Version: 2103
Scan type : Complete Scan
Total Scan Time : 04:39:28
Memory items scanned : 427
Memory threats detected : 0
Registry items scanned : 7296
Registry threats detected : 6
File items scanned : 1145198
File threats detected : 199
Trojan.Agent/Gen
HKLM\System\ControlSet002\Services\utm3mzg3
C:\WINDOWS\SYSTEM32\DRIVERS\UTM3MZG3.SYS
HKLM\System\ControlSet002\Enum\Root\LEGACY_utm3mzg3
HKLM\System\ControlSet004\Services\utm3mzg3
HKLM\System\ControlSet004\Enum\Root\LEGACY_utm3mzg3
HKLM\System\CurrentControlSet\Services\utm3mzg3
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_utm3mzg3
C:\WINDOWS\SYSWOW64\DRIVERS\UTM3MZG3.SYS
Adware.Tracking Cookie
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\des[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected]****edhard[1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected]revolver[2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt


----------



## miller330i (Oct 18, 2009)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/25/2009 at 00:14 AM
Application Version : 4.29.1004
Core Rules Database Version : 4188
Trace Rules Database Version: 2103
Scan type : Complete Scan
Total Scan Time : 04:39:28
Memory items scanned : 427
Memory threats detected : 0
Registry items scanned : 7296
Registry threats detected : 6
File items scanned : 1145198
File threats detected : 199
Trojan.Agent/Gen
HKLM\System\ControlSet002\Services\utm3mzg3
C:\WINDOWS\SYSTEM32\DRIVERS\UTM3MZG3.SYS
HKLM\System\ControlSet002\Enum\Root\LEGACY_utm3mzg3
HKLM\System\ControlSet004\Services\utm3mzg3
HKLM\System\ControlSet004\Enum\Root\LEGACY_utm3mzg3
HKLM\System\CurrentControlSet\Services\utm3mzg3
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_utm3mzg3
C:\WINDOWS\SYSWOW64\DRIVERS\UTM3MZG3.SYS
Adware.Tracking Cookie
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\d[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected]****edhard[1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt


----------



## emeraldnzl (Nov 3, 2007)

> after reboot and cleaning. I am running another scan now.


I take it that this scan is still to come?


----------



## miller330i (Oct 18, 2009)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/25/2009 at 03:46 AM
Application Version : 4.29.1004
Core Rules Database Version : 4189
Trace Rules Database Version: 2103
Scan type : Complete Scan
Total Scan Time : 01:44:17
Memory items scanned : 229
Memory threats detected : 0
Registry items scanned : 7294
Registry threats detected : 0
File items scanned : 314008
File threats detected : 18
Adware.Tracking Cookie
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt


----------



## miller330i (Oct 18, 2009)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/25/2009 at 00:14 AM
Application Version : 4.29.1004
Core Rules Database Version : 4188
Trace Rules Database Version: 2103
Scan type : Complete Scan
Total Scan Time : 04:39:28
Memory items scanned : 427
Memory threats detected : 0
Registry items scanned : 7296
Registry threats detected : 6
File items scanned : 1145198
File threats detected : 199
Trojan.Agent/Gen
HKLM\System\ControlSet002\Services\utm3mzg3
C:\WINDOWS\SYSTEM32\DRIVERS\UTM3MZG3.SYS
HKLM\System\ControlSet002\Enum\Root\LEGACY_utm3mzg3
HKLM\System\ControlSet004\Services\utm3mzg3
HKLM\System\ControlSet004\Enum\Root\LEGACY_utm3mzg3
HKLM\System\CurrentControlSet\Services\utm3mzg3
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_utm3mzg3
C:\WINDOWS\SYSWOW64\DRIVERS\UTM3MZG3.SYS
Adware.Tracking Cookie
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected]ck[1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\administr[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected]marine.112.2o7[1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected]****edhard[1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt


----------



## emeraldnzl (Nov 3, 2007)

Let's see if we can get that OTL script to run.

Double click OTL.exe








Then click the *Run* button:

Once OTL is opened you will be presented with a console looking like this:








Under the *Custom Scans/Fixes* box at the bottom, paste in the following


```
:processes

:OTL
FF - prefs.js..browser.search.defaultenginename: "Sky Web Search"
FF - prefs.js..browser.search.selectedEngine: "Sky Web Search"
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O33 - MountPoints2\{71927353-afab-11de-b56d-002618359de8}\Shell - "" = AutoRun
O33 - MountPoints2\{71927353-afab-11de-b56d-002618359de8}\Shell\AutoRun\command - "" = F:\Startup.exe -- [2007/05/07 03:15:11 | 01,705,336 | R--- | M] (Microsoft Corporation)

:Files
C:\Users\Desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.


----------



## miller330i (Oct 18, 2009)

All processes killed
========== PROCESSES ==========
========== OTL ==========
Prefs.js: "Sky Web Search" removed from browser.search.defaultenginename
Prefs.js: "Sky Web Search" removed from browser.search.selectedEngine
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71927353-afab-11de-b56d-002618359de8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71927353-afab-11de-b56d-002618359de8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71927353-afab-11de-b56d-002618359de8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71927353-afab-11de-b56d-002618359de8}\ not found.
File move failed. F:\Startup.exe scheduled to be moved on reboot.
========== FILES ==========
C:\Users\Desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Desktop
File delete failed. C:\Users\Desktop\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be deleted on reboot.
->Temp folder emptied: 233063207 bytes
File delete failed. C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I1QTU18N\ads[7].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3A9VWJ9\870015-computer-has-been-infected-vista-3[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3A9VWJ9\a[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7QILHB84\01[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0I8TEQFK\eBayISAPI[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT scheduled to be deleted on reboot.
File delete failed. C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 26541796 bytes
->Java cache emptied: 15101767 bytes
->FireFox cache emptied: 63586686 bytes
->Google Chrome cache emptied: 6238565 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
C:\Windows\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1564672 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be deleted on reboot.
Windows Temp folder emptied: 501476 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 330.54 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.0.22.1 log created on 10252009_161452
Files\Folders moved on Reboot...
File move failed. F:\Startup.exe scheduled to be moved on reboot.
C:\Users\Desktop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I1QTU18N\ads[7].htm moved successfully.
C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3A9VWJ9\870015-computer-has-been-infected-vista-3[1].htm moved successfully.
File\Folder C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3A9VWJ9\a[1].htm not found!
File\Folder C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7QILHB84\01[2].htm not found!
File\Folder C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0I8TEQFK\eBayISAPI[2].htm not found!
C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
DllUnregisterServer procedure not found in C:\Windows\temp\logishrd\LVPrcInj01.dll
C:\Windows\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\Windows\temp\logishrd\LVPrcInj02.dll
C:\Windows\temp\logishrd\LVPrcInj02.dll NOT unregistered.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Registry entries deleted on Reboot...


----------



## emeraldnzl (Nov 3, 2007)

> The report, many failures!


I guess it looks like that but I think it did what we want.

Let's have a look.


Close all windows and open *OTL* again. 
Click *Run Scan* and let the program run uninterrupted
It will produce a log for you. Post the log here.


----------



## miller330i (Oct 18, 2009)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/25/2009 at 06:32 PM

Application Version : 4.29.1004

Core Rules Database Version : 4189
Trace Rules Database Version: 2103

Scan type : Complete Scan
Total Scan Time : 01:37:26

Memory items scanned : 203
Memory threats detected : 0
Registry items scanned : 7292
Registry threats detected : 0
File items scanned : 306861
File threats detected : 36

Adware.Tracking Cookie
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt


----------



## emeraldnzl (Nov 3, 2007)

Hello miller330i,

That wasn't the log I was looking for.

This is the one I wanted you to run:










This time though click the Run Scan button and post the log back here.

Turning to the SAS log. All it is showing is harmless cookies. They won't hurt your computer. In fact you won't be able to use many sites unless you let them load there cookies.


----------



## miller330i (Oct 18, 2009)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/25/2009 at 08:24 PM

Application Version : 4.29.1004

Core Rules Database Version : 4189
Trace Rules Database Version: 2103

Scan type : Complete Scan
Total Scan Time : 01:36:41

Memory items scanned : 225
Memory threats detected : 0
Registry items scanned : 7292
Registry threats detected : 0
File items scanned : 306874
File threats detected : 0


----------



## emeraldnzl (Nov 3, 2007)

Thank you for that SuperAntiSpyWare log.

It wasn't the one I was looking for... see my last post.

However, if you are happy with your computer now we can move to removing the tools we have been using.


----------



## miller330i (Oct 18, 2009)

OTL logfile created on: 10/25/2009 8:47:57 PM - Run 7
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Users\Desktop\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 55.26% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.46 Gb Total Space | 156.09 Gb Free Space | 55.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 279.45 Gb Total Space | 10.51 Gb Free Space | 3.76% Space Free | Partition Type: NTFS
Drive F: | 3.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP1
Current User Name: Desktop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Users\Desktop\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\DAODx.exe ()
PRC - C:\Windows\runservice.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

========== Win32 Services (SafeList) ==========

SRV - (Adobe Version Cue CS4 [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (AODService [Disabled | Stopped]) -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService [Disabled | Stopped]) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1ca148920d17d96 [Disabled | Stopped]) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service [Auto | Stopped]) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LicCtrlService [Auto | Running]) -- C:\Windows\runservice.exe ()
SRV - (LightScribeService [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MSDTC [Unknown | Stopped]) -- C:\Windows\SysWow64\Msdtc [2006/11/02 06:34:14 | 00,000,000 | ---D | M]
SRV - (Nero BackItUp Scheduler 3 [Disabled | Stopped]) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NMIndexingService [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service [Disabled | Stopped]) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (PnkBstrA [Auto | Running]) -- C:\Windows\SysWow64\PnkBstrA.exe ()
SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Sound Blaster X-Fi MB Licensing Service [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
SRV - (vds [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vds.mof ()
SRV - (VSS [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vss.mof ()
SRV - (WebrootSpySweeperService [Auto | Running]) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (WRConsumerService [Auto | Running]) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV:*64bit:* - (AEADIFilters [Disabled | Stopped]) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV:*64bit:* - (AMD External Events Utility [Auto | Running]) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:*64bit:* - (AppMgmt [On_Demand | Stopped]) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:*64bit:* - (CscService [Auto | Running]) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (Fax [On_Demand | Stopped]) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation)
SRV:*64bit:* - (FLEXnet Licensing Service 64 [Disabled | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:*64bit:* - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV:*64bit:* - (LVPrcS64 [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:*64bit:* - (MsMpSvc [Auto | Running]) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:*64bit:* - (UmRdpService [On_Demand | Stopped]) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:*64bit:* - (wbengine [On_Demand | Stopped]) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:*64bit:* - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adfs [Auto | Running]) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (AsIO [System | Running]) -- C:\Windows\SysWow64\drivers\AsIO.sys ()
DRV - (atillk64 [On_Demand | Stopped]) -- C:\Program Files (x86)\ATI Technologies\AMD GPU Clock Tool\atillk64.sys (ATI Technologies Inc.)
DRV - (CSC [System | Running]) -- C:\Windows\CSC [2009/08/02 17:24:44 | 00,000,000 | ---D | M]
DRV - (is-US5VGdrv [System | Stopped]) -- C:\Windows\SysWow64\DRIVERS\34972332.sys (Kaspersky Lab)
DRV - (mcdbus [On_Demand | Running]) -- C:\Windows\SysWow64\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV - (mpsdrv [On_Demand | Running]) -- C:\Windows\SysWow64\Wbem\mpsdrv.mof ()
DRV - (Partizan [Boot | Stopped]) -- C:\Windows\SysWow64\Partizan.RRI ()
DRV - (pwipf6 [System | Running]) -- C:\Windows\SysWow64\DRIVERS\pwipf6.sys (Privacyware/PWI, Inc.)
DRV - (RegGuard [On_Demand | Stopped]) -- C:\Windows\SysWow64\Drivers\regguard.sys (Greatis Software)
DRV - (RivaTuner64 [On_Demand | Stopped]) -- C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys ()
DRV - (SASDIFSV [System | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Tcpip [Boot | Running]) -- C:\Windows\SysWow64\Wbem\tcpip.mof ()
DRV:*64bit:* - (adfs [Auto | Running]) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:*64bit:* - (ADIHdAudAddService [On_Demand | Running]) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:*64bit:* - (AmdLLD64 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (Advanced Micro Devices)
DRV:*64bit:* - (AmdTools [System | Stopped]) -- C:\Windows\SysNative\DRIVERS\AmdTools64.sys (AMD, Inc.)
DRV:*64bit:* - (AtiHdmiService [On_Demand | Running]) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:*64bit:* - (atikmdag [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:*64bit:* - (AtiPcie [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:*64bit:* - (CSC [System | Running]) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:*64bit:* - (fvevol [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\fvevol.sys (Microsoft Corporation)
DRV:*64bit:* - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:*64bit:* - (HdAudAddService [On_Demand | Stopped]) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:*64bit:* - (Lbd [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:*64bit:* - (LVPr2M64 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:*64bit:* - (LVPr2Mon [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:*64bit:* - (mcdbus [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:*64bit:* - (MpFilter [System | Running]) -- C:\Windows\SysNative\DRIVERS\MpFilter.sys (Microsoft Corporation)
DRV:*64bit:* - (MpNWMon [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\MpNWMon.sys (Microsoft Corporation)
DRV:*64bit:* - (MTsensor [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:*64bit:* - (pavboot [Boot | Running]) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:*64bit:* - (PID_0928 [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\LV561V64.SYS (Logitech Inc.)
DRV:*64bit:* - (pwipf6 [System | Running]) -- C:\Windows\SysNative\DRIVERS\pwipf6.sys (Privacyware/PWI, Inc.)
DRV:*64bit:* - (PxHlpa64 [Boot | Running]) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:*64bit:* - (RTL8169 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:*64bit:* - (sptd [Boot | Running]) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:*64bit:* - (ssfs0bbc [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV:*64bit:* - (ssidrv [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV:*64bit:* - (StarPortLite [System | Running]) -- C:\Windows\SysNative\DRIVERS\StarPortLite.sys (Rocket Division Software)
DRV:*64bit:* - (WpdUsb [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Desktop\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: " "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/03 12:48:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/09/30 22:19:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/10/14 12:40:10 | 00,000,000 | ---D | M]


----------



## miller330i (Oct 18, 2009)

[2009/08/08 09:45:48 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Extensions
[2009/08/08 09:45:48 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/25 18:12:33 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Firefox\Profiles\kwgeslrt.default\extensions
[2009/09/23 13:54:59 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Firefox\Profiles\kwgeslrt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/23 08:12:27 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/09/30 22:19:50 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/21 12:10:23 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/24 13:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 13:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/07/13 17:16:26 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll
[2009/08/21 12:10:15 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll
[2009/07/13 17:15:48 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll
[2009/07/13 17:15:58 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/24 13:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/13 17:16:26 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll
[2009/08/24 11:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 11:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/08/24 11:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 11:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 11:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/08/24 11:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 11:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (56 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:*64bit:* - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg64.dll (Google Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:*64bit:* - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-US5VG.lnk = C:\Users\Desktop\Desktop\Virus Removal Tool\is-US5VG\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:*64bit:* - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:*64bit:* - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:*64bit:* - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:*64bit:* - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:*64bit:* - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18:*64bit:* - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/30 15:36:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/10/29 10:18:56 | 00,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/06/25 06:29:25 | 00,000,045 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
*64bit:* O35 - comfile [open] -- "%1" %* File not found
*64bit:* O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found


----------



## miller330i (Oct 18, 2009)

========== Files/Folders - Created Within 30 Days ==========

[2009/10/20 23:12:51 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/14 12:06:06 | 00,000,000 | ---D | C] -- C:\ProgramData\ATI
[2009/10/22 21:51:09 | 00,000,000 | ---D | C] -- C:\ProgramData\is-US5VG
[2009/10/21 11:18:11 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/10/03 10:29:12 | 00,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2009/10/18 11:00:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/13 09:13:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
[2009/10/20 23:38:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/10/17 22:46:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2009/10/24 19:28:39 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/10/17 08:55:20 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/10/18 23:31:31 | 00,000,000 | ---D | C] -- C:\ProgramData\WebRoot
[2009/10/17 08:55:09 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Any DVD Converter Professional
[2009/10/07 20:09:00 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Canon
[2009/10/15 14:12:17 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\FastStone
[2009/10/16 08:48:55 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\ICQ
[2009/10/18 11:00:34 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Malwarebytes
[2009/10/13 09:12:55 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Microsoft Game Studios
[2009/10/17 22:46:11 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Sunbelt
[2009/10/24 19:28:35 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\SUPERAntiSpyware.com
[2009/10/11 21:54:08 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\vlc
[2009/10/19 00:28:44 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Webroot
[1 C:\Users\Desktop\AppData\Local\*.tmp files]
[2009/10/23 16:47:24 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Adobe
[2009/10/21 12:49:00 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Apple
[2009/10/03 10:29:33 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\LogiShrd
[2009/10/13 09:13:25 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Microsoft Game Studios
[2009/10/22 14:35:45 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Visual Business Cards
[1 C:\Users\Desktop\AppData\Local\*.tmp files]
[2009/10/19 19:25:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2009/10/13 23:26:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2009/10/17 08:55:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Any DVD Converter Professional
[2009/10/23 19:37:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2009/10/15 14:12:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Photo Resizer
[2009/10/16 08:48:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6.5
[2009/10/21 11:18:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2009/10/13 09:07:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
[2009/10/18 11:00:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/10/13 23:32:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2009/10/01 16:26:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2009/10/01 23:16:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2009/10/13 09:13:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2009/10/13 23:03:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2009/10/02 10:49:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/10/19 19:25:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP
[2009/10/22 20:52:35 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2009/10/20 23:38:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2009/10/18 17:46:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2009/10/17 22:30:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sunbelt Software
[2009/10/24 19:28:35 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2009/10/17 22:10:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/10/15 08:40:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2009/10/22 14:32:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Visual Business Cards
[2009/10/18 00:26:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2009/10/03 10:27:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2009/10/14 11:57:11 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2009/10/01 16:26:17 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2009/10/25 16:14:52 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/23 16:01:58 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Users\Desktop\Desktop\OTL.exe
[2009/10/22 21:49:19 | 00,200,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysWow64\drivers\34972332.sys
[2009/10/22 21:49:19 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Desktop\Virus Removal Tool
[2009/10/22 14:35:46 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\Visual Business Cards
[2009/10/21 11:19:47 | 00,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2009/10/19 21:25:42 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/10/19 21:25:40 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/10/19 19:25:19 | 00,078,088 | ---- | C] (Privacyware/PWI, Inc.) -- C:\Windows\SysNative\drivers\pwipf6.sys
[2009/10/19 19:25:11 | 01,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll
[2009/10/19 19:22:24 | 00,078,088 | ---- | C] (Privacyware/PWI, Inc.) -- C:\Windows\SysWow64\drivers\pwipf6.sys
[2009/10/18 12:06:58 | 00,000,000 | --SD | C] -- C:\TheHammer3533T
[2009/10/18 12:06:26 | 00,000,000 | --SD | C] -- C:\TheHammer
[2009/10/18 12:06:26 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/17 22:21:11 | 00,000,000 | ---D | C] -- C:\sbtemp
[2009/10/17 10:17:17 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\OJOsoft Corporation
[2009/10/17 08:55:21 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\Any DVD Converter Professional
[2009/10/13 23:32:20 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/10/13 23:03:07 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2009/10/13 22:58:55 | 05,690,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/10/13 22:58:53 | 07,006,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2009/10/13 22:58:52 | 01,426,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2009/10/13 22:58:52 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2009/10/13 22:58:51 | 03,599,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/13 22:58:51 | 01,176,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/10/13 22:58:51 | 00,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/10/13 22:58:50 | 06,079,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/10/13 22:58:48 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/10/13 22:58:47 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2009/10/13 22:58:47 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2009/10/13 22:58:45 | 00,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2009/10/13 22:58:45 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2009/10/13 22:58:34 | 04,698,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2009/10/13 22:58:33 | 00,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2009/10/13 22:58:33 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2009/10/13 22:58:32 | 00,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msv1_0.dll
[2009/10/13 22:58:32 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/10/13 22:57:46 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\srv2.sys
[2009/10/13 22:57:45 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2009/10/13 22:57:45 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll
[2009/10/13 16:59:22 | 02,146,304 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2009/10/13 09:52:53 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/10/13 09:07:30 | 00,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
[2009/10/13 09:07:30 | 00,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2009/10/12 20:08:55 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Desktop\Halo.2.XP-TheBabeLover
[2009/10/03 12:38:47 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\SightSpeed Recordings
[2009/10/01 16:40:24 | 00,238,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MpSigStub.exe
[2009/08/09 23:14:51 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\Desktop\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[1 C:\Users\Desktop\AppData\Local\*.tmp files]
[2009/10/25 20:43:54 | 00,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/25 20:43:54 | 00,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/25 20:35:00 | 00,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/25 18:52:00 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/10/25 18:52:00 | 00,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/10/25 18:52:00 | 00,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/10/25 18:44:13 | 00,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/25 18:43:55 | 00,001,377 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2009/10/25 18:43:54 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/25 18:43:53 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/25 18:42:58 | 04,521,924 | -H-- | M] () -- C:\Users\Desktop\AppData\Local\IconCache.db
[2009/10/25 16:15:57 | 00,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2009/10/25 11:36:47 | 01,088,006 | ---- | M] () -- C:\Users\Desktop\Desktop\MGT Motorsports_com BlendMount Your Valentine One Radar Detector.mht
[2009/10/25 01:13:59 | 02,842,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/10/23 16:02:01 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\Desktop\Desktop\OTL.exe
[2009/10/22 23:15:45 | 00,038,400 | ---- | M] () -- C:\Users\Desktop\Desktop\Polarity.doc
[2009/10/22 23:15:41 | 00,030,720 | ---- | M] () -- C:\Users\Desktop\Desktop\Geometry.doc
[2009/10/22 23:15:36 | 00,027,136 | ---- | M] () -- C:\Users\Desktop\Desktop\Calorimetry.doc
[2009/10/22 23:15:30 | 00,035,840 | ---- | M] () -- C:\Users\Desktop\Desktop\Thermo.doc
[2009/10/22 23:15:25 | 00,034,304 | ---- | M] () -- C:\Users\Desktop\Desktop\Lewis.doc
[2009/10/22 23:11:28 | 00,000,680 | ---- | M] () -- C:\Users\Desktop\AppData\Local\d3d9caps.dat
[2009/10/22 21:51:09 | 00,001,803 | ---- | M] () -- C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-US5VG.lnk
[2009/10/20 00:00:07 | 00,001,698 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L592D3875AA694C63B4900DCF28BFD983.job
[2009/10/19 22:52:14 | 00,001,684 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L7E41AE94A7394FECBDA9B88F3EFB8F6A.job
[2009/10/19 19:25:12 | 00,017,264 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe
[2009/10/19 19:22:58 | 00,000,164 | ---- | M] () -- C:\Windows\install.dat


----------



## miller330i (Oct 18, 2009)

2009/10/19 19:22:24 | 00,078,088 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Windows\SysWow64\drivers\pwipf6.sys
[2009/10/19 19:22:24 | 00,078,088 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Windows\SysNative\drivers\pwipf6.sys
[2009/10/19 19:05:56 | 00,000,732 | ---- | M] () -- C:\Users\Desktop\AppData\Local\d3d9caps64.dat
[2009/10/19 00:24:55 | 00,000,164 | ---- | M] () -- C:\install.dat
[2009/10/13 16:59:22 | 02,146,304 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2009/10/12 21:16:04 | 00,000,133 | ---- | M] () -- C:\Users\Desktop\AppData\Roaming\default.pls
[2009/10/12 17:13:49 | 00,189,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2009/10/12 17:13:49 | 00,189,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/10/12 11:36:22 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/10/04 22:31:38 | 00,000,412 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2009/10/02 11:40:19 | 26,575,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mrt.exe
[2009/10/01 10:29:14 | 00,238,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MpSigStub.exe

========== Files - No Company Name ==========
[2009/10/25 11:36:42 | 01,088,006 | ---- | C] () -- C:\Users\Desktop\Desktop\MGT Motorsports_com BlendMount Your Valentine One Radar Detector.mht
[2009/10/25 01:10:17 | 04,521,924 | -H-- | C] () -- C:\Users\Desktop\AppData\Local\IconCache.db
[2009/10/22 23:15:45 | 00,038,400 | ---- | C] () -- C:\Users\Desktop\Desktop\Polarity.doc
[2009/10/22 23:15:41 | 00,030,720 | ---- | C] () -- C:\Users\Desktop\Desktop\Geometry.doc
[2009/10/22 23:15:36 | 00,027,136 | ---- | C] () -- C:\Users\Desktop\Desktop\Calorimetry.doc
[2009/10/22 23:15:30 | 00,035,840 | ---- | C] () -- C:\Users\Desktop\Desktop\Thermo.doc
[2009/10/22 23:15:24 | 00,034,304 | ---- | C] () -- C:\Users\Desktop\Desktop\Lewis.doc
[2009/10/22 21:51:09 | 00,001,803 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-US5VG.lnk
[2009/10/21 17:14:19 | 00,015,688 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2009/10/20 23:20:09 | 00,001,840 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistMSI3C6B.txt
[2009/10/20 23:20:04 | 00,012,862 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistUI3C6B.txt
[2009/10/19 20:58:52 | 00,001,698 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L592D3875AA694C63B4900DCF28BFD983.job
[2009/10/19 20:58:51 | 00,001,684 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L7E41AE94A7394FECBDA9B88F3EFB8F6A.job
[2009/10/19 19:25:15 | 00,017,264 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe
[2009/10/19 19:22:57 | 00,000,164 | ---- | C] () -- C:\Windows\install.dat
[2009/10/18 23:23:57 | 00,000,164 | ---- | C] () -- C:\install.dat
[2009/10/18 21:43:33 | 00,000,680 | ---- | C] () -- C:\Users\Desktop\AppData\Local\d3d9caps.dat
[2009/10/12 11:36:22 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/10/01 23:15:42 | 00,231,562 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL90SP1_KB973924MSI6C8A.txt
[2009/10/01 23:15:41 | 00,014,524 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL90SP1_KB973924UI6C8A.txt
[2009/10/01 23:15:11 | 00,557,508 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923MSI6C25.txt
[2009/10/01 23:15:10 | 00,014,540 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923UI6C25.txt
[2009/10/01 23:14:50 | 00,541,238 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923MSI6BD6.txt
[2009/10/01 23:14:46 | 00,014,492 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923UI6BD6.txt
[2009/09/23 12:09:15 | 00,704,282 | ---- | C] () -- C:\Program Files (x86)\unins000.exe
[2009/09/23 12:09:15 | 00,018,052 | ---- | C] () -- C:\Program Files (x86)\unins000.dat
[2009/09/18 12:18:50 | 00,000,612 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/12 14:35:43 | 00,001,377 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2009/08/12 14:35:41 | 00,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2009/08/11 18:59:20 | 00,000,133 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\default.pls
[2009/08/10 09:22:01 | 00,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/08/09 23:15:35 | 00,000,034 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\pcouffin.log
[2009/08/09 23:14:51 | 00,099,384 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\inst.exe
[2009/08/09 23:14:51 | 00,007,859 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\pcouffin.cat
[2009/08/09 23:14:51 | 00,001,167 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\pcouffin.inf
[2009/08/07 19:51:34 | 00,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/08/06 13:06:48 | 00,059,904 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2009/08/06 13:02:40 | 00,286,720 | ---- | C] () -- C:\Windows\SysWow64\libcurl.dll
[2009/08/06 13:02:22 | 00,143,360 | ---- | C] () -- C:\Windows\SysWow64\libexpatw.dll
[2009/08/03 18:57:18 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/08/03 16:03:41 | 00,598,240 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistMSI2007.txt
[2009/08/03 16:03:39 | 00,020,488 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistUI2007.txt
[2009/08/03 15:22:47 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/03 15:22:28 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/03 14:50:59 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009/08/03 14:39:34 | 00,000,327 | ---- | C] () -- C:\Windows\RefreshLock.ini
[2009/08/03 10:30:45 | 00,000,000 | ---- | C] () -- C:\Windows\LCDMedia.INI
[2009/08/02 22:36:17 | 00,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2009/08/02 22:35:19 | 00,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/08/02 22:33:44 | 00,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/08/02 22:28:02 | 00,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/08/02 22:28:02 | 00,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/08/02 22:28:00 | 00,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009/08/02 22:28:00 | 00,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009/08/02 22:19:34 | 00,000,989 | ---- | C] () -- C:\Windows\FF08_not_Spk_Hp.ini
[2009/08/02 22:19:34 | 00,000,928 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2009/08/02 22:19:12 | 00,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/08/02 22:19:11 | 00,127,488 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/08/02 21:03:00 | 00,041,125 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/08/02 21:02:40 | 00,034,721 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/08/02 21:02:40 | 00,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/08/02 21:00:48 | 00,051,960 | ---- | C] () -- C:\Users\Desktop\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/02 21:00:30 | 00,000,732 | ---- | C] () -- C:\Users\Desktop\AppData\Local\d3d9caps64.dat
[2009/06/02 18:11:16 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/05/29 16:52:26 | 00,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 16:47:06 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/04/21 18:26:56 | 00,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/09/12 16:21:02 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2007/09/04 12:56:10 | 00,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/02/05 20:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 08:24:55 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 08:24:55 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 05:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:34:27 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >


----------



## emeraldnzl (Nov 3, 2007)

That looks good to me.

How is your computer now?

If your machine has no problems we will remove the tools we have been using in the next post.


----------



## miller330i (Oct 18, 2009)

Thanks!


----------



## emeraldnzl (Nov 3, 2007)

Hello miller330i,



> cookie issues.


Generally speaking cookies are nothing to worry about. As I said ealier in this thread, you will find that many web sites won't work unless you allow cookies.

If they do worry you and you use Firefox, this is what to do:

Go to *Tools > Options > Privacy* and in the *Cookies* panel beside *Keep until:* change to *I close Firefox*

*Now*

We have a couple of last steps to perform and then you're all set.










Double-click *OTL.exe* to run it. (Vista users, please right click on *OTL.exe* and select "Run as an *Administrator*")
Click on the *CleanUp!* button
A list of tool components used in the Cleanup of malware will be downloaded.
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose *Yes.*

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep. The Win32Diag folder can be deleted.

Next, we need to clean your restore points and set a new one:

*Reset and Re-enable your System Restore in Vista* to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
*1. Turn off System Restore.*
Click on the *Start* button to open your Start Menu.
Click on the *Control Panel* menu option.
Click on the *System and Maintenance* menu option.
Click on the *System* menu option.
Click on *System Protection* in the left-hand task list.
Click on the System Protection tab.
Uncheck the checkboxes next to each hard drive listed under the *Create restore points automatically on the selected disks:* section.

When you uncheck a disk you will be presented with this screen








Click on the *Turn System Protection Off* button.

Press the *Apply* button and then the *OK* button.

*2. Restart your computer.*

*3. Turn ON System Restore.*
Click on the *Start *button to open your Start Menu.
Click on the *Control Panel* menu option.
Click on the *System and Maintenance* menu option.
Click on the *System* menu option.
Click on *System Protection* in the left-hand task list.
Put a checkmark in the checkboxes next to each hard drive listed under the* Create restore points automatically on the selected disks:* section.
Click *Apply*, and then click *OK*.

*System Restore will now be active again.*

-------------------------------------------------------------------------------------------------------------------

*A reminder:* Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

*Now that your machine is clean here are some things that I think are worth having a look at if you don't already know a bout them:*

---------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

Download from here *Java Runtime Environment (JDK) Update * 
Scroll to where it says *"Windows XP/Vista/2000/2003/2008 online" * and download and follow the instructions to install.

Reboot your computer. 
You also need to uininstall older versions of Java.

 Click *Start* > *Control Panel* > *Programs*
 Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program:
*ATF Cleaner* 
--------------------------------------------------------------------------------------------------------------------

*Make Internet Explorer more secure*

Click *Start* > *Run*
Type *Inetcpl.cpl* & click *OK*
Click on the *Security* tab
Click *Reset all zones to default level*
Make sure the *Internet Zone* is selected & Click *Custom level*
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click *OK*, then *Apply* button and then *OK* to exit the Internet Properties page.
*** *MVPS Hosts file* replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

*** Consider using an alternate browser. Mozilla's Firefox browser is excellant; it is more secure than Internet Explorer. Firefox is my default browser but I retain Internet Explorer as well so that I can access the very few sites that require it.

Firefox may be downloaded from *Here*

NoScripts is a good Add-on for Firefox that prevents execution of malicious scripts.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:



If your Microsoft Update is not working automatically. Keep your operating system up to date by visiting

*Microsoft Windows Update*

monthly.

And to keep your system clean run these free malware scanners

*AdAware SE Personal*

*Spybot Search & Destroy*

*SuperAntiSpyWare*

weekly, and be aware of what emails you open and websites you visit.

An antivirus program is essential.

Here are a couple of to choose from (these are also free for personal use):
*Avast*
*AVIRA* _Note: AVIRA free comes with adware that promotes their paid for version each time it updates._
I like Avira but some people find the pop up advertisements each time it updates a bit trying.

A firewall is essential to help prevent hackers from infiltrating your computer.

Here are two good firewalls free for personal use:


*OnLine-Armour*
*PC Tools Firewall Plus*
*Note*: Do not use more than one anti-virus or firewall. Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

Go here for some good advice about how to prevent infection.

Have a safe and happy computing day!


----------



## miller330i (Oct 18, 2009)

Thank you! I started to do what you recommended, but cannot run OTL.


----------



## emeraldnzl (Nov 3, 2007)

Might be your anti-malware getting in the way.

Make sure they are disabled and try again, if that doesn't work try this one:


Double-click *OTL.exe* to run it. (Vista users, please right click on *OTL.exe* and select "Run as an *Administrator*")
Click on the *CleanUp!* button
A list of tool components used in the Cleanup of malware will be downloaded.
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose *Yes.*


----------



## miller330i (Oct 18, 2009)

Please give me a download link for OTL. I still cannot find it. Maybe it uninstalled itself? Thanks! Jeffrey


----------



## emeraldnzl (Nov 3, 2007)

Hello Jeffrey,



> Please give me a download link for OTL. I still cannot find it. Maybe it uninstalled itself? Thanks! Jeffrey


Hmm...let's try this one.

Please go *here* to download OTC.

Run this program to remove the tools we have been using.

You will be asked to reboot the machine to finish the Cleanup process choose *Yes.*


----------



## miller330i (Oct 18, 2009)

Going to be doing a new install of Win 7 Pro. Wiping the drive, what apps should I have, and what proceedure should I take? I am currently backing up my info. Thanks! Jeffrey


----------



## emeraldnzl (Nov 3, 2007)

> Going to be doing a new install of Win 7 Pro.


I have only heard good things about Windows 7. Good move I think.

Best of luck.

emeraldnzl.


----------



## miller330i (Oct 18, 2009)

What programs/apps would you install and keep with Win 7? Thanks! Jeffrey


----------



## emeraldnzl (Nov 3, 2007)

Sorry, can't help you there.

I am planning on getting Windows 7 soon and will then be trying out things for myself but until I do just working on what anti-malware tools will work with it.

You could ask in the Windows 7 Operating System forum here. 

Alternatively here is a link to microsoft's forum on Windows 7 that might be helpful:

http://social.answers.microsoft.com/Forums/en-US/category/windows7


----------



## miller330i (Oct 18, 2009)

God bless you all who helped! Jeffrey


----------



## emeraldnzl (Nov 3, 2007)

You are very welcome.


----------

