Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

vmain.class ___vload.class trojans slowing internet


  • This topic is locked This topic is locked
14 replies to this topic

#1 yaboy7

yaboy7

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 07 July 2010 - 06:38 PM

Recently, I have noticed that my internet speed went super slow then the next day my symantec endpoint found a bunch of Trojans such as, 19 vmain.class threats, 6 _____vload.class threats, 1 GoogleCode.class, and 1 Google.Uploader.class. All of these files were located in a folder of my Spyware Doctor. Also, it did not affect my computer speed at all just the internet. My internet should be up to 768kbs to 1mb and its running at 250kbs as of now and will not go any faster. One problem was I could not use the ComboFix since I have Windows Vista 64-bit and also did not run OTL.exe. Also my computer got infected back in 5/17/2010 from a Rogue Antivirus so I marked the quarantine files in RED. But other than that I did the following steps in regular mode because I was not sure if it mattered to it in Safe Mode.

Also under my processes that are running, is a process known as csrss.exe and the description is blank and i looked it up and its supposedly known as Trojan.Webus but nothing is picking it up and also when I go to end the process I get the access denied screen. I'm not 100% sure if its infected

HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:21:26 PM, on 7/5/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Users\DJ\AppData\Local\TVersity\Media Server\MediaServer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Registry Mechanic\RegMech.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\DJ\Apps\iexplore.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3102285875-513200047-3782347557-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-3102285875-513200047-3782347557-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-3102285875-513200047-3782347557-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Mcx1')
O4 - HKUS\S-1-5-21-3102285875-513200047-3782347557-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Mcx2')
O4 - S-1-5-21-3102285875-513200047-3782347557-1005 User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Mcx1')
O4 - S-1-5-21-3102285875-513200047-3782347557-1006 User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Mcx2')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/as...abs/tgctlcm.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Users\DJ\AppData\Local\TVersity\Media Server\MediaServer.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13783 bytes



STEP 1. Used ATF cleaner and CCleaner.

STEP 2. Used the CCleaner to clean the registry and also used Registry Mechanic.

STEP 3. Used Malwarebytes Anit-Malware
LOG: Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4272

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/3/2010 4:04:18 PM
mbam-log-2010-07-03 (16-04-18).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 306384
Time elapsed: 1 hour(s), 39 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Zugo (Adware.Zugo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Quarantine Files from 5/17/2010 Trojan.Agent, Rogue.AntivirusSuite and Rogue.AntivirusSuite.Gen

STEP 4. Used SUPERAntiSpyware
LOG: SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/03/2010 at 05:37 PM

Application Version : 4.40.1002

Core Rules Database Version : 5153
Trace Rules Database Version: 2965

Scan type : Complete Scan
Total Scan Time : 01:24:48

Memory items scanned : 586
Memory threats detected : 0
Registry items scanned : 14868
Registry threats detected : 0
File items scanned : 40976
File threats detected : 1

Adware.Tracking Cookie.doubleclick.net [ C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\cookies.sqlite ]


STEP 5. Used Spyware Doctor
NO LOG: but I do have Quarantine files in there from a 5/17/2010 when my computer got infected and its 6 Trojan.Generic and
each file is from Java Sun folder.

STEP 6. Kaspersky Online Scanner
LOG: --------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, July 4, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, July 03, 2010 20:02:32
Records in database: 4253574
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 150072
Threats found: 12
Infected objects found: 31
Suspicious objects found: 0
Scan duration: 05:03:32


File name / Threat / Threats count
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5b43c10a-712efe0f Infected: Exploit.Java.Agent.ar 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5b43c10a-712efe0f Infected: Exploit.Java.Agent.as 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-42a2b660 Infected: Exploit.Java.Agent.f 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\1a25d2cf-616d901b Infected: Exploit.Java.Agent.f 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\29d9bb55-50e85f19 Infected: Trojan-Downloader.Java.Agent.fe 3
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\10dec256-78a309ae Infected: Trojan-Downloader.Java.Agent.fe 3
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\27c3f96-73f0e1ef Infected: Exploit.Java.Agent.ar 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\27c3f96-73f0e1ef Infected: Exploit.Java.Agent.as 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\2c3b3a57-774dd583 Infected: Exploit.Java.Agent.f 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-7346b295 Infected: Exploit.Java.Agent.f 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6aed6d62-470fc9f1 Infected: Exploit.Java.Agent.f 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\7cde92e5-16e1adc2 Infected: Trojan.Java.Agent.y 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\7cde92e5-16e1adc2 Infected: Exploit.Java.Agent.j 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\7cde92e5-16e1adc2 Infected: Exploit.Java.Agent.k 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-63edc372 Infected: Trojan-Downloader.Java.Agent.fe 3
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5473416c-75bd3303 Infected: Exploit.Java.Agent.f 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\e649f74-54568f0b Infected: Exploit.Java.Agent.f 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-12ef9cac Infected: Exploit.Java.Agent.ar 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-12ef9cac Infected: Exploit.Java.Agent.as 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\3900a9c6-5e029288 Infected: Trojan-Downloader.Java.Agent.eg 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\3900a9c6-5e029288 Infected: Trojan-Downloader.Java.Agent.fb 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\3900a9c6-5e029288 Infected: Trojan-Downloader.Java.Agent.el 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\5b3d5486-32307015 Infected: Exploit.Java.Agent.f 1
C:\Users\DJ\Apps\DKP_10_3264.rar Infected: Packed.Win32.Black.a 1
C:\Users\DJ\Apps\DKP_10_3264.rar Infected: not-a-virus:Monitor.Win32.KeyLogger.xh 1

Selected area has been scanned.

STEP 7. ESet Online Scanner
LOG: ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=371c0d3e2a9a9b4eab70bcef04290605
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-07-04 10:13:48
# local_time=2010-07-04 03:13:48 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776638 100 56 22324361 114820923 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=152936
# found=16
# cleaned=16
# scan_time=16213
C:\Program Files\Shark007\Tools\settings64.exe Win32/Packed.Autoit.Gen application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-42a2b660 a variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\1a25d2cf-616d901b multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\4c3fce10-6d931c1f Java/TrojanDownloader.Agent.NAQ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\2c3b3a57-774dd583 Java/TrojanDownloader.Agent.NAP trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-7346b295 a variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6aed6d62-470fc9f1 a variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\7cde92e5-16e1adc2 a variant of Java/Exploit.Agent.NAC trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\23ea3369-76da805a multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7fe5a66b-414c39de a variant of Java/Exploit.Agent.NAC trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5473416c-75bd3303 a variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\e649f74-54568f0b a variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\3900a9c6-5e029288 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\5b3d5486-32307015 a variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\Apps\DKP_10_3264.rar probably a variant of Win32/Obfuscated trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\Apps\NERO 9.0.9.4\Nero-9.0.9.4b_trial.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

Can Someone plz help me out because I want to get rid of this for good and get my internet back up to its proper speed.

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 11 July 2010 - 06:06 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.



In your reply, please post both OTL logs.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 yaboy7

yaboy7
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 13 July 2010 - 04:17 AM

Thanks etavares for replying. The only problem I have been incurring is my internet speed is still slow. I am not 100% sure if it was because my computer got infected, because other computers in the house are slow also. But since the day my internet speed slowed down, the next day all these infections popped up, so that is what's making me believe it's because of the infections. But here are the logs.

OTL Log:
OTL logfile created on: 7/13/2010 1:30:53 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\DJ\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 41.08 Gb Free Space | 14.49% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.80 Gb Free Space | 53.24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJ-PC
Current User Name: DJ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/13 01:29:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\DJ\Desktop\OTL.exe
PRC - [2010/07/02 17:33:10 | 002,347,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/06/28 17:43:30 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/28 17:43:29 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/15 09:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 09:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
PRC - [2010/03/09 06:40:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
PRC - [2010/02/25 14:11:04 | 000,856,064 | ---- | M] () -- C:\Users\DJ\AppData\Local\TVersity\Media Server\MediaServer.exe
PRC - [2010/01/22 07:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/05/19 09:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/24 12:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/05/23 12:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/04/04 18:03:18 | 000,050,616 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2008/04/04 18:01:20 | 002,234,296 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/02/01 00:25:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/02/01 00:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (SafeList) ==========

MOD - [2010/07/13 01:29:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\DJ\Desktop\OTL.exe
MOD - [2010/02/26 05:16:18 | 000,213,912 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\smum32.dll
MOD - [2009/10/30 08:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\PCTGMhk.dll
MOD - [2008/01/20 19:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 10:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/04/17 12:17:50 | 001,995,544 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV:64bit: - [2009/03/30 15:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/03/19 09:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/19 09:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/21 11:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 09:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 09:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/25 14:11:04 | 000,856,064 | ---- | M] () [Auto | Running] -- C:\Users\DJ\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/01/22 07:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/10/09 15:39:41 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/19 09:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/24 12:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/08/01 08:31:11 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/08/01 08:31:01 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/04/04 18:01:20 | 002,234,296 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/04/04 18:00:10 | 004,374,912 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/04/04 01:45:38 | 000,352,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2008/02/01 00:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/02/01 00:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/04/21 18:18:46 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/16 06:33:36 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/30 18:58:04 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/29 08:06:06 | 000,233,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/02/17 11:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 11:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/12 16:01:06 | 000,220,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpsHelper.sys -- (WpsHelper)
DRV:64bit: - [2009/11/17 18:34:48 | 000,172,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/10/09 16:07:11 | 000,867,064 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 15:03:00 | 000,313,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2009/04/10 22:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/19 09:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/03/12 09:47:46 | 000,172,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/03/06 05:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2008/12/21 11:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/12/16 10:22:04 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/11/25 08:08:48 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/11/25 07:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/10/07 10:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/09/15 10:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/09/15 10:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/09/15 10:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/04/04 18:01:42 | 000,051,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wpsdrvnt.sys -- (WPS)
DRV:64bit: - [2008/03/21 18:14:26 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS -- (SRTSPL)
DRV:64bit: - [2008/03/21 18:14:26 | 000,440,880 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2008/03/21 18:14:26 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2008/03/12 14:19:48 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\teefer2.sys -- (Teefer2)
DRV:64bit: - [2008/01/20 19:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2006/11/02 00:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/09/18 14:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/07/09 01:00:00 | 001,773,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100709.024\EX64.SYS -- (NAVEX15)
DRV - [2010/07/09 01:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/07/09 01:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100709.024\ENG64.SYS -- (NAVENG)
DRV - [2010/06/26 01:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/03/21 18:14:26 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2008/03/21 18:14:26 | 000,440,880 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2008/03/21 18:14:26 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3102285875-513200047-3782347557-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-3102285875-513200047-3782347557-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-3102285875-513200047-3782347557-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-3102285875-513200047-3782347557-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3102285875-513200047-3782347557-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3102285875-513200047-3782347557-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3102285875-513200047-3782347557-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:0.9.9.5
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.12s
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.1.7
FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/28 17:43:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/07 13:37:26 | 000,000,000 | ---D | M]

[2009/09/06 23:56:53 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Mozilla\Extensions
[2009/09/06 23:56:53 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/12 22:48:01 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\extensions
[2010/04/28 07:18:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/01 13:32:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/01 13:04:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/09 21:41:44 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/08 16:00:43 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\extensions\cfxHelper@Triton
[2010/06/12 13:07:14 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\extensions\info@djzig.com
[2010/07/10 10:34:10 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\extensions\redshift_V2@shift-themes.com
[2010/06/20 13:04:11 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\extensions\SkipScreen@SkipScreen
[2010/06/12 13:06:59 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\extensions\smarterwiki@wikiatic.com
[2009/09/11 06:21:41 | 000,001,154 | ---- | M] () -- C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\searchplugins\bing.xml
[2010/07/09 13:28:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/02/08 14:08:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/03 10:57:04 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3102285875-513200047-3782347557-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3102285875-513200047-3782347557-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3102285875-513200047-3782347557-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Mcx1.DJ-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Mcx1.DJ-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Mcx2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlcm.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\DJ\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\DJ\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{693f3b59-a0ce-11de-b7b3-0026b9007909}\Shell - "" = AutoRun
O33 - MountPoints2\{693f3b59-a0ce-11de-b7b3-0026b9007909}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b95e6c71-2fe8-11df-85ce-0026b9007909}\Shell - "" = AutoRun
O33 - MountPoints2\{b95e6c71-2fe8-11df-85ce-0026b9007909}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e43c709a-45c4-11df-ba8a-0026b9007909}\Shell - "" = AutoRun
O33 - MountPoints2\{e43c709a-45c4-11df-ba8a-0026b9007909}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


MsConfig:64bit - StartUpFolder: C:^Users^DJ^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk - C:\Users\DJ\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: CollaborationHost - hkey= - key= - C:\Windows\SysNative\p2phost.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: QuickSet - hkey= - key= - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RegistryMechanic - hkey= - key= - C:\Program Files (x86)\Registry Mechanic\RMTray.exe (PC Tools)
MsConfig:64bit - StartUpReg: Search Protection - hkey= - key= - C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
MsConfig:64bit - StartUpReg: SightSpeed - hkey= - key= - C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe File not found
MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
MsConfig:64bit - StartUpReg: YSearchProtection - hkey= - key= - C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/07/13 01:28:09 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\DJ\Desktop\OTL.exe
[2010/07/12 00:52:44 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\IObit
[2010/07/12 00:52:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2010/07/11 13:16:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/10 12:26:10 | 000,000,000 | ---D | C] -- C:\Intel
[2010/07/10 12:25:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2010/07/10 12:19:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2010/07/10 12:18:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2010/07/09 14:03:06 | 000,468,480 | ---- | C] (Oracle) -- C:\Windows\SysNative\deployJava1.dll
[2010/07/09 14:03:06 | 000,183,296 | ---- | C] (Oracle) -- C:\Windows\SysNative\javaws.exe
[2010/07/09 14:03:06 | 000,165,888 | ---- | C] (Oracle) -- C:\Windows\SysNative\javaw.exe
[2010/07/09 14:03:06 | 000,165,888 | ---- | C] (Oracle) -- C:\Windows\SysNative\java.exe
[2010/07/09 14:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/07/09 14:00:27 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/03 22:14:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/07/03 13:12:33 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\SUPERAntiSpyware.com
[2010/07/03 13:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/07/03 13:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/07/03 13:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/03 10:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/03 10:33:33 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\Threat Expert
[2010/06/25 15:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/25 15:19:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/06/25 15:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/25 15:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/25 15:11:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/05/22 20:16:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/05/17 19:00:56 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/05/17 18:50:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/05/17 11:32:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/05/17 11:29:00 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/05/17 11:29:00 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/05/17 11:29:00 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/05/17 11:27:22 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010/05/17 11:27:22 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010/05/17 11:27:16 | 000,233,488 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010/05/17 11:27:08 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010/05/17 11:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010/05/17 11:26:59 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\PC Tools
[2010/05/17 11:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/05/17 11:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/05/17 01:47:53 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Malwarebytes
[2010/05/17 01:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/17 01:47:45 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/05/17 01:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/17 00:35:34 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\fmaxpwvqi
[2010/05/09 09:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/05/09 09:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/05/05 12:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/05/05 12:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/04/26 15:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
[2010/04/21 17:38:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll

========== Files - Modified Within 90 Days ==========

[2010/07/13 01:39:59 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2ED4103D-6B74-4FBA-8842-FE175E3D99BC}.job
[2010/07/13 01:30:23 | 002,359,296 | -HS- | M] () -- C:\Users\DJ\NTUSER.DAT
[2010/07/13 01:29:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\DJ\Desktop\OTL.exe
[2010/07/13 00:11:09 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/07/13 00:09:06 | 000,002,435 | ---- | M] () -- C:\Windows\SysWow64\tversity.cookies
[2010/07/13 00:08:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/13 00:08:37 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/13 00:08:37 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/13 00:08:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/13 00:08:16 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/10 18:32:49 | 000,524,288 | -HS- | M] () -- C:\Users\DJ\NTUSER.DAT{802cac7a-7d6b-11df-b205-0026b9007909}.TMContainer00000000000000000001.regtrans-ms
[2010/07/10 18:32:49 | 000,065,536 | -HS- | M] () -- C:\Users\DJ\NTUSER.DAT{802cac7a-7d6b-11df-b205-0026b9007909}.TM.blf
[2010/07/10 13:35:26 | 000,170,818 | ---- | M] () -- C:\Users\DJ\Desktop\Flawless2Towel.jpg
[2010/07/09 14:02:44 | 000,183,296 | ---- | M] (Oracle) -- C:\Windows\SysNative\javaws.exe
[2010/07/09 14:02:44 | 000,165,888 | ---- | M] (Oracle) -- C:\Windows\SysNative\javaw.exe
[2010/07/09 14:02:44 | 000,165,888 | ---- | M] (Oracle) -- C:\Windows\SysNative\java.exe
[2010/07/09 14:02:43 | 000,468,480 | ---- | M] (Oracle) -- C:\Windows\SysNative\deployJava1.dll
[2010/07/05 12:45:42 | 000,107,008 | ---- | M] () -- C:\Users\DJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/04 01:00:27 | 000,008,379 | ---- | M] () -- C:\Users\DJ\VideoConverterPortable\Documents\kaspersky.html
[2010/07/03 01:04:02 | 000,009,534 | ---- | M] () -- C:\Users\DJ\VideoConverterPortable\Documents\cc_20100703_010356.reg
[2010/06/28 03:14:06 | 000,715,936 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/28 03:14:06 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/28 03:14:06 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/28 00:42:41 | 000,008,084 | ---- | M] () -- C:\Users\DJ\VideoConverterPortable\Documents\Audio_062710_234516.roxio
[2010/06/24 01:04:40 | 000,524,288 | -HS- | M] () -- C:\Users\DJ\NTUSER.DAT{802cac7a-7d6b-11df-b205-0026b9007909}.TMContainer00000000000000000002.regtrans-ms
[2010/06/11 16:42:44 | 000,524,288 | -HS- | M] () -- C:\Users\DJ\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/06/11 16:42:44 | 000,065,536 | -HS- | M] () -- C:\Users\DJ\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/06/11 16:40:10 | 000,332,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/17 01:55:25 | 000,000,050 | ---- | M] () -- C:\Windows\MegaManager.INI
[2010/05/09 08:24:47 | 000,000,000 | -H-- | M] () -- C:\Users\DJ\VideoConverterPortable\Documents\Default.rdp
[2010/05/06 09:33:03 | 000,004,150 | ---- | M] () -- C:\Users\DJ\VideoConverterPortable\Documents\cc_20100506_113259.reg
[2010/04/30 09:05:04 | 000,056,320 | ---- | M] () -- C:\Users\DJ\VideoConverterPortable\Documents\finish mp.doc
[2010/04/30 08:24:04 | 000,026,722 | ---- | M] () -- C:\Users\DJ\VideoConverterPortable\Documents\marketing proposal finish.docx
[2010/04/30 00:25:21 | 000,047,616 | ---- | M] () -- C:\Users\DJ\VideoConverterPortable\Documents\marketing proposal.doc
[2010/04/29 13:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 13:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/29 13:05:09 | 000,049,664 | ---- | M] () -- C:\Users\DJ\VideoConverterPortable\Documents\marketing chipoltle.doc
[2010/04/27 11:57:04 | 000,033,280 | ---- | M] () -- C:\Users\DJ\VideoConverterPortable\Documents\EQUIPMENT LIST.doc
[2010/04/27 11:56:56 | 000,041,984 | ---- | M] () -- C:\Users\DJ\VideoConverterPortable\Documents\marketing plan.doc
[2010/04/26 15:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
[2010/04/26 09:13:07 | 000,032,256 | ---- | M] () -- C:\Users\DJ\VideoConverterPortable\Documents\advertising.doc
[2010/04/26 00:07:15 | 000,025,088 | ---- | M] () -- C:\Users\DJ\VideoConverterPortable\Documents\current event 2.doc
[2010/04/21 18:44:44 | 000,005,368 | ---- | M] () -- C:\Windows\SysNative\iglhxs64.vp
[2010/04/21 18:35:32 | 000,152,600 | ---- | M] () -- C:\Windows\SysNative\difx64.exe
[2010/04/21 18:14:56 | 000,439,308 | ---- | M] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/04/21 18:14:56 | 000,439,308 | ---- | M] () -- C:\Windows\SysNative\igcompkrng500.bin
[2010/04/21 18:14:54 | 000,982,240 | ---- | M] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/04/21 18:14:54 | 000,982,240 | ---- | M] () -- C:\Windows\SysNative\igkrng500.bin
[2010/04/21 18:14:54 | 000,092,356 | ---- | M] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/04/21 18:14:54 | 000,092,356 | ---- | M] () -- C:\Windows\SysNative\igfcg500m.bin
[2010/04/21 17:41:12 | 000,103,868 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2010/04/21 17:41:12 | 000,102,707 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2010/04/21 17:41:10 | 000,121,000 | ---- | M] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2010/04/21 17:41:08 | 000,189,369 | ---- | M] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2010/04/21 17:41:08 | 000,119,176 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2010/04/21 17:41:06 | 000,114,189 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2010/04/21 17:41:04 | 000,165,209 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2010/04/21 17:41:04 | 000,117,884 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2010/04/21 17:41:02 | 000,118,893 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2010/04/21 17:41:00 | 000,120,195 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2010/04/21 17:41:00 | 000,118,244 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2010/04/21 17:40:58 | 000,119,416 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2010/04/21 17:40:56 | 000,123,063 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2010/04/21 17:40:56 | 000,114,668 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2010/04/21 17:40:54 | 000,136,237 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2010/04/21 17:40:52 | 000,125,382 | ---- | M] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2010/04/21 17:40:52 | 000,119,433 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2010/04/21 17:40:50 | 000,133,575 | ---- | M] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2010/04/21 17:40:48 | 000,120,616 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2010/04/21 17:40:48 | 000,118,512 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2010/04/21 17:40:46 | 000,122,758 | ---- | M] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2010/04/21 17:40:44 | 000,178,235 | ---- | M] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2010/04/21 17:40:44 | 000,122,535 | ---- | M] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2010/04/21 17:40:42 | 000,118,589 | ---- | M] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2010/04/21 17:40:42 | 000,114,077 | ---- | M] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2010/04/21 17:40:40 | 000,139,736 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2010/04/21 17:40:26 | 000,110,040 | ---- | M] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2010/04/21 17:38:34 | 000,004,096 | ---- | M] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2010/04/21 17:29:46 | 000,000,151 | ---- | M] () -- C:\Windows\SysNative\GfxUI.exe.config
[2010/04/21 17:22:52 | 000,205,824 | ---- | M] () -- C:\Windows\SysNative\iglhsip64.dll
[2010/04/21 17:22:52 | 000,187,392 | ---- | M] () -- C:\Windows\SysNative\iglhcp64.dll
[2010/04/21 17:22:52 | 000,060,254 | ---- | M] () -- C:\Windows\SysNative\iglhxg64.vp
[2010/04/21 17:22:52 | 000,001,090 | ---- | M] () -- C:\Windows\SysNative\iglhxa64.vp
[2010/04/21 17:22:50 | 001,991,936 | ---- | M] () -- C:\Windows\SysNative\iglhxa64.cpa
[2010/04/21 17:22:50 | 000,208,896 | ---- | M] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/04/21 17:22:50 | 000,143,360 | ---- | M] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/04/21 17:22:50 | 000,060,226 | ---- | M] () -- C:\Windows\SysNative\iglhxc64.vp
[2010/04/21 17:22:50 | 000,060,015 | ---- | M] () -- C:\Windows\SysNative\iglhxo64.vp
[2010/04/19 11:02:44 | 000,459,296 | ---- | M] () -- C:\Users\DJ\VideoConverterPortable\Documents\sample-view.aspx.htm
[2010/04/19 07:09:35 | 000,042,496 | ---- | M] () -- C:\Users\DJ\VideoConverterPortable\Documents\presidency.doc
[2010/04/15 15:15:52 | 000,051,200 | ---- | M] () -- C:\Users\DJ\VideoConverterPortable\Documents\Communicating_Notes.doc
[2010/04/15 15:15:43 | 000,057,344 | ---- | M] () -- C:\Users\DJ\VideoConverterPortable\Documents\Organizational_Structure_Notes.doc

========== Files Created - No Company Name ==========

[2010/07/12 00:53:06 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2010/07/10 18:30:03 | 4251,828,224 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/10 13:35:24 | 000,170,818 | ---- | C] () -- C:\Users\DJ\Desktop\Flawless2Towel.jpg
[2010/07/10 12:14:19 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2010/07/10 12:14:19 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2010/07/10 12:14:19 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2010/07/10 12:14:19 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2010/07/10 12:14:19 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2010/07/10 12:14:19 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2010/07/04 01:00:27 | 000,008,379 | ---- | C] () -- C:\Users\DJ\VideoConverterPortable\Documents\kaspersky.html
[2010/07/03 01:03:59 | 000,009,534 | ---- | C] () -- C:\Users\DJ\VideoConverterPortable\Documents\cc_20100703_010356.reg
[2010/06/28 00:42:41 | 000,008,084 | ---- | C] () -- C:\Users\DJ\VideoConverterPortable\Documents\Audio_062710_234516.roxio
[2010/06/21 12:32:27 | 000,524,288 | -HS- | C] () -- C:\Users\DJ\NTUSER.DAT{802cac7a-7d6b-11df-b205-0026b9007909}.TMContainer00000000000000000002.regtrans-ms
[2010/06/21 12:32:27 | 000,524,288 | -HS- | C] () -- C:\Users\DJ\NTUSER.DAT{802cac7a-7d6b-11df-b205-0026b9007909}.TMContainer00000000000000000001.regtrans-ms
[2010/06/21 12:32:27 | 000,065,536 | -HS- | C] () -- C:\Users\DJ\NTUSER.DAT{802cac7a-7d6b-11df-b205-0026b9007909}.TM.blf
[2010/05/17 11:29:00 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/05/17 11:29:00 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/05/17 11:29:00 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/05/17 11:29:00 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/05/17 11:29:00 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/05/17 11:27:22 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010/05/17 11:27:16 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010/05/17 11:27:08 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010/05/17 11:27:02 | 000,001,820 | ---- | C] () -- C:\Users\DJ\AppData\Local\dd_vcredistMSI6471.txt
[2010/05/17 11:27:00 | 000,010,606 | ---- | C] () -- C:\Users\DJ\AppData\Local\dd_vcredistUI6474.txt
[2010/05/17 11:26:59 | 000,011,408 | ---- | C] () -- C:\Users\DJ\AppData\Local\dd_vcredistUI6471.txt
[2010/05/17 02:55:34 | 000,001,808 | ---- | C] () -- C:\Users\DJ\AppData\Local\dd_vcredistMSI5CFE.txt
[2010/05/17 02:55:33 | 000,014,962 | ---- | C] () -- C:\Users\DJ\AppData\Local\dd_vcredistUI5D01.txt
[2010/05/17 02:55:32 | 000,015,764 | ---- | C] () -- C:\Users\DJ\AppData\Local\dd_vcredistUI5CFE.txt
[2010/05/17 01:33:45 | 000,012,602 | ---- | C] () -- C:\Users\DJ\AppData\Local\dd_vcredistUI1E66.txt
[2010/05/17 01:33:45 | 000,001,840 | ---- | C] () -- C:\Users\DJ\AppData\Local\dd_vcredistMSI1E63.txt
[2010/05/17 01:33:44 | 000,013,516 | ---- | C] () -- C:\Users\DJ\AppData\Local\dd_vcredistUI1E63.txt
[2010/05/09 08:24:47 | 000,000,000 | -H-- | C] () -- C:\Users\DJ\VideoConverterPortable\Documents\Default.rdp
[2010/05/06 09:33:01 | 000,004,150 | ---- | C] () -- C:\Users\DJ\VideoConverterPortable\Documents\cc_20100506_113259.reg
[2010/04/30 09:05:03 | 000,056,320 | ---- | C] () -- C:\Users\DJ\VideoConverterPortable\Documents\finish mp.doc
[2010/04/30 08:24:03 | 000,026,722 | ---- | C] () -- C:\Users\DJ\VideoConverterPortable\Documents\marketing proposal finish.docx
[2010/04/29 13:05:09 | 000,049,664 | ---- | C] () -- C:\Users\DJ\VideoConverterPortable\Documents\marketing chipoltle.doc
[2010/04/29 13:01:50 | 000,047,616 | ---- | C] () -- C:\Users\DJ\VideoConverterPortable\Documents\marketing proposal.doc
[2010/04/27 11:57:04 | 000,033,280 | ---- | C] () -- C:\Users\DJ\VideoConverterPortable\Documents\EQUIPMENT LIST.doc
[2010/04/27 11:56:56 | 000,041,984 | ---- | C] () -- C:\Users\DJ\VideoConverterPortable\Documents\marketing plan.doc
[2010/04/26 00:07:15 | 000,025,088 | ---- | C] () -- C:\Users\DJ\VideoConverterPortable\Documents\current event 2.doc
[2010/04/21 18:44:44 | 000,005,368 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2010/04/21 18:35:32 | 000,152,600 | ---- | C] () -- C:\Windows\SysNative\difx64.exe
[2010/04/21 18:14:56 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/04/21 18:14:56 | 000,439,308 | ---- | C] () -- C:\Windows\SysNative\igcompkrng500.bin
[2010/04/21 18:14:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/04/21 18:14:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysNative\igkrng500.bin
[2010/04/21 18:14:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/04/21 18:14:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysNative\igfcg500m.bin
[2010/04/21 17:41:12 | 000,103,868 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2010/04/21 17:41:12 | 000,102,707 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2010/04/21 17:41:10 | 000,121,000 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2010/04/21 17:41:08 | 000,189,369 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2010/04/21 17:41:08 | 000,119,176 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2010/04/21 17:41:06 | 000,114,189 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2010/04/21 17:41:04 | 000,165,209 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2010/04/21 17:41:04 | 000,117,884 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2010/04/21 17:41:02 | 000,118,893 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2010/04/21 17:41:00 | 000,120,195 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2010/04/21 17:41:00 | 000,118,244 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2010/04/21 17:40:58 | 000,119,416 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2010/04/21 17:40:56 | 000,123,063 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2010/04/21 17:40:56 | 000,114,668 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2010/04/21 17:40:54 | 000,136,237 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2010/04/21 17:40:52 | 000,125,382 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2010/04/21 17:40:52 | 000,119,433 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2010/04/21 17:40:50 | 000,133,575 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2010/04/21 17:40:48 | 000,120,616 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2010/04/21 17:40:48 | 000,118,512 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2010/04/21 17:40:46 | 000,122,758 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2010/04/21 17:40:44 | 000,178,235 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2010/04/21 17:40:44 | 000,122,535 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2010/04/21 17:40:42 | 000,118,589 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2010/04/21 17:40:42 | 000,114,077 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2010/04/21 17:40:40 | 000,139,736 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2010/04/21 17:40:26 | 000,110,040 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2010/04/21 17:29:46 | 000,000,151 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2010/04/21 17:22:52 | 000,205,824 | ---- | C] () -- C:\Windows\SysNative\iglhsip64.dll
[2010/04/21 17:22:52 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\iglhcp64.dll
[2010/04/21 17:22:52 | 000,060,254 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2010/04/21 17:22:52 | 000,001,090 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2010/04/21 17:22:50 | 001,991,936 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2010/04/21 17:22:50 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/04/21 17:22:50 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/04/21 17:22:50 | 000,060,226 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2010/04/21 17:22:50 | 000,060,015 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2010/04/19 11:02:43 | 000,459,296 | ---- | C] () -- C:\Users\DJ\VideoConverterPortable\Documents\sample-view.aspx.htm
[2010/04/15 22:59:56 | 000,032,256 | ---- | C] () -- C:\Users\DJ\VideoConverterPortable\Documents\advertising.doc
[2010/04/15 15:15:52 | 000,051,200 | ---- | C] () -- C:\Users\DJ\VideoConverterPortable\Documents\Communicating_Notes.doc
[2010/04/15 15:15:42 | 000,057,344 | ---- | C] () -- C:\Users\DJ\VideoConverterPortable\Documents\Organizational_Structure_Notes.doc
[2009/12/19 03:02:35 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2009/12/03 09:25:17 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 09:23:41 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/02 14:48:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2010/07/12 23:44:31 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\IObit
[2010/06/24 00:41:46 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\LimeWire
[2010/03/31 16:02:21 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\PeerNetworking
[2009/11/07 21:52:33 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\SharePod
[2009/09/22 18:48:12 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Template
[2010/07/13 00:11:09 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/07/10 15:10:59 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/07/13 01:39:59 | 000,000,412 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2ED4103D-6B74-4FBA-8842-FE175E3D99BC}.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.* >
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/02/04 20:51:14 | 000,546,872 | ---- | M] (Microsoft Corporation) -- C:\bootmgr.efi
[2009/08/15 15:32:31 | 000,003,657 | RH-- | M] () -- C:\dell.sdr
[2010/07/13 00:08:16 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/01 21:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2009/09/23 22:14:07 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/09/23 22:14:07 | 000,005,120 | -H-- | M] () -- C:\ntuser.dat.LOG1
[2009/09/23 22:14:07 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG2
[2009/09/23 22:14:08 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{40e88463-a4c6-11de-8175-0026b9007909}.TM.blf
[2009/09/23 22:14:08 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{40e88463-a4c6-11de-8175-0026b9007909}.TMContainer00000000000000000001.regtrans-ms
[2009/09/23 22:14:08 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{40e88463-a4c6-11de-8175-0026b9007909}.TMContainer00000000000000000002.regtrans-ms
[2010/07/13 00:08:13 | 270,475,263 | -HS- | M] () -- C:\pagefile.sys
[2010/07/10 15:19:13 | 000,000,351 | ---- | M] () -- C:\rkill.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2008/01/20 19:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 19:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 19:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/24 20:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2009/04/11 00:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009/04/24 20:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 19:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 19:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 00:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 19:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 19:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 19:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 19:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 00:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< MD5 for: USER32.DLL >
[2008/01/20 19:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008/01/20 19:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009/04/10 23:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009/04/10 23:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009/04/10 23:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009/04/11 00:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll

< MD5 for: WS2_32.DLL >
[2008/01/20 19:49:45 | 000,265,216 | ---- | M] (Microsoft Corporation) MD5=63944ECFE4878C1C4889689324CABFAB -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_4ed64c4686b376fa\ws2_32.dll
[2008/01/20 19:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
[2008/01/20 19:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
[2008/01/20 19:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[2008/01/20 19:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6002.18005_none_f4a329cecb77d110\ws2_32.dll
[2009/04/11 00:11:31 | 000,264,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6002.18005_none_50c1c55283d54246\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

Extras Log:
OTL Extras logfile created on: 7/13/2010 1:30:53 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\DJ\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 41.08 Gb Free Space | 14.49% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.80 Gb Free Space | 53.24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJ-PC
Current User Name: DJ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3102285875-513200047-3782347557-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Users\DJ\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Users\DJ\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 3C AB 1C 63 E3 79 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
"AntiSpywareOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028CF03A-1A15-4731-B739-7F779AC3DA7E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{03EF78FE-6928-468F-9BEF-E2E28A2AAF92}" = lport=10243 | protocol=6 | dir=in | app=system |
"{09A360B6-F0F1-479A-B8C1-60E0C1EC9F03}" = rport=139 | protocol=6 | dir=out | app=system |
"{0C1363BC-3AC7-49A2-88EA-6715A88EACEF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1A23072F-0BA6-42BE-9148-C857F70DC386}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24519DFB-5646-4895-932D-8B4AEAA422F2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2AB80C61-1998-4F58-9310-B0294E20EC25}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3336D214-6DAE-41A5-A07D-BAF57B43FCCE}" = lport=10244 | protocol=6 | dir=in | app=system |
"{364283BB-136E-4CCC-AC8F-B2A0F36489F0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{443BCD4D-6B05-446A-AA3A-8C62965D1522}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5B6648BD-B700-4301-9E52-D1AC028A30A6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BD3DE75-7283-4C7A-99CD-109A3FEF2FFC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{642A1FBB-BA76-4C2F-8AC6-B8AB7B48F0C4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{70BD7F41-EF3B-4226-B36F-A55050CAE7A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7132EA9D-5229-47E4-87DD-5CA3B31E894B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{77112F3A-4F80-425E-BE40-5F86BBC9BBAE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C5EA4AF-3568-4214-A1C3-51145E938C37}" = lport=445 | protocol=6 | dir=in | app=system |
"{80A5AA51-5827-417E-85AF-8F84936989A5}" = lport=139 | protocol=6 | dir=in | app=system |
"{877169B3-F6D3-452F-BDE0-43BB479A2EA8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{883A181F-458C-4C03-848F-3B1D66E0A29A}" = lport=3390 | protocol=6 | dir=in | app=system |
"{8A43CCD5-DD90-44A9-9F43-CDF1CF48AA16}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B2C60A5-84A6-4B93-AFA9-B9EC07D81F7A}" = lport=137 | protocol=17 | dir=in | app=system |
"{91D34D5B-9472-4D1A-AF07-F06E21371953}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{95DEA841-9FE7-442B-ABF0-1E3A6A5823B1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{98459D5B-4956-4922-B8F7-6D34D0758F65}" = rport=445 | protocol=6 | dir=out | app=system |
"{99755FFA-80B7-4F3E-BA3A-4AA5FABE1B36}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9B297D86-576B-49D6-8B87-47B7442A740F}" = rport=10244 | protocol=6 | dir=out | app=system |
"{9D058027-09B3-43AC-AEB6-02A9F76BD7B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9E7DA292-3347-4DE1-91AD-5E017F2BE427}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9F041C4A-FAA4-4A2C-895E-BABDACB3B504}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ADC9BF4A-4145-40C3-9BFF-77044E0B1301}" = lport=3390 | protocol=6 | dir=in | app=system |
"{AE6709EC-1834-48F6-B390-B1DC3351F037}" = rport=10244 | protocol=6 | dir=out | app=system |
"{B1BA8E3D-A1C7-4CA8-A605-A04ED8867182}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B23DE1CE-A194-4EA1-9ECD-BA7F659E283A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9B3DA54-6D80-4264-816F-D1864BFA493F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC4B0994-1A02-4123-A443-7FF2A12F8E58}" = rport=137 | protocol=17 | dir=out | app=system |
"{BDC56C19-D124-4142-AD3E-9B67623BE5D8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BFA5C3DB-F3AC-4249-BE8B-13238B70C8CD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C04D6635-C287-42E9-966B-7420DDF211BC}" = lport=138 | protocol=17 | dir=in | app=system |
"{C2474647-8051-4EE8-B9C9-EA701077233C}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{C5F4C14F-8C34-473D-A267-B9C8F96D661F}" = lport=10244 | protocol=6 | dir=in | app=system |
"{C929E79E-BA4C-4042-B29D-0E03E46BBE17}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC5822E6-5D6C-4F1B-9505-89BF2E0252F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CDEB2DCD-60E6-4F97-8CCE-044E57E0639E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D316D34D-FBAE-460E-8EC2-970C0B24BC97}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D5F3C61D-0AB0-49EB-BD22-6A98878C8713}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E9ADD4D3-BFD6-41AB-85D5-BCFD69E524EA}" = rport=138 | protocol=17 | dir=out | app=system |
"{F4AB1037-3D22-4981-BFD7-F9848B0C00F6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F6367F5C-9F2B-4DDA-8EF5-B9AE9FF60819}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F68FDF17-717E-4747-9449-E8AEFFD947FB}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{FD72380E-6CAC-4E66-98FB-D3F3EBACBB67}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024493D4-D09A-4980-A0A5-152D8539991C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{0A0D16FA-4A0B-477F-A246-E5091A027B56}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0BACBE1F-DE42-469C-A38C-09F173986F63}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0D97156B-52D1-4D4D-BEB6-27E7E130ED4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{15791379-05F5-4777-A5D5-7F338C6568C5}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{1956D09A-4D51-48E9-BA7E-A177F810861C}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{1A80E707-D6F0-4569-8A81-1825447E397F}" = protocol=17 | dir=in | app=c:\users\dj\appdata\local\tversity\media server\mediaserver.exe |
"{1C4F800B-0D63-4B72-A812-F446CB968989}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{1E62C37B-DD2A-4E26-B6DA-D11C46D12CA3}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{212AC262-6DE9-49CD-AD3E-C6887FE84D4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{21A10303-A8B9-43B8-A689-AF8DEDDA6159}" = protocol=17 | dir=in | app=c:\users\dj\appdata\local\tversity\media server\mediaserver.exe |
"{22249979-337E-4AEA-B399-287B44F2B3D1}" = protocol=6 | dir=in | app=c:\users\dj\appdata\local\tversity\media server\mediaserver.exe |
"{25AEC4D4-C76F-4E45-AE6C-46775D4AC048}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2F3AC9E7-833C-44A3-B135-668C9DDDAC10}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{31632EFE-34AB-4F93-B234-AEEC42911444}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{331215E4-EF7E-478B-B5BD-0756EFA0BCF0}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{3808ED6C-F62B-4AC0-B150-EC78FF856506}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3E4E86ED-83E9-4D8D-AF81-78B0A2B5E373}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{42F36921-FEBA-48EA-97A1-7553F175A478}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{44D33B14-7216-4BD6-AB55-5CF72B02AF9A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{499B9898-94D2-40C6-BE87-72C21EFFA2A2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5197A219-F36E-4B4E-8652-4A195654A84C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{52384CD1-45F0-412A-88DD-46F4A419A69E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5541319C-E173-4925-86B7-830E90CDCC9B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5A6D6077-3CAD-4F3D-A554-6532E7AF7263}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B8D3508-58AC-49ED-AF76-6F4BB18EF364}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5D2F8EE5-B79E-4D22-8706-A42A669CEA65}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{5DE81D86-F574-44AA-B881-96F7B7AA0483}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{6014899B-3DED-471D-B7F3-A429B181D01F}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{6E8D0661-AB7D-4370-896C-845E3BF0FB88}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{7122C95C-4CEC-4A02-8364-69074E22E858}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7904D3C5-090D-4944-84AE-23656EBEC4D4}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{7FA6E57F-3BD6-4621-A1AD-D6308317F5B0}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{7FE8D862-8144-4DB6-B46C-0A9710315AD9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{82B6DAD0-3C64-449C-A736-97C37DA77C8B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{903C5748-D4DB-4369-939A-C0EBB94534D5}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{903CF713-813E-409F-835D-AD1588458077}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{96296FD9-7523-4DA7-B36C-A3ED518BE973}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{A712D214-A613-4296-AD80-1604FE6B516A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AAAC52B3-C2E6-4219-B755-4E8D540A91D6}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{AC8E0CC6-8E2C-4AF8-BEC8-82951914843C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{B3649007-9EAE-41F3-B5D1-22E236BFD8E7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{B3E608E3-1B85-4393-96EC-6C28017D0853}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{B686EFB1-F731-4BBE-B8AF-372BCB73F637}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B86A971A-830D-4D22-93A2-99B73F830A9C}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C085EF06-E7D5-4544-907F-78AE22DF3557}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C095E909-D347-4CBC-B6A6-C919B0CC6B2F}" = protocol=6 | dir=out | app=system |
"{C0BB2CA0-EDE5-442D-AD8A-429C33F48CCA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C166EE3F-F1C3-44F6-8CB6-8AA706CBDC5F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{C71DA8D7-8163-4AD2-BAF9-09AFF962FAF9}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D1BAB938-0928-4B92-B8EA-351C77BFD1DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D3A27BED-BA20-4391-AFB4-E33D95FB440A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D885410F-8AD2-49B4-A56D-342542A40D4D}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{DEBC2D5B-55E2-445F-81D9-49A5882EF7E2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E3C341BD-8EAE-4464-A8C5-589C46F812DE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E912D3F0-1235-4A75-A0E5-69B7503CD24D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EF13FE8E-77DC-41E4-AC1C-4885519A684E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F0116915-34E7-4139-9994-9A46AE940C4E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7671B63-AD22-42BD-B8EF-78B5FEB429B9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F98BDD46-79D1-477A-A60D-BA5CF744F670}" = protocol=6 | dir=in | app=c:\users\dj\appdata\local\tversity\media server\mediaserver.exe |
"TCP Query User{105B40F9-CA9A-4F26-8E1D-CFEBFB681A49}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{1D707F87-3249-461B-8584-44B5F13680F9}C:\program files (x86)\4media\ipod to pc transfer\xcrashreport.exe" = protocol=6 | dir=in | app=c:\program files (x86)\4media\ipod to pc transfer\xcrashreport.exe |
"TCP Query User{24DBDE57-5242-4711-A861-CAF31C75643B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{EF77CADE-ED40-4138-A2DE-61E642238F18}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{162EC036-A6F4-45DD-8282-DD313F59C468}C:\program files (x86)\4media\ipod to pc transfer\xcrashreport.exe" = protocol=17 | dir=in | app=c:\program files (x86)\4media\ipod to pc transfer\xcrashreport.exe |
"UDP Query User{2D788C0F-9EB1-40AC-9B67-5A17565B6AC1}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{77AD80CE-9673-4C54-9D99-66B9BFF22233}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{EE85933B-2380-4299-96C6-04B6A6C0C2F0}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java™ 6 Update 21 (64-bit)
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BAB6BEB-8377-4474-8C1C-80DF8A865431}" = Diskeeper 2009 Professional
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E8B5E073-4FB3-4976-B4A8-0DF3CE91E744}" = Symantec Endpoint Protection
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OA008" = Integrated Webcam Driver (1.04.01.0601)
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5DC0DF76-3B2F-4C38-BE34-58627949BC1A}" = Mega Manager
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DFX for Windows Media Player" = DFX for Windows Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"LimeWire" = LimeWire PRO 5.4.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Spyware Doctor" = Spyware Doctor 7.0
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server" = TVersity Media Server 1.8 Beta
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3102285875-513200047-3782347557-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Thanks

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 13 July 2010 - 06:31 PM

Hello, yaboy7.

Did you have speed results from before your were infected? Viruses can slow up computers or connections; but the higher speeds you list are often claimed by the internet company; and not realistic. Web traffic can be slowed by the server on the other end as well. Let's dig just in case there's something less. I don't see much, but I'll hit what I can see (nothing's active) and get a second opinion.

csrss.exe is also a legimate file. It all depends where it's located. Since OTL isn't showing it, it should be the legit one.
http://www.processlibrary.com/directory/files/csrss/




P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case LimeWire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.

Registry Cleaner Warning


I also see that you have a registry cleaner installed (in your case Registry Mechanic). Here at BC, we do not recommend using registry cleaners.

See here for more information:
http://www.bleepingcomputer.com/forums/ind...p;#entry1326578








Step 1

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

The automatic part won't work with Vista or W7. Please backup manually using ERUNT with the following instructions:
  1. Please locate the ERUNT icon on the desktop. If it is not there, click Start and type ERUNT into the search box.
  2. Right click the ERUNT icon in the desktop or the Start menu, and select Run as Administrator
  3. Click OK at the first message box.
  4. Ensure the checkboxes for both "system registry" and "current user registry" are checked. Leave the default save location in there.
  5. Click OK.
  6. Click Yes to create the new folder.
  7. You'll get a window saying "registry backup complete" once it's done. Click OK. If you get an error message, please STOP here and let me know. Do not proceed with any additional instructions until you check back with me.
Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    IE - HKU\S-1-5-21-3102285875-513200047-3782347557-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    :files
    C:\32788R22FWJFW
    C:\Users\DJ\AppData\Local\fmaxpwvqi
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 0
    :Commands
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.
Step 3

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares

Edited by etavares, 13 July 2010 - 06:32 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 yaboy7

yaboy7
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 13 July 2010 - 11:48 PM

etavares,
I don't have any results from before but currently my speed is: download 28.4 kb/s and upload is 26.1 kb/s. Also, shouldn't the download speed be a lot faster than the upload speed kind of weird how close they are, too me at least. Another thing is before I got infected my download speed was averaging around 250 to 350 kb/s when i would download files and now I'm lucky to get over 30kb/s. Also, before the infection i was able to stream videos from netflix and after the infection i get message saying my internet speed is to slow to display the video.

So, I uninstalled limewire since i rarely use it, and thanks for the heads up about the registry cleaning problem.

1st OTL scan:

All processes killed
========== OTL ==========
HKU\S-1-5-21-3102285875-513200047-3782347557-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
========== FILES ==========
C:\32788R22FWJFW\N_ folder moved successfully.
C:\32788R22FWJFW\License folder moved successfully.
C:\32788R22FWJFW\EN-US folder moved successfully.
C:\32788R22FWJFW folder moved successfully.
C:\Users\DJ\AppData\Local\fmaxpwvqi folder moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring" | 0 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DJ
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35181600 bytes
->Apple Safari cache emptied: 21718 bytes
->Flash cache emptied: 1910 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3267699 bytes

User: Mcx1.DJ-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mcx1.DJ-PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mcx2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2296 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 326 bytes
RecycleBin emptied: 1457717309 bytes

Total Files Cleaned = 1,427.00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 07132010_172500

Files\Folders moved on Reboot...
File\Folder C:\Users\DJ\AppData\Local\Mozilla\Firefox\Profiles\erjhqqoo.default\Cache\224A8A62d01 not found!
File\Folder C:\Users\DJ\AppData\Local\Mozilla\Firefox\Profiles\erjhqqoo.default\Cache\227B46FBd01 not found!
File\Folder C:\Users\DJ\AppData\Local\Mozilla\Firefox\Profiles\erjhqqoo.default\Cache\2474F9B0d01 not found!
File\Folder C:\Users\DJ\AppData\Local\Mozilla\Firefox\Profiles\erjhqqoo.default\Cache\24E97FCAd01 not found!
File\Folder C:\Users\DJ\AppData\Local\Mozilla\Firefox\Profiles\erjhqqoo.default\Cache\25560B80d01 not found!
File\Folder C:\Users\DJ\AppData\Local\Mozilla\Firefox\Profiles\erjhqqoo.default\Cache\255BA71Dd01 not found!
File\Folder C:\Users\DJ\AppData\Local\Mozilla\Firefox\Profiles\erjhqqoo.default\Cache\261EC6A6d01 not found!
File\Folder C:\Users\DJ\AppData\Local\Mozilla\Firefox\Profiles\erjhqqoo.default\Cache\267503ADd01 not found!
File\Folder C:\Users\DJ\AppData\Local\Mozilla\Firefox\Profiles\erjhqqoo.default\Cache\27C76F13d01 not found!
File\Folder C:\Users\DJ\AppData\Local\Mozilla\Firefox\Profiles\erjhqqoo.default\Cache\28D489C4d01 not found!
File\Folder C:\Users\DJ\AppData\Local\Mozilla\Firefox\Profiles\erjhqqoo.default\Cache\28F6AC0Cd01 not found!
C:\Users\DJ\AppData\Local\Mozilla\Firefox\Profiles\erjhqqoo.default\urlclassifier3.sqlite moved successfully.
C:\Users\DJ\AppData\Local\Mozilla\Firefox\Profiles\erjhqqoo.default\XPC.mfl moved successfully.

Registry entries deleted on Reboot...



2nd OTL Scan:

OTL logfile created on: 7/13/2010 5:41:35 PM - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\DJ\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 39.25 Gb Free Space | 13.85% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.80 Gb Free Space | 53.24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJ-PC
Current User Name: DJ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/13 01:29:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\DJ\Desktop\OTL.exe
PRC - [2010/07/02 17:33:10 | 002,347,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/06/28 17:43:30 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/28 17:43:29 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/15 09:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 09:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
PRC - [2010/03/09 06:40:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
PRC - [2010/02/25 14:11:04 | 000,856,064 | ---- | M] () -- C:\Users\DJ\AppData\Local\TVersity\Media Server\MediaServer.exe
PRC - [2010/01/22 07:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/05/19 09:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/24 12:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/05/23 12:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/04/04 18:03:18 | 000,050,616 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2008/04/04 18:01:20 | 002,234,296 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/02/01 00:25:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/02/01 00:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (SafeList) ==========

MOD - [2010/07/13 01:29:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\DJ\Desktop\OTL.exe
MOD - [2010/02/26 05:16:18 | 000,213,912 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\smum32.dll
MOD - [2009/10/30 08:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\PCTGMhk.dll
MOD - [2008/01/20 19:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 10:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/04/17 12:17:50 | 001,995,544 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV:64bit: - [2009/03/30 15:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/03/19 09:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/19 09:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/21 11:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 09:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 09:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/25 14:11:04 | 000,856,064 | ---- | M] () [Auto | Running] -- C:\Users\DJ\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/01/22 07:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/10/09 15:39:41 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/19 09:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/24 12:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/08/01 08:31:11 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/08/01 08:31:01 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/04/04 18:01:20 | 002,234,296 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/04/04 18:00:10 | 004,374,912 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/04/04 01:45:38 | 000,352,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2008/02/01 00:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/02/01 00:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/04/21 18:18:46 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/16 06:33:36 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/30 18:58:04 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/29 08:06:06 | 000,233,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/02/17 11:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 11:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/12 16:01:06 | 000,220,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpsHelper.sys -- (WpsHelper)
DRV:64bit: - [2009/11/17 18:34:48 | 000,172,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/10/09 16:07:11 | 000,867,064 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 15:03:00 | 000,313,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2009/04/10 22:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/19 09:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/03/12 09:47:46 | 000,172,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/03/06 05:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2008/12/21 11:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/12/16 10:22:04 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/11/25 08:08:48 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/11/25 07:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/10/07 10:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/09/15 10:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/09/15 10:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/09/15 10:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/04/04 18:01:42 | 000,051,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wpsdrvnt.sys -- (WPS)
DRV:64bit: - [2008/03/21 18:14:26 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS -- (SRTSPL)
DRV:64bit: - [2008/03/21 18:14:26 | 000,440,880 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2008/03/21 18:14:26 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2008/03/12 14:19:48 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\teefer2.sys -- (Teefer2)
DRV:64bit: - [2008/01/20 19:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2006/11/02 00:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/09/18 14:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/07/09 01:00:00 | 001,773,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100709.024\EX64.SYS -- (NAVEX15)
DRV - [2010/07/09 01:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/07/09 01:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100709.024\ENG64.SYS -- (NAVENG)
DRV - [2010/06/26 01:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/03/21 18:14:26 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2008/03/21 18:14:26 | 000,440,880 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2008/03/21 18:14:26 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3102285875-513200047-3782347557-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-3102285875-513200047-3782347557-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-3102285875-513200047-3782347557-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-3102285875-513200047-3782347557-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3102285875-513200047-3782347557-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3102285875-513200047-3782347557-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3102285875-513200047-3782347557-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:0.9.9.5
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.12s
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.1.7
FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/28 17:43:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/07 13:37:26 | 000,000,000 | ---D | M]

[2009/09/06 23:56:53 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Mozilla\Extensions
[2009/09/06 23:56:53 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/12 22:48:01 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\extensions
[2010/04/28 07:18:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/01 13:32:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/01 13:04:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/09 21:41:44 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/08 16:00:43 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\extensions\cfxHelper@Triton
[2010/06/12 13:07:14 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\extensions\info@djzig.com
[2010/07/10 10:34:10 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\extensions\redshift_V2@shift-themes.com
[2010/06/20 13:04:11 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\extensions\SkipScreen@SkipScreen
[2010/06/12 13:06:59 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\extensions\smarterwiki@wikiatic.com
[2009/09/11 06:21:41 | 000,001,154 | ---- | M] () -- C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\searchplugins\bing.xml
[2010/07/09 13:28:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/02/08 14:08:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/03 10:57:04 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3102285875-513200047-3782347557-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3102285875-513200047-3782347557-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3102285875-513200047-3782347557-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Mcx1.DJ-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Mcx1.DJ-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Mcx2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlcm.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\DJ\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\DJ\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{693f3b59-a0ce-11de-b7b3-0026b9007909}\Shell - "" = AutoRun
O33 - MountPoints2\{693f3b59-a0ce-11de-b7b3-0026b9007909}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b95e6c71-2fe8-11df-85ce-0026b9007909}\Shell - "" = AutoRun
O33 - MountPoints2\{b95e6c71-2fe8-11df-85ce-0026b9007909}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e43c709a-45c4-11df-ba8a-0026b9007909}\Shell - "" = AutoRun
O33 - MountPoints2\{e43c709a-45c4-11df-ba8a-0026b9007909}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/13 17:25:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/13 17:23:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/13 17:20:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/07/13 01:28:09 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\DJ\Desktop\OTL.exe
[2010/07/12 00:52:44 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\IObit
[2010/07/12 00:52:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2010/07/11 13:16:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/10 12:26:10 | 000,000,000 | ---D | C] -- C:\Intel
[2010/07/10 12:25:08 | 000,948,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igxpun.exe
[2010/07/10 12:25:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2010/07/10 12:25:03 | 000,525,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\difxapi.dll
[2010/07/10 12:25:03 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\difxapi.dll
[2010/07/10 12:19:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2010/07/10 12:18:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2010/07/10 12:15:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2010/07/10 12:15:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll
[2010/07/10 12:15:00 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll
[2010/07/10 12:15:00 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll
[2010/07/10 12:14:55 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2010/07/10 12:14:55 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2010/07/10 12:14:50 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll
[2010/07/10 12:14:50 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2010/07/10 12:14:43 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe
[2010/07/10 12:14:41 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe
[2010/07/10 12:14:41 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe
[2010/07/10 12:14:29 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll
[2010/07/10 12:14:28 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll
[2010/07/10 12:14:28 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe
[2010/07/10 12:14:28 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll
[2010/07/10 12:14:28 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2010/07/10 12:14:28 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2010/07/10 12:14:28 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2010/07/10 12:14:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2010/07/10 12:14:28 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2010/07/10 12:14:28 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2010/07/10 12:14:28 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2010/07/10 12:14:17 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2010/07/10 12:14:17 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2010/07/10 12:14:17 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2010/07/10 12:14:17 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2010/07/10 12:14:17 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2010/07/10 12:14:17 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2010/07/10 12:14:17 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2010/07/10 12:14:16 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll
[2010/07/10 12:14:16 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2010/07/10 12:14:16 | 000,348,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2010/07/09 14:03:06 | 000,468,480 | ---- | C] (Oracle) -- C:\Windows\SysNative\deployJava1.dll
[2010/07/09 14:03:06 | 000,183,296 | ---- | C] (Oracle) -- C:\Windows\SysNative\javaws.exe
[2010/07/09 14:03:06 | 000,165,888 | ---- | C] (Oracle) -- C:\Windows\SysNative\javaw.exe
[2010/07/09 14:03:06 | 000,165,888 | ---- | C] (Oracle) -- C:\Windows\SysNative\java.exe
[2010/07/09 14:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/07/03 22:14:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/07/03 13:12:33 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\SUPERAntiSpyware.com
[2010/07/03 13:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/07/03 13:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/07/03 13:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/03 10:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/03 10:57:45 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/07/03 10:33:33 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\Threat Expert
[2010/06/25 15:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/25 15:19:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/06/25 15:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/25 15:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/25 15:11:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/24 10:23:41 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/06/24 10:23:41 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/06/24 10:23:41 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/06/24 10:23:40 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/06/24 10:23:40 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/24 10:23:39 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/24 10:23:38 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/06/24 10:23:35 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/06/23 22:05:50 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/06/23 22:05:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/06/23 22:05:49 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/06/23 22:05:49 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll

========== Files - Modified Within 30 Days ==========

[2010/07/13 17:49:59 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2ED4103D-6B74-4FBA-8842-FE175E3D99BC}.job
[2010/07/13 17:41:37 | 002,359,296 | -HS- | M] () -- C:\Users\DJ\NTUSER.DAT
[2010/07/13 17:28:54 | 000,002,435 | ---- | M] () -- C:\Windows\SysWow64\tversity.cookies
[2010/07/13 17:28:39 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/07/13 17:28:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/13 17:28:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/13 17:28:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/13 17:28:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/13 17:28:10 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/13 17:26:48 | 000,524,288 | -HS- | M] () -- C:\Users\DJ\NTUSER.DAT{802cac7a-7d6b-11df-b205-0026b9007909}.TMContainer00000000000000000001.regtrans-ms
[2010/07/13 17:26:48 | 000,065,536 | -HS- | M] () -- C:\Users\DJ\NTUSER.DAT{802cac7a-7d6b-11df-b205-0026b9007909}.TM.blf
[2010/07/13 17:26:45 | 001,871,499 | -H-- | M] () -- C:\Users\DJ\AppData\Local\IconCache.db
[2010/07/13 17:22:44 | 000,000,945 | ---- | M] () -- C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/13 01:29:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\DJ\Desktop\OTL.exe
[2010/07/10 13:35:26 | 000,170,818 | ---- | M] () -- C:\Users\DJ\Desktop\Flawless2Towel.jpg
[2010/07/09 14:02:44 | 000,183,296 | ---- | M] (Oracle) -- C:\Windows\SysNative\javaws.exe
[2010/07/09 14:02:44 | 000,165,888 | ---- | M] (Oracle) -- C:\Windows\SysNative\javaw.exe
[2010/07/09 14:02:44 | 000,165,888 | ---- | M] (Oracle) -- C:\Windows\SysNative\java.exe
[2010/07/09 14:02:43 | 000,468,480 | ---- | M] (Oracle) -- C:\Windows\SysNative\deployJava1.dll
[2010/07/05 12:45:42 | 000,107,008 | ---- | M] () -- C:\Users\DJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/04 01:00:27 | 000,008,379 | ---- | M] () -- C:\Users\DJ\VideoConverterPortable\Documents\kaspersky.html
[2010/07/03 10:57:02 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/07/03 01:04:02 | 000,009,534 | ---- | M] () -- C:\Users\DJ\VideoConverterPortable\Documents\cc_20100703_010356.reg
[2010/06/28 03:14:06 | 000,715,936 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/28 03:14:06 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/28 03:14:06 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/28 00:42:41 | 000,008,084 | ---- | M] () -- C:\Users\DJ\VideoConverterPortable\Documents\Audio_062710_234516.roxio
[2010/06/24 01:04:40 | 000,524,288 | -HS- | M] () -- C:\Users\DJ\NTUSER.DAT{802cac7a-7d6b-11df-b205-0026b9007909}.TMContainer00000000000000000002.regtrans-ms

========== Files Created - No Company Name ==========

[2010/07/13 17:20:38 | 000,000,945 | ---- | C] () -- C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/12 00:53:06 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2010/07/10 18:30:03 | 4251,828,224 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/10 13:35:24 | 000,170,818 | ---- | C] () -- C:\Users\DJ\Desktop\Flawless2Towel.jpg
[2010/07/10 12:14:19 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2010/07/10 12:14:19 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2010/07/10 12:14:19 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2010/07/10 12:14:19 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2010/07/10 12:14:19 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2010/07/10 12:14:19 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2010/07/04 01:00:27 | 000,008,379 | ---- | C] () -- C:\Users\DJ\VideoConverterPortable\Documents\kaspersky.html
[2010/07/03 01:03:59 | 000,009,534 | ---- | C] () -- C:\Users\DJ\VideoConverterPortable\Documents\cc_20100703_010356.reg
[2010/06/28 00:42:41 | 000,008,084 | ---- | C] () -- C:\Users\DJ\VideoConverterPortable\Documents\Audio_062710_234516.roxio
[2010/06/21 12:32:27 | 000,524,288 | -HS- | C] () -- C:\Users\DJ\NTUSER.DAT{802cac7a-7d6b-11df-b205-0026b9007909}.TMContainer00000000000000000002.regtrans-ms
[2010/06/21 12:32:27 | 000,524,288 | -HS- | C] () -- C:\Users\DJ\NTUSER.DAT{802cac7a-7d6b-11df-b205-0026b9007909}.TMContainer00000000000000000001.regtrans-ms
[2010/06/21 12:32:27 | 000,065,536 | -HS- | C] () -- C:\Users\DJ\NTUSER.DAT{802cac7a-7d6b-11df-b205-0026b9007909}.TM.blf
[2010/05/17 11:29:00 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/04/21 17:22:50 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/04/21 17:22:50 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/12/19 03:02:35 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2009/12/03 09:25:17 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 09:23:41 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/02 14:48:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >


Malware Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4311

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/13/2010 9:07:13 PM
mbam-log-2010-07-13 (21-07-13).txt

Scan type: Quick scan
Objects scanned: 164531
Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 14 July 2010 - 05:39 PM

Hello, yaboy7.

OK, I had to ask that question...many users expect the claimed download speed and/or confuse kb/s (as download speed is typically reported) with kbs (which are units that talk about connection speed). I agree...your download speed should be higher than your upload speed by several factors and it does seem slow by an order of magnitude or so. We'll have to dig in further...my usual suspect would be a rootkit but there's none that will run on 64 bit. smile.gif

That being said...network speed can be influenced by a variety of things. Are you using a wired or wireless connection? Have you installed anything new? (e.g. microwave, furnace, new set of phones) or plugged anything else into your network around the time you first started to notice issues?



Step 1
  1. Please download MBR.EXE by GMER. Save the file in your root directory. (C:\)
  2. Open Notepad and copy and paste the text in the codebox below (excluding the word Code) into Notepad.
    CODE
    @echo off
    cd\
    mbr.exe -t
    start mbr.log
  3. Next, select File --> Save As, change file type to All Files (*.*), and save it as fixme.bat in your c:\ folder.
  4. Open your c:\folder right-click on fixme.bat and select Run as Administrator. A logfile will open (C:\mbr.log). Please paste the contents in your next reply.
Step 2

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
etavares

Edited by etavares, 14 July 2010 - 05:40 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 yaboy7

yaboy7
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 15 July 2010 - 11:40 AM

Etavares,
I am connected to my laptop through wireless, but wired for my tower, and they are the same speed give or take 1 or 2 kb/s faster. But i have not installed any new appliances or plugged anything else to the network. Also, they need to make rootkit for 64-bit mad.gif haha. Also, i googled to find some rootkits for 64-bits and i found this thread http://www.wilderssecurity.com/showthread.php?t=251307 wondering if you can take a look at it and maybe one of them could help.

MBR log:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: error reading MBR

ESETscan log:

It does not show the list of found threats, so i can not make a log since there is 0 threats.

Edited by yaboy7, 15 July 2010 - 02:12 PM.


#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 15 July 2010 - 06:28 PM

Fix...hmmm...if it's BOTH computers we're likely barking up the wrong tree with a virus. Nothing major to see with this round. You had a java exploit detected based on your title of this thread. Those are fairly common, but should be easy to clean if your A/V caught it.

It's a good thing they're aren't 64-bit rootkits (I'm sure they're coming soon)...that's the bad malware! No rootkit scanner works with 64 bit, but no rootkit does either. smile.gif At least...not yet.

Please try something for me...unplug everything in your house from the network. Even unplug your router from your modem. Now, using a wired connection, plug the modem directly into the computer. Is your speed fast or slow now?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 yaboy7

yaboy7
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 16 July 2010 - 12:52 AM

Etavares,
Now I get what your saying about the rootkits haha. But anyways, I do not have a modem since i have DSL and it comes with the router only. But, I unplugged everything from the router, including the power to the router. Left it off for about 30 mins, and plugged everything back in and ran the speedtest.net. Wired results were DL= 29.4 kB/s and UL= 26.9 kB/s. Wireless results were DL= 27.2 kB/s and UL= 25.3 kB/s.

Basically, since both computers are running the same speed, it is most likely not caused from a virus but rather a problem with the internet provider possibly? I thought for sure it was a virus because my symantec found the threats then the next day, the internet speed went super slow. What a coincidence haha.

But if everything else seems clean and fine with the logs I guess it is time to call the internet provider. So, thanks for your time and help. Much appreciated.

PS. Is it ok to delete the quarantine files in my symantec, malware, spyware doctor and SUPERantispyware?

Edited by yaboy7, 16 July 2010 - 02:03 AM.


#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 16 July 2010 - 05:47 PM

Hello, yaboy7.

OK, usually with DSL there is a modem where the line comes in, then it's plugged into a router, then your computers. If there's only one box, then there goes that theory. I wanted to isolate the issue first since any virus isn't that apparent. It could be virus related, but I'm not seeing too much. There are a few things we can do. If this doesn't help, we'll use a more powerful tool for another check. Finally, if all else fails, we can reset your internet, flush your caches, and monitor network traffic to see if it's virus related or just a slow connection.

You can delete those quarantines.


Step 1

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
The automatic part won't work with Vista or W7. Please backup manually using ERUNT with the following instructions:
  1. Please locate the ERUNT icon on the desktop. If it is not there, click Start and type ERUNT into the search box.
  2. Right click the ERUNT icon in the desktop or the Start menu, and select Run as Administrator
  3. Click OK at the first message box.
  4. Ensure the checkboxes for both "system registry" and "current user registry" are checked. Leave the default save location in there.
  5. Click OK.
  6. Click Yes to create the new folder.
  7. You'll get a window saying "registry backup complete" once it's done. Click OK. If you get an error message, please STOP here and let me know. Do not proceed with any additional instructions until you check back with me.
Step 2

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 21 and save it to your desktop.
  • Scroll down to where it says "JDK 6 Update 21 (JDK or JRE)...allows end-users to run Java applications".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.
Step 3

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    IE - HKU\S-1-5-21-3102285875-513200047-3782347557-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    :files
    C:\32788R22FWJFW
    C:\Users\DJ\AppData\Local\fmaxpwvqi
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 0
    :Commands
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.
etavares

EDIT: java is version 21 now.

Edited by etavares, 16 July 2010 - 05:48 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 yaboy7

yaboy7
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 17 July 2010 - 02:22 PM

Etavares,
I have already removed all older versions of java after i posted this topic and updated to the java version 21 x64bit. Sorry i forgot to mention that. And the speed is still currently the same. Also, i just found out since I looked at my package online and my speed is suppose to be up to 3 Mbps haha. I thought i had the lowest package but i guess not. But here's the log.

OTL:

All processes killed
========== OTL ==========
HKU\S-1-5-21-3102285875-513200047-3782347557-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
========== FILES ==========
File\Folder C:\32788R22FWJFW not found.
File\Folder C:\Users\DJ\AppData\Local\fmaxpwvqi not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring" | 0 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DJ
->Temp folder emptied: 89667764 bytes
->Temporary Internet Files folder emptied: 46224582 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 86660145 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3651 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1.DJ-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1.DJ-PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 12288 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 637626 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 136555 bytes

Total Files Cleaned = 213.00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 07172010_112245

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\4E5B.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\54F1.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Edited by yaboy7, 17 July 2010 - 03:51 PM.


#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 18 July 2010 - 06:40 AM

Hello, yaboy7.
OK, since everything we do looks good and since your other computer gives you the same speed results, I'm thinking it the router/modem. First question...any redirects? There are viruses that modify router/modem settings; but they can only redirect you. That's why it's always good to enable a password and change the default password. If it's just slow speed for both computers it's likely something to do with your router/modem that's not malware related.

You did have some poisoned Java files initially. That's pretty common. With all the scans you've done it cleaned that up.

3 Mbps (mega BITS per second) is equivalent to 366 KB/s (kilo BYTES per second...8 bits in a byte), but in all practicality you'd probably get speeds of 200 KB/s...or about an order of magnitude greater than you're seeing. Something's definitely up. Does your ISP throttle back the speed for heavy users? Some do.

Let's clean up our mess:



Step 1

Next, we need to remove the other tools we have used.
  • Please download OTC by OldTimer and save it to you desktop
  • Doubleclick the icon to start the program.
  • Then, click the big button.
  • You will get a prompt saying Begin Cleanup Process. Click Yes.
  • Restart your computer when prompted.
Step 2

We need to purge your system restore so malware is not accidently restored. First, let's create a new restore point.
  1. Go to Start and type in SystemsPropertiesProtection and run that program.
  2. Select the System Protection tab.
  3. Press Create.
  4. Give the restore point a name and press create.
  5. You'll see it work, then say that it was created sucessfully.
Now, we need to remove the old, infected points using DiskCleanup.
  1. Click on Start --> My Computer
  2. Right-click on C: and select Properties.
  3. Click on Disk Cleanup.
  4. Double-click Files from all users on this computer.
  5. Click on More Options tab and press Clean Up... under System Restore and Shadow Copies.
  6. Click OK.
  7. You'll get a couple of prompts asking if you're sure you want do to this, select Yes for them.
  8. Disk cleanup will remove those restore points and close itself.
Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites
Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  1. Double-click the Downloaded installer and install the tool to a location of your choice
  2. Via the Startmenu, navigate to HostsMan and run the program.
    1. Click "Hosts" in the menu
    2. Click "Manage Updates" in the submenu
    3. Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    4. Click "Add Update." After that you will only need to click on the following button to retrieve updates:
  3. Click the X to exit the program.
  4. Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares

EDIT: double post.

Edited by etavares, 18 July 2010 - 06:40 AM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 yaboy7

yaboy7
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 18 July 2010 - 02:36 PM

etavares,
Thanks for all your help and information. Also, i found out the reason why the internet was slowed down haha. My girlfriend kicked the phone line wire out of the socket and she put it back in the phone line adapter instead of the dsl/aplha adapter haha. So the speed is back up to the 300 kb region. Dumb woman haha. Thanks again much appreciated.

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 18 July 2010 - 02:43 PM

lol...nice. Thanks for letting me know. Safe surfing!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 23 July 2010 - 05:46 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If you are the topic starter, and need this topic reopened, please contact me via PM with the address of this thread.

Everyone else please begin a new topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users