Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan horse Dropper.Generic.BIQR - Severe Infection

Started by kksteine , Jan 11 2011 11:26 PM

  • This topic is locked This topic is locked

#1
kksteine
Posted 11 January 2011 - 11:26 PM

kksteine

    Member

  • Member
  • PipPip
  • 28 posts
I originally only had Symantec Endpoint Protection for my computer, and got infected with a Trojan Horse within the last month. Now Symantec shows thousands of temp files infected - these files can be deleted from the temp folder, but there is always at least one file that shows itself rapidly on and off in the folder that can not be deleted. A screen shot of the symantec warning is attached.


After this, I got SUPERAntiSpyware and Spybot to run tests. Spybot always turns up clean but SUPER always has several temp files which it quarantines and I delete. When this didn't work, I got AVG free trial to see if it would take care of it. The screen shot of AVG alerts is attached as well.

I also tried turning off system restore, rebooting, and then making a new restore point.

I then ran the OTS with the settings shown in the third screen shot attached, and had the following outputs.

OTS logfile created on: 1/11/2011 7:26:17 PM - Run 2
OTS by OldTimer - Version 3.1.41.0     Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 39.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.11 Gb Total Space | 373.67 Gb Free Space | 82.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Quick Scan
 
[Processes - Safe List]
ots.exe -> C:\Users\Owner\Downloads\OTS.exe -> File not found
avgidsmonitor.exe -> C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe -> [2010/11/23 13:34:16 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgidsagent.exe -> C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -> [2010/11/23 13:34:14 | 006,128,208 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgfws.exe -> C:\Program Files (x86)\AVG\AVG10\avgfws.exe -> [2010/11/22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.)
raptr.exe -> C:\Program Files (x86)\Raptr\raptr.exe -> [2010/11/11 18:30:00 | 000,058,792 | ---- | M] ()
raptr_im.exe -> C:\Program Files (x86)\Raptr\raptr_im.exe -> [2010/11/11 18:30:00 | 000,042,920 | ---- | M] ()
avgwdsvc.exe -> C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -> [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtray.exe -> C:\Program Files (x86)\AVG\AVG10\avgtray.exe -> [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgam.exe -> C:\Program Files (x86)\AVG\AVG10\avgam.exe -> [2010/10/22 04:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.)
realsched.exe -> C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe -> [2010/08/25 12:18:01 | 000,202,256 | ---- | M] (RealNetworks, Inc.)
applemobiledeviceservice.exe -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.)
g2mstart.exe -> C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe -> [2010/08/13 11:48:42 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
g2mlauncher.exe -> C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mlauncher.exe -> [2010/08/13 11:48:42 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
g2mcomm.exe -> C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mcomm.exe -> [2010/08/13 11:48:42 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
winampa.exe -> C:\Program Files (x86)\Winamp\winampa.exe -> [2010/05/25 11:08:42 | 000,037,888 | ---- | M] (Nullsoft, Inc.)
rtvscan.exe -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -> [2010/04/01 22:31:46 | 001,822,296 | ---- | M] (Symantec Corporation)
protectionutilsurrogate.exe -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe -> [2010/04/01 22:31:18 | 000,050,544 | ---- | M] (Symantec Corporation)
dwhwizrd.exe -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\DWHWizrd.exe -> [2010/04/01 22:26:42 | 000,159,600 | ---- | M] (Symantec Corporation)
bridge.exe -> C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe -> [2010/03/09 03:28:26 | 011,989,960 | ---- | M] (Adobe Systems, Inc.)
switchboard.exe -> C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -> [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated)
ccapp.exe -> C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe -> [2010/01/25 15:35:56 | 000,115,560 | ---- | M] (Symantec Corporation)
ccsvchst.exe -> C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -> [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation)
jucheck.exe -> C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe -> [2010/01/11 15:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.)
eeventmanager.exe -> C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe -> [2009/12/03 09:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION)
wcourier.exe -> C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe -> [2009/07/24 12:32:50 | 001,593,344 | ---- | M] ()
fastbootagent.exe -> C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe -> [2009/07/23 19:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.)
controldeckstartup.exe -> C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe -> [2009/07/22 19:58:46 | 000,017,976 | ---- | M] ()
atkosd2.exe -> C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe -> [2009/07/07 13:20:56 | 008,493,624 | ---- | M] (ASUS)
adsmtray.exe -> C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe -> [2009/06/24 14:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.)
cnrpc.exe -> C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe -> [2009/06/11 17:13:40 | 000,158,584 | ---- | M] ()
cinemanowsvc.exe -> C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -> [2009/06/11 17:13:40 | 000,127,352 | ---- | M] (CinemaNow, Inc.)
cinemanowshell.exe -> C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe -> [2009/06/11 17:13:30 | 002,088,296 | ---- | M] (CinemaNow Inc.)
sensorsrv.exe -> C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe -> [2009/05/18 17:58:38 | 000,305,720 | ---- | M] (ASUS)
hcontrol.exe -> C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe -> [2009/04/23 23:24:44 | 000,178,744 | ---- | M] (ASUS)
dmedia.exe -> C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe -> [2009/04/20 13:09:30 | 000,159,744 | ---- | M] (ASUS)
hcontroluser.exe -> C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe -> [2009/04/01 23:05:34 | 000,098,304 | ---- | M] (ASUS)
teatimer.exe -> C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe -> [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited)
wdc.exe -> C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe -> [2008/12/22 19:15:34 | 000,174,648 | ---- | M] (ASUS)
kbfiltr.exe -> C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe -> [2008/08/13 23:00:08 | 000,113,208 | ---- | M] (ASUS)
atouch64.exe -> C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe -> [2008/08/13 22:59:56 | 000,301,624 | ---- | M] ()
asldrsrv.exe -> C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -> [2008/08/13 22:59:52 | 000,100,920 | ---- | M] ()
atkosd.exe -> C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe -> [2008/08/13 18:21:56 | 002,482,176 | ---- | M] (ASUS)
clmlsvc.exe -> C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe -> [2008/07/18 21:52:16 | 000,104,936 | ---- | M] (CyberLink)
adsmsrv.exe -> C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -> [2008/03/31 04:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.)
gfnexsrv.exe -> C:\Program Files\ATKGFNEX\GFNEXSrv.exe -> [2007/08/08 02:08:40 | 000,094,208 | ---- | M] ()
eebsvc.exe -> C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -> [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION)
 
[Modules - Safe List]
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll -> [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
64bit-(!SASCORE)  [Auto | Running] -> C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -> [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com)
64bit-(WinDefend)  [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
64bit-(ATKGFNEXSrv)  [Auto | Running] -> C:\Program Files\ATKGFNEX\GFNEXSrv.exe -> [2007/08/08 02:08:40 | 000,094,208 | ---- | M] ()
(Akamai) Akamai NetSession Interface [Auto | Running] -> c:\Program Files (x86)\Common Files\Akamai\netsession_win_dbc0250.dll -> [2011/01/05 20:46:43 | 003,129,432 | ---- | M] ()
(AVGIDSAgent) AVGIDSAgent [Auto | Running] -> C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -> [2010/11/23 13:34:14 | 006,128,208 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avgfws) AVG Firewall [Auto | Running] -> C:\Program Files (x86)\AVG\AVG10\avgfws.exe -> [2010/11/22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avgwd) AVG WatchDog [Auto | Running] -> C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -> [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.)
(SmcService) Symantec Management Client [Auto | Running] -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -> [2010/04/10 11:00:28 | 003,217,344 | ---- | M] (Symantec Corporation)
(Symantec AntiVirus) Symantec Endpoint Protection [Auto | Running] -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -> [2010/04/01 22:31:46 | 001,822,296 | ---- | M] (Symantec Corporation)
(SNAC) Symantec Network Access Control [Disabled | Stopped] -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -> [2010/04/01 20:47:34 | 000,419,656 | ---- | M] (Symantec Corporation)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(SwitchBoard) Adobe SwitchBoard [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -> [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated)
(LiveUpdate) LiveUpdate [On_Demand | Stopped] -> C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -> [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation)
(ccSetMgr) Symantec Settings Manager [Auto | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -> [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation)
(ccEvtMgr) Symantec Event Manager [Auto | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -> [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation)
(FastBootAgent) FastBootAgent [Auto | Running] -> C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe -> [2009/07/23 19:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.)
(CinemaNow Service) CinemaNow Service [Auto | Running] -> C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -> [2009/06/11 17:13:40 | 000,127,352 | ---- | M] (CinemaNow, Inc.)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
(SBSDWSCService) SBSD Security Center Service [Auto | Stopped] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.)
(ASLDRService) ASLDR Service [Auto | Running] -> C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -> [2008/08/13 22:59:52 | 000,100,920 | ---- | M] ()
(ADSMService) ADSM Service [Auto | Running] -> C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -> [2008/03/31 04:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.)
(EpsonBidirectionalService) EpsonBidirectionalService [Auto | Running] -> C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -> [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION)
 
[Driver Services - Safe List]
64bit-(Avgldx64) AVG AVI Loader Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\avgldx64.sys -> [2010/12/08 04:12:36 | 000,308,304 | ---- | M] (AVG Technologies CZ, s.r.o.)
64bit-(Avgtdia) AVG TDI Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\avgtdia.sys -> [2010/11/12 13:19:38 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.)
64bit-(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -> [2010/11/10 10:36:53 | 000,172,592 | ---- | M] (Symantec Corporation)
64bit-(AVGIDSEH) AVGIDSEH [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\AVGIDSEH.sys -> [2010/09/13 15:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. )
64bit-(Avgmfx64) AVG Mini-Filter Resident Anti-Virus Shield [File_System | System | Running] -> C:\Windows\SysNative\drivers\avgmfx64.sys -> [2010/09/07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.)
64bit-(Avgrkx64) AVG Anti-Rootkit Driver [File_System | Boot | Running] -> C:\Windows\SysNative\drivers\avgrkx64.sys -> [2010/09/07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.)
64bit-(AVGIDSDriver) AVGIDSDriver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AVGIDSDriver.sys -> [2010/08/19 20:42:38 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. )
64bit-(AVGIDSFilter) AVGIDSFilter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AVGIDSFilter.sys -> [2010/08/19 20:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. )
64bit-(Avgfwfd) AVG network filter service [Kernel | System | Running] -> C:\Windows\SysNative\drivers\avgfwd6a.sys -> [2010/07/12 04:34:00 | 000,057,696 | ---- | M] (AVG Technologies CZ, s.r.o.)
64bit-(USBAAPL64) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbaapl64.sys -> [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.)
64bit-(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\srtspl64.sys -> [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation)
64bit-(SRTSP) SRTSP [File_System | System | Running] -> C:\Windows\SysNative\drivers\srtsp64.sys -> [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation)
64bit-(SRTSPX) SRTSPX [Kernel | System | Running] -> C:\Windows\SysNative\drivers\srtspx64.sys -> [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation)
64bit-(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -> [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
64bit-(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\saskutil64.sys -> [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
64bit-(dc3d) MS Hardware Device Detection Driver (HID) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\dc3d.sys -> [2009/11/04 02:58:42 | 000,022,528 | ---- | M] (Microsoft Corporation)
64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2009/07/28 02:35:51 | 007,345,632 | ---- | M] (Intel Corporation)
64bit-(kbfiltr) Keyboard Filter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\kbfiltr.sys -> [2009/07/20 04:29:39 | 000,015,416 | ---- | M] ( )
64bit-(NETw1v64) Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\NETw1v64.sys -> [2009/07/20 02:33:41 | 007,058,432 | ---- | M] (Intel Corporation)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(ETD) ELAN PS/2 Port Input Device [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\ETD.sys -> [2009/07/08 22:11:41 | 000,140,800 | ---- | M] (ELAN Microelectronic Corp.)
64bit-(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\athrx.sys -> [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.)
64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\wbem\ntfs.mof -> [2009/06/10 15:38:56 | 000,000,308 | ---- | M] ()
64bit-(SiSGbeLH) SiS191/SiS190 Ethernet Device NDIS 6.0 Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\SiSG664.sys -> [2009/06/10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2009/06/04 05:54:35 | 000,408,600 | ---- | M] (Intel Corporation)
64bit-(AmUStor) AM USB Stroage Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\AmUStor.sys -> [2009/05/26 08:32:37 | 000,040,448 | ---- | M] (Alcor Micro, Corp.)
64bit-(IntcHdmiAddService) Intel(R) High Definition Audio HDMI [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\IntcHdmi.sys -> [2009/05/25 15:13:09 | 000,138,752 | ---- | M] (Intel(R) Corporation)
64bit-(SNP2UVC) USB2.0 PC Camera (SNP2UVC) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\snp2uvc.sys -> [2009/05/20 03:11:05 | 001,799,680 | ---- | M] ()
64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\GEARAspiWDM.sys -> [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.)
64bit-(MTsensor) ATK0100 ACPI UTILITY [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\ATK64AMD.sys -> [2009/05/12 20:07:19 | 000,015,928 | ---- | M] (ASUS)
64bit-(NuidFltr) NUID filter driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nuidfltr.sys -> [2009/05/09 00:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation)
64bit-(L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\L1C62x64.sys -> [2009/04/27 03:25:57 | 000,057,344 | ---- | M] (Atheros Communications, Inc.)
64bit-(fssfltr) fssfltr [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\fssfltr.sys -> [2008/12/08 19:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation)
64bit-(WimFltr) WimFltr [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WimFltr.sys -> [2008/05/23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation)
64bit-(ASMMAP64) ASMMAP64 [Kernel | Auto | Running] -> C:\Program Files\ATKGFNEX\ASMMAP64.sys -> [2007/07/24 13:11:32 | 000,014,904 | ---- | M] ()
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\ProgramData\Symantec\Definitions\VirusDefs\20110111.002\EX64.SYS -> [2010/12/17 04:00:00 | 001,791,096 | ---- | M] (Symantec Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\ProgramData\Symantec\Definitions\VirusDefs\20110111.002\ENG64.SYS -> [2010/12/17 04:00:00 | 000,117,880 | ---- | M] (Symantec Corporation)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -> [2010/10/18 03:00:00 | 000,475,696 | ---- | M] (Symantec Corporation)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2010/10/18 03:00:00 | 000,132,656 | ---- | M] (Symantec Corporation)
(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\srtspl64.sys -> [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation)
(SRTSP) SRTSP [File_System | System | Running] -> C:\Windows\SysWOW64\drivers\srtsp64.sys -> [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation)
(SRTSPX) SRTSPX [Kernel | System | Running] -> C:\Windows\SysWOW64\drivers\srtspx64.sys -> [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{ba14329e-9550-4989-b3f2-9732e92d17cc}" [HKLM] -> C:\Program Files (x86)\Vuze_Remote\tbVuze.dll [Vuze Remote Toolbar] -> [2010/11/13 21:58:34 | 003,913,000 | ---- | M] (Conduit Ltd.)
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
HKEY_USERS\S-1-5-19\: Main\\"Start Page" -> http://antivirus.vt.edu -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: Main\\"Start Page" -> http://antivirus.vt.edu -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\] > -> -> 
HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\: Main\\"Default_Page_URL" -> http://asus.msn.com -> 
HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\: Main\\"Start Page" -> http://antivirus.vt.edu -> 
HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\: URLSearchHooks\\"{ba14329e-9550-4989-b3f2-9732e92d17cc}" [HKLM] -> C:\Program Files (x86)\Vuze_Remote\tbVuze.dll [Vuze Remote Toolbar] -> [2010/11/13 21:58:34 | 003,913,000 | ---- | M] (Conduit Ltd.)
HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Owner\AppData\Roaming\Mozilla\FireFox\Profiles\u31q2sju.default\prefs.js -> 
browser.search.defaultthis.engineName -> "Google Powered Search" ->
browser.search.defaulturl -> "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}" ->
browser.search.param.yahoo-fr -> "chrf-i3752" ->
browser.search.param.yahoo-fr-cjkt -> "chrf-i3752" ->
browser.startup.homepage -> "http://www.christnotes.org/dbv.php" ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 ->
extensions.enabledItems -> {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0 ->
extensions.enabledItems -> {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5 ->
extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 ->
extensions.enabledItems -> {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 ->
extensions.enabledItems -> {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0 ->
extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178 ->
< FireFox Settings [User.js] > -> C:\Users\Owner\AppData\Roaming\Mozilla\FireFox\Profiles\u31q2sju.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [C:\PROGRAM FILES (X86)\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}] -> [2010/08/10 11:41:39 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT] -> [2010/12/23 22:53:10 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX\ [C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX\] -> [2011/01/09 16:38:56 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/12/25 10:55:57 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/12/25 10:55:59 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\Owner\AppData\Roaming\Mozilla\Extensions -> [2010/02/21 19:40:14 | 000,000,000 | ---D | M]
  -> C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u31q2sju.default\extensions -> [2011/01/11 18:46:09 | 000,000,000 | ---D | M]
Yahoo! Toolbar   -> C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u31q2sju.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2010/12/23 22:53:14 | 000,000,000 | ---D | M]
Vuze Remote Toolbar   -> C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u31q2sju.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} -> [2010/12/23 22:53:15 | 000,000,000 | ---D | M]
Adblock Plus   -> C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u31q2sju.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2010/12/23 22:53:15 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
 conduit.xml -> C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u31q2sju.default\searchplugins\conduit.xml -> [2010/11/18 16:11:05 | 000,000,903 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2011/01/09 19:13:46 | 000,000,000 | ---D | M]
No name found   -> C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} -> [2010/12/25 10:54:05 | 000,000,000 | ---D | M]
Adobe Contribute Toolbar -> C:\PROGRAM FILES (X86)\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9} -> [2010/08/10 11:41:39 | 000,000,000 | ---D | M]
AVG Safe Search -> C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX -> [2011/01/09 16:38:56 | 000,000,000 | ---D | M]
RealPlayer Browser Record Plugin -> C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT -> [2010/12/23 22:53:10 | 000,000,000 | ---D | M]
< FireFox Components [Program Folders] > -> 
 nprpffbrowserrecordext.dll -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll -> [2010/08/25 12:18:24 | 000,049,152 | ---- | M] ()
< HOSTS File > ([2009/06/10 16:00:26 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG10\avgssiea.dll [AVG Safe Search] -> [2010/11/22 04:48:14 | 003,848,032 | ---- | M] (AVG Technologies CZ, s.r.o.)
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} [HKLM] -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [Windows Live Family Safety Browser Helper Class] -> [2008/12/08 19:35:52 | 000,068,960 | ---- | M] (Microsoft Corporation)
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} [HKLM] -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [Easy Photo Print] -> [2009/08/24 00:10:02 | 000,430,592 | ---- | M] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{074C1DC5-9320-4A9A-947D-C042949C6216} [HKLM] -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [ContributeBHO Class] -> [2010/03/27 16:59:12 | 000,164,312 | ---- | M] (Adobe Systems, Inc.)
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2010/08/25 12:18:24 | 000,341,600 | ---- | M] (RealPlayer)
{30F9B915-B755-4826-820B-08FBA6BD249D} [HKLM] -> C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [Conduit Engine] -> [2010/11/13 21:58:34 | 003,913,000 | ---- | M] (Conduit Ltd.)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG10\avgssie.dll [AVG Safe Search] -> [2010/11/22 04:48:12 | 002,732,896 | ---- | M] (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{ba14329e-9550-4989-b3f2-9732e92d17cc} [HKLM] -> C:\Program Files (x86)\Vuze_Remote\tbVuze.dll [Vuze Remote Toolbar] -> [2010/11/13 21:58:34 | 003,913,000 | ---- | M] (Conduit Ltd.)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{9421DD08-935F-4701-A9CA-22DF90AC4EA6}" [HKLM] -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [Easy Photo Print] -> [2009/08/24 00:10:02 | 000,430,592 | ---- | M] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{30F9B915-B755-4826-820B-08FBA6BD249D}" [HKLM] -> C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [Conduit Engine] -> [2010/11/13 21:58:34 | 003,913,000 | ---- | M] (Conduit Ltd.)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" [HKLM] -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [Contribute Toolbar] -> [2010/03/27 16:59:12 | 000,164,312 | ---- | M] (Adobe Systems, Inc.)
"{ba14329e-9550-4989-b3f2-9732e92d17cc}" [HKLM] -> C:\Program Files (x86)\Vuze_Remote\tbVuze.dll [Vuze Remote Toolbar] -> [2010/11/13 21:58:34 | 003,913,000 | ---- | M] (Conduit Ltd.)
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AmIcoSinglun64" -> C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe] -> [2009/04/09 08:17:03 | 000,320,000 | ---- | M] (AlcorMicro Co., Ltd.)
"ETDWare" -> C:\Program Files\Elantech\ETDCtrl.exe [C:\Program Files\Elantech\ETDCtrl.exe] -> [2009/07/30 05:56:05 | 000,617,856 | ---- | M] (ELAN Microelectronic Corp.)
"HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2009/08/02 07:38:01 | 000,387,608 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2009/08/02 07:38:11 | 000,165,912 | ---- | M] (Intel Corporation)
"Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2009/08/02 07:38:07 | 000,365,592 | ---- | M] (Intel Corporation)
"RtHDVCpl" -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe] -> [2009/07/28 08:14:19 | 007,982,112 | ---- | M] (Realtek Semiconductor)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AdobeCS5ServiceManager" -> C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe ["C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin] -> [2010/02/22 03:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated)
"ATKMEDIA" -> C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe] -> [2009/04/20 13:09:30 | 000,159,744 | ---- | M] (ASUS)
"ATKOSD2" -> C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe] -> [2009/07/07 13:20:56 | 008,493,624 | ---- | M] (ASUS)
"AVG_TRAY" -> C:\Program Files (x86)\AVG\AVG10\avgtray.exe [C:\Program Files (x86)\AVG\AVG10\avgtray.exe] -> [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.)
"ccApp" -> C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe ["C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"] -> [2010/01/25 15:35:56 | 000,115,560 | ---- | M] (Symantec Corporation)
"CinemaNowMediaManagerApp" -> C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe [C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe -start] -> [2009/06/11 17:13:30 | 002,088,296 | ---- | M] (CinemaNow Inc.)
"EEventManager" -> C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe ["C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"] -> [2009/12/03 09:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION)
"HControlUser" -> C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe] -> [2009/04/01 23:05:34 | 000,098,304 | ---- | M] (ASUS)
"LTCM Client" -> C:\Program Files (x86)\LTCM Client\ltcmClient.exe [C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup] -> [2009/08/05 12:36:18 | 001,596,096 | ---- | M] (Leader Technologies Inc.)
"Setwallpaper" -> c:\programdata\SetWallpaper.cmd [c:\programdata\SetWallpaper.cmd] -> File not found
"SwitchBoard" -> C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe] -> [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated)
"TkBellExe" -> C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2010/08/25 12:18:01 | 000,202,256 | ---- | M] (RealNetworks, Inc.)
"UpdateLBPShortCut" -> C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"] -> [2009/05/20 00:16:16 | 000,222,504 | ---- | M] (CyberLink Corp.)
"UpdateP2GoShortCut" -> C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"] -> [2008/12/04 00:15:16 | 000,218,408 | ---- | M] (CyberLink Corp.)
"WinampAgent" -> C:\Program Files (x86)\Winamp\winampa.exe ["C:\Program Files (x86)\Winamp\winampa.exe"] -> [2010/05/25 11:08:42 | 000,037,888 | ---- | M] (Nullsoft, Inc.)
< RunOnce [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"" ->  [] -> File not found
< RunOnce [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"" ->  [] -> File not found
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 20:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"" ->  [] -> File not found
"mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> File not found
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 20:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"" ->  [] -> File not found
"mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> File not found
< Run [HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\] > -> HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AdobeBridge" -> C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe ["C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth] -> [2010/03/09 03:28:26 | 011,989,960 | ---- | M] (Adobe Systems, Inc.)
"DW6" -> C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe ["C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"] -> [2010/04/16 10:25:18 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.)
"Epson Stylus NX420(Network)" -> C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIGCA.EXE [C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\Windows\TEMP\E_SBF32.tmp" /EF "HKCU"] -> File not found
"GoToMeeting" -> C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe ["C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe" "/Trigger RunAtLogon"] -> [2010/08/13 11:48:42 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
"Raptr" -> C:\Program Files (x86)\Raptr\raptrstub.exe [C:\PROGRA~2\Raptr\raptrstub.exe --startup] -> [2010/11/11 18:30:02 | 000,052,648 | ---- | M] ()
"SpybotSD TeaTimer" -> C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited)
"SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2010/12/14 15:02:36 | 002,988,784 | ---- | M] (SUPERAntiSpyware.com)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" ->  [1] -> File not found
\\"NoActiveDesktopChanges" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000] > -> HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" ->  [0] -> File not found
\\"NoDriveTypeAutoRun" ->  [149] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE [res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE [res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\] > -> HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7567 domain(s) found. -> 
cinemanow.com .[http] -> Trusted sites -> 
cinemanow.com .[https] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\] > -> HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> 
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.2.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{3D55454B-6490-4B25-82EC-8D0ECEABB655}\\DhcpNameServer -> 192.168.2.1   (Intel(R) WiFi Link 1000 BGN) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 20:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2009/07/28 02:04:49 | 000,258,560 | ---- | M] (Intel Corporation)
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{0E280B3E-CAD8-4B5C-ACBC-199FC775029D} -> lport=1900 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-32753 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{167AE2E9-60D0-44E0-9052-88365043BACC} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-32785 | app=%systemroot%\system32\svchost.exe | svc=fdphost | 
{17EC1905-6EBF-4B99-9585-E83690768A78} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28503 | app=system | 
{1DAECD5A-F9CD-4F10-BBA7-173EBF7C38CE} -> lport=6004 | profile=public | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
{2BE61982-8FDF-4239-95B8-87F99DA1DAB2} -> lport=5000 | profile=public | protocol=17 | dir=in | action=allow | name=akamai netsession interface | 
{38E2B83F-3FE1-4127-A5D2-C733108366BE} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28515 | app=system | 
{470E28A5-F41A-42FF-89DD-FD3F0C5E62D4} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{4A1C87C3-7151-4FF6-B0B3-29551969AFDA} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31277 | app=system | 
{4C729977-B397-434D-B3F4-ABF4DB5D13D0} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-32801 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{4CC9EDA0-4B4C-4754-B673-EDC22B736669} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28523 | app=system | 
{5079C229-FE63-410D-BCC1-4520185544A1} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{5241845B-77B9-434F-913E-9C75E27CBBCD} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{531CF038-A9BF-473D-B8DA-A42BC67B339E} -> lport=49163 | profile=public | protocol=6 | dir=in | action=allow | name=akamai netsession interface | 
{5391F5F3-4C47-46BF-82CE-CD4823E9BD17} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-32805 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{541377EC-FFC0-4787-8CC6-C7F898D7A305} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28531 | app=system | 
{56017422-84F1-4DD6-855A-A5008632EEE6} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28511 | app=system | 
{6C2A2C8B-8332-4A9E-B085-DA201474C3D0} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31285 | app=system | 
{6F7CED57-283B-484A-B0E2-478245032997} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{7A4CB58E-AEE6-4773-AB3A-6F8E6A2CA132} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{7AC75B1D-760D-4594-AF50-60BC42112527} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31289 | app=system | 
{865C6F78-F14C-415F-89E6-F0BE0BEE136C} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28527 | app=system | 
{8A695A48-8694-4ED2-852C-6A15CF55F70B} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{91C05558-F4F1-43A1-86A7-70A2FEE40DA5} -> rport=1900 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-32757 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{9E3B2ECC-A4FA-4231-B9F2-8AAD0BF78FEF} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-32811 | app=%systemroot%\system32\svchost.exe | svc=fdrespub | 
{A061311E-FA49-4356-B701-B6C23F3ED1DC} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{A26B5CB0-F821-43A6-B8B5-18B10528DDE9} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-32809 | app=%systemroot%\system32\svchost.exe | svc=fdrespub | 
{ABF14BE4-2B71-4232-BB0D-EF3533135D11} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{B3AE19EB-260C-4E1B-A503-4A10904BC72F} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-32789 | app=%systemroot%\system32\svchost.exe | svc=fdphost | 
{B5D7E892-B44B-4C79-99E3-F795B1572BEC} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{C4D4EBA9-90E7-4970-A117-1A7EE8C0AFBF} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28507 | app=system | 
{C98FC17D-1F5A-4FB5-AF86-3DB09E2E2EA2} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28539 | svc=rpcss | 
{D1CF633F-C119-443A-ADA3-AAB92DC4DDAE} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28519 | app=system | 
{DF712705-2DC7-4AA4-80B9-3ACEB230BB83} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{E01C9F1E-FDC5-4F48-93C0-CDFFAA3AA3F0} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | 
{ECEBC1BD-EFE4-4CB9-A3FD-9FEB536ECFDD} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | 
{F5E97E30-297F-4615-AEAA-E902EBAB8282} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{0191334A-4090-4E50-BF3B-2DF26E7FBF9F} -> profile=public | protocol=17 | dir=in | action=allow | name=azureus / vuze | app=c:\program files (x86)\vuze\azureus.exe | 
{18362D5C-E298-4BA4-80A9-10623185D1DF} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{1A6A6D24-9CE8-424A-A710-60A8B7F46BF4} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
{1DC92F22-7274-4E60-B688-793BB484EBCA} -> profile=public | protocol=6 | dir=in | action=allow | name=symantec email | app=c:\program files (x86)\common files\symantec shared\ccapp.exe | 
{1F20267F-9881-4976-A5CB-7E3B2E110281} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
{27251568-2350-452A-A74D-AECD82203D4D} -> profile=private | protocol=6 | dir=in | action=allow | name=eeventmanager.exe | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
{27B0F5B7-2D1B-4D6C-99A9-392DE60E2784} -> profile=private | protocol=6 | dir=in | action=allow | name=avg diagnostics 2011 | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
{2A6558D0-51D8-4D47-943F-69ABB2622259} -> profile=private | protocol=17 | dir=in | action=allow | name=cinemanow updater | app=c:\program files (x86)\cinemanow\cinemanow media manager\cnupdater.exe | 
{3756A025-F7A6-4EE4-82DE-DA1D286E6F34} -> profile=private | protocol=6 | dir=in | action=allow | name=online shield | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
{38287949-F146-4A95-98D0-A345EE811FF1} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
{3C23AEB2-7D6E-48EB-91ED-16D4BFB9314F} -> profile=private | protocol=1 | dir=in | action=allow | [email protected],-28543 | 
{4A6D9708-981A-47A9-AAFC-5CA08645A0FE} -> profile=private | protocol=17 | dir=in | action=allow | name=personal e-mail scanner | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
{4C2C51A6-03BD-4093-B72E-87E9D8B00852} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31281 | app=system | 
{5199D09E-59DC-40F3-A327-6E57881E13F9} -> profile=public | protocol=17 | dir=in | action=allow | name=smc service | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe | 
{53322476-E469-4DCC-ADEF-E1C46CAF1A3B} -> profile=public | protocol=6 | dir=in | action=allow | name=azureus / vuze | app=c:\program files (x86)\vuze\azureus.exe | 
{549373C6-70AE-4FA1-AC3A-C257338DBAF7} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31293 | app=%programfiles%\windows media player\wmplayer.exe | 
{57D63114-A462-4D54-B6D2-D7A47C29C844} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{5833F48D-0E1B-41A7-A84D-6C3184CAAD16} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{5B815D02-97C4-4C95-9EDD-87EB659D1C87} -> profile=public | protocol=17 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | 
{64036B2B-522D-4AEB-BB4C-73D3999E6620} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{67A07F5B-A219-44C8-B73C-C3A94C937D5F} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | 
{699B6C49-CC02-4763-B3C5-4B382CD07065} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31011 | app=%programfiles%\windows media player\wmplayer.exe | 
{6A7ED694-F506-478E-BFF0-A5570A4E6036} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{6C7E67B7-226B-46A2-875B-8A5A9498D685} -> profile=private | protocol=6 | dir=in | action=allow | name=avg installer | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
{6CB4B777-855B-428C-94E6-376CBE76F972} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
{6D839E68-3568-4573-B3FD-6AD63AD8D9D3} -> profile=public | protocol=17 | dir=in | action=allow | name=snac64 service | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe | 
{726EECF2-36B4-4E35-8697-D83423B04016} -> profile=public | protocol=6 | dir=in | action=allow | name=cinemanow updater | app=c:\program files (x86)\cinemanow\cinemanow media manager\cnupdater.exe | 
{727922A5-7C09-4660-B970-CD84370B9970} -> profile=public | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{7517EB4B-CDE7-4B23-8882-CB3166EA540F} -> profile=private | protocol=1 | dir=out | action=allow | [email protected],-28544 | 
{75E0C872-26CB-43B5-B331-331DF0DCB25B} -> profile=public | protocol=6 | dir=in | action=allow | name=smc service | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe | 
{76D11B86-965D-4B05-89C5-750B36FE6716} -> profile=private | protocol=6 | dir=in | action=allow | name=epsonnet setup | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
{7F77D1E6-891B-4994-9731-68C143576643} -> profile=private | protocol=17 | dir=in | action=allow | name=avg installer | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
{819E0CD3-3F29-4F96-891A-1D971630BF13} -> profile=private | protocol=6 | dir=in | action=allow | name=cinemanow updater | app=c:\program files (x86)\cinemanow\cinemanow media manager\cnupdater.exe | 
{823B43A9-2839-4B20-9940-9C684FA549EF} -> profile=public | protocol=6 | dir=out | action=allow | [email protected],-32821 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{82C9AAFF-808D-49A1-81D5-4B6A57889799} -> profile=public | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{863DD546-0659-4D10-880A-89C4E35F23B6} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{867937E4-1866-4CE2-94A5-E82889276D23} -> profile=public | protocol=6 | dir=in | action=allow | name=cinemanow media manager | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | 
{87DC2A29-732C-4666-910C-0D1C46DCF936} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31007 | app=%programfiles%\windows media player\wmplayer.exe | 
{906295EC-B08A-4822-BA3F-30BA79DC724E} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31301 | app=%programfiles%\windows media player\wmplayer.exe | 
{910A73BA-BCBD-41F1-BB44-4CBAD718C5CD} -> profile=private | protocol=58 | dir=out | action=allow | [email protected],-28546 | 
{93B7FD47-8B92-4D87-B15E-D87D8FFDD847} -> profile=private | protocol=17 | dir=in | action=allow | name=epsonnet setup | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
{970FC4B1-EAC0-4779-86D8-963EA4CB1438} -> profile=private | protocol=17 | dir=in | action=allow | name=raptr im | app=c:\program files (x86)\raptr\raptr_im.exe | 
{98076275-6F42-488D-BD83-09D0A7BB6A6F} -> profile=private | protocol=6 | dir=in | action=allow | name=avg alert manager | app=c:\program files (x86)\avg\avg10\avgam.exe | 
{A1E8D0E0-137F-43E6-A9B3-FEE1252BA23D} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
{A6999624-A704-4844-AC47-19D99E773ED2} -> profile=private | protocol=6 | dir=in | action=allow | name=raptr im | app=c:\program files (x86)\raptr\raptr_im.exe | 
{A6EAB963-6418-4B74-93EE-F47AA8456FE0} -> profile=public | protocol=6 | dir=in | action=allow | name=mozilla firefox | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
{A8701D65-2931-40A8-A73B-62CC372319AE} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{A8B24B14-15A5-47B0-BD79-9BAFD2D65420} -> profile=private | protocol=17 | dir=in | action=allow | name=online shield | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
{AE4C4DD4-499B-4371-834B-D9401F2DB32C} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{AF660CC0-5CE6-4FD3-935A-6D5B9C1C39A6} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{B04BFC11-5333-414A-9FAE-41A6775AA01C} -> profile=private | protocol=17 | dir=in | action=allow | name=avg diagnostics 2011 | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
{B4CEA86E-74C6-48F2-96EF-7059FC88B8AA} -> profile=private | protocol=17 | dir=in | action=allow | name=azureus / vuze | app=c:\program files (x86)\vuze\azureus.exe | 
{B66B82FB-EA1D-45CC-8C43-6F287A1288B4} -> profile=public | protocol=17 | dir=in | action=allow | name=mozilla firefox | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
{BFA03FCA-4C79-4150-A1FE-7F5D2EB2640E} -> profile=private | protocol=6 | dir=in | action=allow | name=raptr client | app=c:\program files (x86)\raptr\raptr.exe | 
{C511FC58-C84A-49A1-9A8F-A360A031D668} -> profile=public | protocol=6 | dir=in | action=allow | name=snac64 service | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe | 
{C8EFD3D9-ADD5-4E52-9601-3984F5F63D7A} -> profile=private | protocol=17 | dir=in | action=allow | name=raptr client | app=c:\program files (x86)\raptr\raptr.exe | 
{C97E7915-31F0-46D9-BF18-090E36133EB4} -> profile=private | protocol=17 | dir=in | action=allow | name=eeventmanager.exe | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
{CB97106A-4EEB-4CC8-AD6E-7A724FC75CDE} -> profile=private | protocol=6 | dir=in | action=allow | name=azureus / vuze | app=c:\program files (x86)\vuze\azureus.exe | 
{CBF537EC-FDE5-442A-A977-7C181816255C} -> profile=public | protocol=17 | dir=in | action=allow | name=cinemanow updater | app=c:\program files (x86)\cinemanow\cinemanow media manager\cnupdater.exe | 
{CC293A52-324B-432D-B34D-B5FC9ACC131B} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31003 | app=%programfiles%\windows media player\wmplayer.exe | 
{D953CDFC-4035-405D-85FA-DDF2888AEC05} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
{D969BB11-AF5D-4171-8AAE-18BEAC749A64} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{DCA10B6A-2E22-4358-A893-1B1F9B0ADB00} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31297 | app=%programfiles%\windows media player\wmplayer.exe | 
{DE2A9350-5204-4B5C-B6B0-58B1B9C7741D} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{DEB9868D-B962-45AA-ACA6-3C14F324B8B2} -> profile=public | protocol=17 | dir=in | action=allow | name=symantec email | app=c:\program files (x86)\common files\symantec shared\ccapp.exe | 
{DF73730C-9FBE-4089-9429-CC4E1144971F} -> profile=private | protocol=6 | dir=in | action=allow | [email protected],-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{E08CDCBC-5A55-4C06-B2A5-F54306E050E6} -> profile=private | protocol=58 | dir=in | action=allow | [email protected],-28545 | 
{E1B93292-3E94-4131-A4EE-BC9133BF2241} -> profile=private | protocol=17 | dir=in | action=allow | name=avg alert manager | app=c:\program files (x86)\avg\avg10\avgam.exe | 
{E3973598-8DAF-49E3-841C-19AF072506A4} -> profile=private | protocol=6 | dir=in | action=allow | name=personal e-mail scanner | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
{E490E34A-BD39-4F90-98EC-976277ABE740} -> profile=public | protocol=17 | dir=in | action=allow | name=cinemanow media manager | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | 
{E55E1CD4-1280-4B1C-B9A8-E8E51CC42FA2} -> profile=public | protocol=6 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | 
{EC87A9C0-374A-4A9A-8D13-FF3EE8D37E50} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
TCP Query User{705D08D2-B62A-44BD-A685-44616783A85F}C:\program files (x86)\epson software\event manager\eeventmanager.exe -> profile=public | protocol=6 | dir=in | action=block | name=eeventmanager application | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
TCP Query User{98C7BED0-CDE6-407A-970B-12744A2E7421}C:\program files (x86)\internet explorer\iexplore.exe -> profile=public | protocol=6 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
TCP Query User{9EC75BFC-CE76-409D-848D-CEB28224EA72}C:\program files (x86)\real\realplayer\realplay.exe -> profile=private | protocol=6 | dir=in | action=allow | name=realplayer | app=c:\program files (x86)\real\realplayer\realplay.exe | 
UDP Query User{34C24BD7-E6A9-43B8-AE69-2B5F13597CBD}C:\program files (x86)\internet explorer\iexplore.exe -> profile=public | protocol=17 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
UDP Query User{96A80660-BED5-420F-AF6C-CBDE6F77434F}C:\program files (x86)\epson software\event manager\eeventmanager.exe -> profile=public | protocol=17 | dir=in | action=block | name=eeventmanager application | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
UDP Query User{99881285-747D-4DF2-81EF-20C88E580121}C:\program files (x86)\real\realplayer\realplay.exe -> profile=private | protocol=17 | dir=in | action=allow | name=realplayer | app=c:\program files (x86)\real\realplayer\realplay.exe | 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/07/13 18:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-batfile [open] -> "%1" %* -> File not found
64bit-cmdfile [open] -> "%1" %* -> File not found
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
64bit-inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009/07/13 20:39:13 | 000,010,240 | ---- | M] (Microsoft Corporation)
64bit-InternetShortcut [open] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l -> [2010/11/04 00:48:18 | 010,989,056 | ---- | M] (Microsoft Corporation)
64bit-InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2010/11/04 00:49:17 | 005,978,112 | ---- | M] (Microsoft Corporation)
64bit-jsfile [open] -> "C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" -> [2002/05/21 23:13:20 | 009,797,632 | ---- | M] (Macromedia, Inc.)
64bit-piffile [open] -> "%1" %* -> File not found
64bit-scrfile [config] -> "%1" -> File not found
64bit-scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2009/07/13 20:38:51 | 000,130,048 | ---- | M] (Microsoft Corporation)
64bit-scrfile [open] -> "%1" /S -> File not found
64bit-Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> File not found
64bit-Directory [AddToPlaylistVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2010/08/26 18:34:22 | 000,107,008 | ---- | M] ()
64bit-Directory [Bridge] -> C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" -> [2010/03/09 03:28:26 | 011,989,960 | ---- | M] (Adobe Systems, Inc.)
64bit-Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2009/07/13 20:39:01 | 000,344,576 | ---- | M] (Microsoft Corporation)
64bit-Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
64bit-Directory [PlayWithVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2010/08/26 18:34:22 | 000,107,008 | ---- | M] ()
64bit-Directory [Winamp.Bookmark] -> "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" -> [2010/05/25 11:09:44 | 001,552,736 | ---- | M] (Nullsoft, Inc.)
64bit-Directory [Winamp.Enqueue] -> "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" -> [2010/05/25 11:09:44 | 001,552,736 | ---- | M] (Nullsoft, Inc.)
64bit-Directory [Winamp.Play] -> "C:\Program Files (x86)\Winamp\winamp.exe" "%1" -> [2010/05/25 11:09:44 | 001,552,736 | ---- | M] (Nullsoft, Inc.)
64bit-Folder [open] -> %SystemRoot%\Explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
64bit-Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
batfile [open] -> "%1" %* -> 
cmdfile [open] -> "%1" %* -> 
comfile [open] -> "%1" %* -> 
cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2009/07/13 20:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation)
exefile [open] -> "%1" %* -> 
inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009/07/13 20:14:21 | 000,009,216 | ---- | M] (Microsoft Corporation)
InternetShortcut [open] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l -> [2010/11/04 00:48:18 | 010,989,056 | ---- | M] (Microsoft Corporation)
InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2010/11/04 00:49:17 | 005,978,112 | ---- | M] (Microsoft Corporation)
jsfile [open] -> "C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" -> [2002/05/21 23:13:20 | 009,797,632 | ---- | M] (Macromedia, Inc.)
piffile [open] -> "%1" %* -> 
scrfile [config] -> "%1" -> 
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2009/07/13 20:14:08 | 000,128,000 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S -> 
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> 
Directory [AddToPlaylistVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2010/08/26 18:34:22 | 000,107,008 | ---- | M] ()
Directory [Bridge] -> C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" -> [2010/03/09 03:28:26 | 011,989,960 | ---- | M] (Adobe Systems, Inc.)
Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2009/07/13 20:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation)
Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
Directory [PlayWithVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2010/08/26 18:34:22 | 000,107,008 | ---- | M] ()
Directory [Winamp.Bookmark] -> "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" -> [2010/05/25 11:09:44 | 001,552,736 | ---- | M] (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -> "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" -> [2010/05/25 11:09:44 | 001,552,736 | ---- | M] (Nullsoft, Inc.)
Directory [Winamp.Play] -> "C:\Program Files (x86)\Winamp\winamp.exe" "%1" -> [2010/05/25 11:09:44 | 001,552,736 | ---- | M] (Nullsoft, Inc.)
Folder [open] -> %SystemRoot%\Explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 7/21/2010 4:19:29 PM Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 13412778
Application [ Error ] 7/21/2010 4:19:29 PM Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 13412778
Application [ Error ] 7/21/2010 4:19:30 PM Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second
Application [ Error ] 7/21/2010 4:19:30 PM Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 13413777
Application [ Error ] 7/21/2010 4:19:30 PM Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 13413777
Application [ Error ] 7/21/2010 4:19:31 PM Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second
Application [ Error ] 7/21/2010 4:19:31 PM Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 13414791
Application [ Error ] 7/21/2010 4:19:31 PM Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 13414791
Application [ Error ] 7/21/2010 4:19:32 PM Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second
Application [ Error ] 7/21/2010 4:19:32 PM Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 13415789
Media Center [ Error ] 8/2/2010 10:51:04 PM Computer Name = Owner-PC | Source = MCUpdate | ID = 0 -> Description = 10:50:59 PM - Error connecting to the internet.  10:50:59 PM -     Unable to contact server..  
Media Center [ Error ] 8/3/2010 4:28:44 AM Computer Name = Owner-PC | Source = MCUpdate | ID = 0 -> Description = 4:28:44 AM - Error connecting to the internet.  4:28:44 AM -     Unable to contact server..  
Media Center [ Error ] 8/3/2010 12:34:40 PM Computer Name = Owner-PC | Source = MCUpdate | ID = 0 -> Description = 4:28:49 AM - Error connecting to the internet.  4:28:49 AM -     Unable to contact server..  
Media Center [ Error ] 10/3/2010 12:44:51 PM Computer Name = Owner-PC | Source = MCUpdate | ID = 0 -> Description = 12:44:43 PM - Failed to retrieve SportsV2 (Error: Unable to connect to the remote server)  
Media Center [ Error ] 10/13/2010 1:08:48 PM Computer Name = Owner-PC | Source = MCUpdate | ID = 0 -> Description = 1:08:48 PM - Error connecting to the internet.  1:08:48 PM -     Unable to contact server..  
Media Center [ Error ] 10/13/2010 1:09:39 PM Computer Name = Owner-PC | Source = MCUpdate | ID = 0 -> Description = 1:09:35 PM - Error connecting to the internet.  1:09:35 PM -     Unable to contact server..  
Media Center [ Error ] 10/13/2010 2:11:06 PM Computer Name = Owner-PC | Source = MCUpdate | ID = 0 -> Description = 2:11:05 PM - Error connecting to the internet.  2:11:05 PM -     Unable to contact server..  
Media Center [ Error ] 10/13/2010 2:11:54 PM Computer Name = Owner-PC | Source = MCUpdate | ID = 0 -> Description = 2:11:53 PM - Error connecting to the internet.  2:11:53 PM -     Unable to contact server..  
Media Center [ Error ] 10/20/2010 1:02:13 AM Computer Name = Owner-PC | Source = MCUpdate | ID = 0 -> Description = 1:02:13 AM - Error connecting to the internet.  1:02:13 AM -     Unable to contact server..  
Media Center [ Error ] 10/20/2010 1:02:50 AM Computer Name = Owner-PC | Source = MCUpdate | ID = 0 -> Description = 1:02:45 AM - Error connecting to the internet.  1:02:45 AM -     Unable to contact server..  
System [ Error ] 12/1/2010 12:58:19 AM Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011 -> Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
System [ Error ] 12/1/2010 12:58:19 AM Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011 -> Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Symantec AntiVirus service.
System [ Error ] 12/1/2010 10:38:58 AM Computer Name = Owner-PC | Source = NetBT | ID = 4321 -> Description = The name "OWNER-PC       :20" could not be registered on the interface with IP address 172.31.112.27.  The computer with the IP address 198.82.162.243 did not allow the name to be claimed by  this computer.
System [ Error ] 12/1/2010 10:39:02 AM Computer Name = Owner-PC | Source = NetBT | ID = 4321 -> Description = The name "OWNER-PC       :0" could not be registered on the interface with IP address 172.31.112.27.  The computer with the IP address 198.82.162.243 did not allow the name to be claimed by  this computer.
System [ Error ] 12/1/2010 12:02:37 PM Computer Name = Owner-PC | Source = NetBT | ID = 4321 -> Description = The name "OWNER-PC       :0" could not be registered on the interface with IP address 172.31.112.27.  The computer with the IP address 198.82.162.243 did not allow the name to be claimed by  this computer.
System [ Error ] 12/1/2010 1:45:35 PM Computer Name = Owner-PC | Source = NetBT | ID = 4321 -> Description = The name "OWNER-PC       :0" could not be registered on the interface with IP address 172.31.80.195.  The computer with the IP address 198.82.162.243 did not allow the name to be claimed by  this computer.
System [ Error ] 12/1/2010 1:45:38 PM Computer Name = Owner-PC | Source = NetBT | ID = 4321 -> Description = The name "OWNER-PC       :20" could not be registered on the interface with IP address 172.31.80.195.  The computer with the IP address 198.82.162.243 did not allow the name to be claimed by  this computer.
System [ Error ] 12/1/2010 2:13:28 PM Computer Name = Owner-PC | Source = NetBT | ID = 4321 -> Description = The name "OWNER-PC       :0" could not be registered on the interface with IP address 172.31.115.52.  The computer with the IP address 198.82.162.243 did not allow the name to be claimed by  this computer.
System [ Error ] 12/1/2010 2:13:31 PM Computer Name = Owner-PC | Source = NetBT | ID = 4321 -> Description = The name "OWNER-PC       :20" could not be registered on the interface with IP address 172.31.115.52.  The computer with the IP address 198.82.162.243 did not allow the name to be claimed by  this computer.
System [ Error ] 12/1/2010 3:33:30 PM Computer Name = Owner-PC | Source = NetBT | ID = 4321 -> Description = The name "OWNER-PC       :20" could not be registered on the interface with IP address 172.31.115.52.  The computer with the IP address 198.82.162.243 did not allow the name to be claimed by  this computer.
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Users\Owner\Desktop\OTS.exe -> [2011/01/11 19:11:32 | 000,642,560 | ---- | C] (OldTimer Tools)
 OneNote Notebooks -> C:\Users\Owner\Documents\OneNote Notebooks -> [2011/01/10 18:23:03 | 000,000,000 | ---D | C]
 Hewlett-Packard -> C:\ProgramData\Hewlett-Packard -> [2011/01/10 18:22:28 | 000,000,000 | ---D | C]
 $AVG -> C:\$AVG -> [2011/01/09 18:15:59 | 000,000,000 | -H-D | C]
 AVG10 -> C:\Users\Owner\AppData\Roaming\AVG10 -> [2011/01/09 16:44:10 | 000,000,000 | ---D | C]
 Common Files -> C:\ProgramData\Common Files -> [2011/01/09 16:43:18 | 000,000,000 | -H-D | C]
 AVG 2011 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011 -> [2011/01/09 16:42:09 | 000,000,000 | ---D | C]
 AVG -> C:\Windows\SysWow64\drivers\AVG -> [2011/01/09 16:42:06 | 000,000,000 | ---D | C]
 AVG10 -> C:\ProgramData\AVG10 -> [2011/01/09 16:38:30 | 000,000,000 | ---D | C]
 AVG -> C:\Windows\SysNative\drivers\AVG -> [2011/01/09 16:38:30 | 000,000,000 | ---D | C]
 AVG -> C:\Program Files (x86)\AVG -> [2011/01/09 16:35:49 | 000,000,000 | ---D | C]
 MFAData -> C:\ProgramData\MFAData -> [2011/01/09 16:21:28 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com -> [2010/12/27 10:18:43 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2010/12/27 10:18:43 | 000,000,000 | ---D | C]
 !SASCORE -> C:\ProgramData\!SASCORE -> [2010/12/27 10:18:39 | 000,000,000 | ---D | C]
 SUPERAntiSpyware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware -> [2010/12/27 10:18:38 | 000,000,000 | ---D | C]
 SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2010/12/27 10:18:35 | 000,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy -> [2010/12/25 01:23:53 | 000,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2010/12/25 01:23:43 | 000,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\Program Files (x86)\Spybot - Search & Destroy -> [2010/12/25 01:23:43 | 000,000,000 | ---D | C]
 Registry Backup -> C:\Users\Owner\Documents\Registry Backup -> [2010/12/23 21:22:53 | 000,000,000 | ---D | C]
 Google -> C:\Program Files (x86)\Google -> [2010/12/16 18:51:16 | 000,000,000 | ---D | C]
 
[Files/Folders - Modified Within 30 Days]
 OTS.exe -> C:\Users\Owner\Desktop\OTS.exe -> [2011/01/11 19:11:41 | 000,642,560 | ---- | M] (OldTimer Tools)
 GoogleUpdateTaskUserS-1-5-21-165630816-1800415273-3807148623-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-165630816-1800415273-3807148623-1000UA.job -> [2011/01/11 18:59:06 | 000,000,908 | ---- | M] ()
 incavi.avm -> C:\Windows\SysNative\drivers\AVG\incavi.avm -> [2011/01/11 18:50:46 | 104,036,103 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2011/01/11 18:46:06 | 000,067,584 | --S- | M] ()
 ChatLog Fairfax County 2011_01_11 12_39.rtf -> C:\Users\Owner\Documents\ChatLog Fairfax County 2011_01_11 12_39.rtf -> [2011/01/11 12:39:24 | 000,000,710 | ---- | M] ()
 OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk -> [2011/01/11 12:26:47 | 000,001,294 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/01/11 11:55:22 | 000,010,240 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/01/11 11:55:22 | 000,010,240 | -H-- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2011/01/11 11:33:47 | 3193,884,672 | -HS- | M] ()
 GoogleUpdateTaskUserS-1-5-21-165630816-1800415273-3807148623-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-165630816-1800415273-3807148623-1000Core.job -> [2011/01/11 11:03:44 | 000,000,856 | ---- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2011/01/10 16:22:29 | 000,736,514 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2011/01/10 16:22:29 | 000,631,224 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2011/01/10 16:22:29 | 000,109,310 | ---- | M] ()
 s&c return label.png -> C:\Users\Owner\Desktop\s&c return label.png -> [2011/01/10 16:22:05 | 000,029,237 | ---- | M] ()
 iavifw.avm -> C:\Windows\SysNative\drivers\AVG\iavifw.avm -> [2011/01/09 21:41:48 | 000,641,053 | ---- | M] ()
 AVG 2011.lnk -> C:\Users\Public\Desktop\AVG 2011.lnk -> [2011/01/09 16:42:20 | 000,000,955 | ---- | M] ()
 incavi.avm -> C:\Windows\SysWow64\drivers\AVG\incavi.avm -> [2011/01/09 16:42:06 | 000,000,000 | ---- | M] ()
 iavifw.avm -> C:\Windows\SysWow64\drivers\AVG\iavifw.avm -> [2011/01/09 16:42:06 | 000,000,000 | ---- | M] ()
 iavichjw.avm -> C:\Windows\SysWow64\drivers\AVG\iavichjw.avm -> [2011/01/09 16:42:06 | 000,000,000 | ---- | M] ()
 To Do 12.21.2010.docx -> C:\Users\Owner\Desktop\To Do 12.21.2010.docx -> [2011/01/05 12:01:55 | 000,018,986 | ---- | M] ()
 SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2010/12/27 10:26:45 | 000,001,963 | ---- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2010/12/25 10:54:55 | 000,749,728 | ---- | M] ()
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2010/12/25 03:50:03 | 004,983,064 | ---- | M] ()
 Spybot - Search & Destroy.lnk -> C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk -> [2010/12/25 01:24:06 | 000,001,284 | ---- | M] ()
 Spybot - Search & Destroy.lnk -> C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk -> [2010/12/25 01:24:06 | 000,001,260 | ---- | M] ()
 CinemaNowSvc.ini -> C:\ProgramData\CinemaNowSvc.ini -> [2010/12/23 23:04:42 | 000,000,024 | ---- | M] ()
 Resmon.ResmonCfg -> C:\Users\Owner\AppData\Local\Resmon.ResmonCfg -> [2010/12/23 16:20:36 | 000,007,602 | ---- | M] ()
 To Do 12.16.2010.docx -> C:\Users\Owner\Desktop\To Do 12.16.2010.docx -> [2010/12/16 16:26:24 | 000,016,312 | ---- | M] ()
 ChatLog VT SWIM Meeitng  2010_12_16 11_10.rtf -> C:\Users\Owner\Documents\ChatLog VT SWIM Meeitng  2010_12_16 11_10.rtf -> [2010/12/16 11:10:05 | 000,000,373 | ---- | M] ()
 To Do List.docx -> C:\Users\Owner\Desktop\To Do List.docx -> [2010/12/15 13:36:50 | 000,015,238 | ---- | M] ()
 66 C:\Users\Owner\AppData\Local\Temp\*.tmp files -> C:\Users\Owner\AppData\Local\Temp\*.tmp -> 
 4 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> 
 
[Files - No Company Name]
 incavi.avm -> C:\Windows\SysNative\drivers\AVG\incavi.avm -> [2011/01/11 18:50:46 | 104,036,103 | ---- | C] ()
 ChatLog Fairfax County 2011_01_11 12_39.rtf -> C:\Users\Owner\Documents\ChatLog Fairfax County 2011_01_11 12_39.rtf -> [2011/01/11 12:39:24 | 000,000,710 | ---- | C] ()
 OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk -> [2011/01/10 18:23:06 | 000,001,294 | ---- | C] ()
 s&c return label.png -> C:\Users\Owner\Desktop\s&c return label.png -> [2011/01/10 16:22:04 | 000,029,237 | ---- | C] ()
 iavifw.avm -> C:\Windows\SysNative\drivers\AVG\iavifw.avm -> [2011/01/09 21:41:48 | 000,641,053 | ---- | C] ()
 AVG 2011.lnk -> C:\Users\Public\Desktop\AVG 2011.lnk -> [2011/01/09 16:42:20 | 000,000,955 | ---- | C] ()
 incavi.avm -> C:\Windows\SysWow64\drivers\AVG\incavi.avm -> [2011/01/09 16:42:06 | 000,000,000 | ---- | C] ()
 iavifw.avm -> C:\Windows\SysWow64\drivers\AVG\iavifw.avm -> [2011/01/09 16:42:06 | 000,000,000 | ---- | C] ()
 iavichjw.avm -> C:\Windows\SysWow64\drivers\AVG\iavichjw.avm -> [2011/01/09 16:42:06 | 000,000,000 | ---- | C] ()
 SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2010/12/27 10:18:38 | 000,001,963 | ---- | C] ()
 PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2010/12/25 10:54:55 | 000,749,728 | ---- | C] ()
 Spybot - Search & Destroy.lnk -> C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk -> [2010/12/25 01:24:06 | 000,001,284 | ---- | C] ()
 Spybot - Search & Destroy.lnk -> C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk -> [2010/12/25 01:24:06 | 000,001,260 | ---- | C] ()
 Resmon.ResmonCfg -> C:\Users\Owner\AppData\Local\Resmon.ResmonCfg -> [2010/12/23 16:20:36 | 000,007,602 | ---- | C] ()
 To Do 12.21.2010.docx -> C:\Users\Owner\Desktop\To Do 12.21.2010.docx -> [2010/12/21 08:40:43 | 000,018,986 | ---- | C] ()
 To Do 12.16.2010.docx -> C:\Users\Owner\Desktop\To Do 12.16.2010.docx -> [2010/12/16 11:24:01 | 000,016,312 | ---- | C] ()
 ChatLog VT SWIM Meeitng  2010_12_16 11_10.rtf -> C:\Users\Owner\Documents\ChatLog VT SWIM Meeitng  2010_12_16 11_10.rtf -> [2010/12/16 11:10:05 | 000,000,373 | ---- | C] ()
 ezsidmv.dat -> C:\ProgramData\ezsidmv.dat -> [2010/11/14 19:48:17 | 000,000,056 | -H-- | C] ()
 ATKPF.ini -> C:\Windows\ATKPF.ini -> [2010/11/10 13:49:09 | 000,000,024 | ---- | C] ()
 Smiley.ico -> C:\Users\Owner\AppData\Roaming\Smiley.ico -> [2010/10/10 00:19:30 | 000,076,407 | ---- | C] ()
 Cgiteqal.dat -> C:\Users\Owner\AppData\Local\Cgiteqal.dat -> [2010/08/17 21:52:21 | 000,000,120 | ---- | C] ()
 Hnisoxew.bin -> C:\Users\Owner\AppData\Local\Hnisoxew.bin -> [2010/08/17 21:52:21 | 000,000,000 | ---- | C] ()
 Adobe GIF Format CS5 Prefs -> C:\Users\Owner\AppData\Roaming\Adobe GIF Format CS5 Prefs -> [2010/08/13 08:13:52 | 000,000,132 | ---- | C] ()
 Adobe PNG Format CS5 Prefs -> C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs -> [2010/08/12 16:46:21 | 000,000,132 | ---- | C] ()
 PICSDK.ini -> C:\Windows\SysWow64\PICSDK.ini -> [2010/07/30 20:34:07 | 000,000,097 | ---- | C] ()
 ENX420.ini -> C:\Windows\ENX420.ini -> [2010/07/30 20:27:35 | 000,000,071 | ---- | C] ()
 winscp.rnd -> C:\Users\Owner\AppData\Roaming\winscp.rnd -> [2010/03/28 20:28:41 | 000,000,600 | ---- | C] ()
 wklnhst.dat -> C:\Users\Owner\AppData\Roaming\wklnhst.dat -> [2010/02/15 18:14:27 | 000,000,108 | ---- | C] ()
 ODBC.INI -> C:\Windows\ODBC.INI -> [2010/01/20 23:54:17 | 000,000,376 | ---- | C] ()
 CinemaNowSvc.ini -> C:\ProgramData\CinemaNowSvc.ini -> [2010/01/19 13:33:41 | 000,000,024 | ---- | C] ()
 primopdf.ini -> C:\Windows\primopdf.ini -> [2009/12/20 20:42:18 | 000,000,326 | ---- | C] ()
 LogonStart.dll -> C:\Windows\SysWow64\LogonStart.dll -> [2009/09/17 10:24:05 | 000,053,248 | ---- | C] ()
 {40BF1E83-20EB-11D8-97C5-0009C5020658}.log -> C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log -> [2009/09/17 10:03:04 | 000,000,105 | ---- | C] ()
 {C59C179C-668D-49A9-B6EA-0121CCFC1243}.log -> C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log -> [2009/09/17 10:02:46 | 000,000,107 | ---- | C] ()
 OOBEPlayer.ini -> C:\Windows\OOBEPlayer.ini -> [2009/08/19 03:33:09 | 000,000,031 | ---- | C] ()
 ABLKSR.ini -> C:\Windows\SysWow64\ABLKSR.ini -> [2009/07/29 00:20:40 | 000,000,010 | ---- | C] ()
 BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 18:42:10 | 000,064,000 | ---- | C] ()
 msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 16:03:59 | 000,364,544 | ---- | C] ()
 sqlite3.dll -> C:\Windows\SysWow64\sqlite3.dll -> [2008/12/01 20:32:32 | 000,362,029 | ---- | C] ()
 snp2uvc.ini -> C:\Windows\snp2uvc.ini -> [2006/05/18 22:39:57 | 000,015,497 | ---- | C] ()
 
[File - Lop Check]
 AVG10 -> C:\Users\Owner\AppData\Roaming\AVG10 -> [2011/01/09 16:44:10 | 000,000,000 | ---D | M]
 Azureus -> C:\Users\Owner\AppData\Roaming\Azureus -> [2011/01/06 20:28:20 | 000,000,000 | ---D | M]
 C5F77F1507117267D95EEAD6894CD1B8 -> C:\Users\Owner\AppData\Roaming\C5F77F1507117267D95EEAD6894CD1B8 -> [2010/08/18 10:35:18 | 000,000,000 | ---D | M]
 Echo Software -> C:\Users\Owner\AppData\Roaming\Echo Software -> [2010/11/11 16:42:02 | 000,000,000 | ---D | M]
 EndNote -> C:\Users\Owner\AppData\Roaming\EndNote -> [2010/11/17 14:07:12 | 000,000,000 | ---D | M]
 Epson -> C:\Users\Owner\AppData\Roaming\Epson -> [2010/09/08 15:23:10 | 000,000,000 | ---D | M]
 FileZilla -> C:\Users\Owner\AppData\Roaming\FileZilla -> [2011/01/10 20:04:13 | 000,000,000 | ---D | M]
 KompoZer -> C:\Users\Owner\AppData\Roaming\KompoZer -> [2010/12/23 22:53:11 | 000,000,000 | ---D | M]
 Leader Technologies -> C:\Users\Owner\AppData\Roaming\Leader Technologies -> [2010/07/30 20:49:09 | 000,000,000 | ---D | M]
 Leadertech -> C:\Users\Owner\AppData\Roaming\Leadertech -> [2010/07/30 20:44:51 | 000,000,000 | ---D | M]
 OpenCandy -> C:\Users\Owner\AppData\Roaming\OpenCandy -> [2010/12/23 22:53:15 | 000,000,000 | ---D | M]
 PrimoPDF -> C:\Users\Owner\AppData\Roaming\PrimoPDF -> [2011/01/10 11:11:09 | 000,000,000 | ---D | M]
 Raptr -> C:\Users\Owner\AppData\Roaming\Raptr -> [2011/01/09 21:48:58 | 000,000,000 | ---D | M]
 Template -> C:\Users\Owner\AppData\Roaming\Template -> [2010/02/15 18:14:27 | 000,000,000 | ---D | M]
 Uniblue -> C:\Users\Owner\AppData\Roaming\Uniblue -> [2010/10/13 19:51:04 | 000,000,000 | ---D | M]
 SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2009/07/14 00:08:49 | 000,022,182 | ---- | M] ()
 
[File - Purity Scan]
 
[Custom Scans]
< netsvcs >
< %SYSTEMDRIVE%\*.exe >
< MD5 Scans Start>
< %systemdrive%\AGP440.SYS  /md5 /s >
 AGP440.sys : MD5=608C14DBA7299D8CB6ED035A68A15799 -> C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys -> [2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation)
 AGP440.sys : MD5=608C14DBA7299D8CB6ED035A68A15799 -> C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys -> [2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation)
< %systemdrive%\ATAPI.SYS  /md5 /s >
 atapi.sys : MD5=02062C0B390B7729EDC9E69C680A6F3C -> C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys -> [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation)
 atapi.sys : MD5=02062C0B390B7729EDC9E69C680A6F3C -> C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys -> [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation)
< %systemdrive%\CNGAUDIT.DLL  /md5 /s >
 cngaudit.dll : MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -> C:\Windows\SysWOW64\cngaudit.dll -> [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation)
 cngaudit.dll : MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -> C:\Windows\SysWOW64\cngaudit.dll -> [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation)
 cngaudit.dll : MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -> C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll -> [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation)
 cngaudit.dll : MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -> C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll -> [2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation)
< %systemdrive%\IASTOR.SYS  /md5 /s >
 iaStor.sys : MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -> C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys -> [2009/06/04 05:54:35 | 000,408,600 | ---- | M] (Intel Corporation)
 iaStor.sys : MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -> C:\Windows\SysWow64\DriverStore\FileRepository\iastor.inf_amd64_neutral_c065a1006c648409\iaStor.sys -> [2009/06/04 05:54:35 | 000,408,600 | ---- | M] (Intel Corporation)
< %systemdrive%\IASTORV.SYS  /md5 /s >
 iaStorV.sys : MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -> C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys -> [2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation)
 iaStorV.sys : MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -> C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys -> [2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation)
< %systemdrive%\NETLOGON.DLL  /md5 /s >
 netlogon.dll : MD5=956D030D375F207B22FB111E06EF9C35 -> C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll -> [2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation)
 netlogon.dll : MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -> C:\Windows\SysWOW64\netlogon.dll -> [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation)
 netlogon.dll : MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -> C:\Windows\SysWOW64\netlogon.dll -> [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation)
 netlogon.dll : MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -> C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll -> [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation)
< %systemdrive%\NVSTOR.SYS  /md5 /s >
 nvstor.sys : MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -> C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys -> [2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation)
 nvstor.sys : MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -> C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys -> [2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation)
< %systemdrive%\SCECLI.DLL  /md5 /s >
 scecli.dll : MD5=26073302DAEA83CC5B944C546D6B47D2 -> C:\Windows\SysWOW64\scecli.dll -> [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation)
 scecli.dll : MD5=26073302DAEA83CC5B944C546D6B47D2 -> C:\Windows\SysWOW64\scecli.dll -> [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation)
 scecli.dll : MD5=26073302DAEA83CC5B944C546D6B47D2 -> C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll -> [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation)
 scecli.dll : MD5=398712DDDAEFB85EDF61DF6A07B65C79 -> C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll -> [2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
< %systemroot%\*. /mp /s >
 
CREATERESTOREPOINT
Restore point Set: OTS Restore Point
< %systemroot%\system32\*.dll /lockedfiles >
 dxtmsft.dll : Unable to obtain MD5  -> C:\Windows\SysWOW64\dxtmsft.dll -> [2009/07/13 20:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation)
 dxtrans.dll : Unable to obtain MD5  -> C:\Windows\SysWOW64\dxtrans.dll -> [2009/07/13 20:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation)
 wmp.dll : Unable to obtain MD5  -> C:\Windows\SysWOW64\wmp.dll -> [2010/08/31 23:29:28 | 011,406,848 | ---- | M] (Microsoft Corporation)
< %systemroot%\Tasks\*.job /lockedfiles >
 
[Alternate Data Streams]
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:90EE3BE1
< End of report >

What can I do to get rid of this thing?

Any help is so much appreciated,

Kristi

Attached Thumbnails

  • Symantec Screenshot.jpg
  • AVG Alerts.jpg
  • OTS settings screen shot.jpg

  • 0

Advertisements

#2
SweetTech
Posted 12 January 2011 - 01:25 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My name is SweetTech, it's a pleasure to meet you. ;)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :D
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system. Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

Running OTS Fix
Start OTS Copy/Paste the information inside the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> 
YN -> HKEY_USERS\S-1-5-19\: Main\\"Start Page" -> http://antivirus.vt.edu
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> 
YN -> HKEY_USERS\S-1-5-20\: Main\\"Start Page" -> http://antivirus.vt.edu
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\] > -> 
YN -> HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\: Main\\"Start Page" -> http://antivirus.vt.edu
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "Setwallpaper" -> c:\programdata\SetWallpaper.cmd [c:\programdata\SetWallpaper.cmd]
< RunOnce [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YN -> "" -> []
< RunOnce [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YN -> "" -> []
< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YN -> "" -> []
< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YN -> "" -> []
< Run [HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\] > -> HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Epson Stylus NX420(Network)" -> C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIGCA.EXE [C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\Windows\TEMP\E_SBF32.tmp" /EF "HKCU"]
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
YN -> \\"NoActiveDesktop" -> [1]
YN -> \\"NoActiveDesktopChanges" -> [1]
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
YN -> "" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
YN -> "" -> http://
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\] > -> HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7567 domain(s) found.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\] > -> HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
YN -> HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found.
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]
[Files/Folders - Modified Within 30 Days]
NY ->  66 C:\Users\Owner\AppData\Local\Temp\*.tmp files -> C:\Users\Owner\AppData\Local\Temp\*.tmp
NY ->  4 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp
[File - Lop Check]
NY ->  C5F77F1507117267D95EEAD6894CD1B8 -> C:\Users\Owner\AppData\Roaming\C5F77F1507117267D95EEAD6894CD1B8
[Purity]
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.



NEXT:



Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.



NEXT:



OTL Custom Scan
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Extra Registry select Use Safe List
  • Under Custom Scan paste this in


    netsvcs
    drivers32
    %Windir%\pchealth\helpctr\System|*.exe;false;true;true /FP
    %Windir%\pchealth\helpctr\System\DVDUpgrd\*.exe
    %Windir%\pchealth\helpctr\System\ErrMsg\*.exe
    %Windir%\pchealth\helpctr\System\errors\*.exe
    %Temp%\IXP000.TMP\*.exe
    %AppData%\*.dat
    %AppData%\Microsoft\Crypto\RSA\S-1-5-21-606747145-764733703-839522115-1003\*.*
    c:\RECYCLER\S-1-5-21-6789101336-0645104624-973937180-6312\*.*
    %UserProfile%\Microsoft\*.*
    %Windir%\Windows\*.*
    %System%\Update\*.exe
    %System%\Update\*.dat
    %System%\adobe*.exe
    %System%\NEV*.*
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %APPDATA%\Microsoft\ /s
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\*.exe /x
    %ProgramFiles%\Microsoft Common\*.*
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %USERPROFILE%\Cookies\*.txt /x
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\Computers\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.

  • 0

#3
kksteine
Posted 12 January 2011 - 03:26 PM

kksteine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
SweetTech,

Thank you so much for your quick response!

Results from OTS fix:

All Processes Killed
[Registry - Safe List]
Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Main not found.
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Main not found.
Registry key HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Main not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Setwallpaper deleted successfully.
File c:\programdata\SetWallpaper.cmd not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Epson Stylus NX420(Network) deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\\ deleted successfully.
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ not found.
Unable to create registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ .
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ not found.
Unable to create registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ .
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
[Files/Folders - Modified Within 30 Days]
C:\Users\Owner\AppData\Local\Temp\5676_818630_MVM_0.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\5676_818630_MVM_1.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\5676_818630_MVM_2.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\5676_818630_MVM_3.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\5676_818630_MVM_4.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\5676_818630_MVM_5.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\A8EB.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\AZU5015563762235452565.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\CVR5AAE.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH1251.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH1252.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH125B.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH1284.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH1296.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH12DA.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH1432.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH15.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH15A8.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH15B9.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH160E.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH1659.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH172.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH1921.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH1927.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH1943.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH1B48.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH1BE0.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH1C77.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH1CA3.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH1D5D.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH1D73.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH1D9D.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH1F27.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH20CC.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH2398.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH23EA.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH25A7.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH2986.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH2A16.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH2BB4.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH2C3.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH2C50.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH2C69.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH2C6C.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH2D7A.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH2E2D.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH2F5F.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH318F.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH319A.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH330B.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH349E.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH375F.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH37B0.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH38CD.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH38E9.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH3A66.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH3B00.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH3B9F.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH3D9B.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH3FFB.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH403E.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH404F.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH4224.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH422B.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH44.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH442E.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH45C4.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH468A.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH46E9.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH4715.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH48BF.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH48E4.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH49BC.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH4B7C.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH4BBE.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH4C42.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH4D48.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH4E1C.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH4FD.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH5068.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH5092.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH5289.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH52CB.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH52CC.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH531A.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH5371.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH53E1.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH53ED.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH548A.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH560.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH56D0.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH56EE.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH5765.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH5791.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH588.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH5882.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH5A11.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH5DB8.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH5DCD.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH5E17.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH5E24.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH6075.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH6246.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH6252.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH626C.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH62E8.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH6418.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH6453.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH649F.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH66C7.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH6718.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH68D5.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH6935.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH6A91.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH6C61.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH6D3B.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH6DA3.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH6DC9.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH6E95.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH6F04.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH6FB7.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH705C.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH721E.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH7299.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH72B2.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH7349.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH73CC.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH7463.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH7471.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH7792.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH781.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH781D.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH78FF.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH79A3.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH7AA2.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH7B14.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH7BCC.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH7BD1.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH7E2F.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH811.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH81A4.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH81D5.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH82E9.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH83E9.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH8613.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH8683.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH87C9.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH880C.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH8891.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH89B4.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH8A4F.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH8A9C.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH8ACA.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH8AEF.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH8BDD.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH8C28.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH8C36.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH8C7D.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH8C9E.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH8CCC.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH8EAC.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH8FA5.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH907A.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH92C9.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH9392.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH97BC.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH98E9.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH9958.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH99F8.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH9A53.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH9AB8.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH9ABE.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH9BC0.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH9C9F.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH9CDF.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH9D4C.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH9D89.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH9DCC.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH9EB1.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH9F52.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH9F6C.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWH9F77.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHA03C.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHA07C.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHA166.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHA207.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHA2F6.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHA32B.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHA635.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHA662.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHA789.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHA78F.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHA84A.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHA8A9.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHAA9.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHAB28.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHAE02.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHAF9.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHB0C4.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHB0EC.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHB186.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHB18C.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHB266.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHB28F.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHB2FA.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHB35A.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHB3B4.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHB426.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHB495.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHB535.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHB605.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHB69D.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHB6F4.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHB75B.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHB854.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHB883.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHBB1F.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHBBA0.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHBC8A.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHBD5E.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHBD93.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHBDBF.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHBE0A.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHBE17.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHBE3D.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHBE44.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHBE9B.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHBF11.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHBFCB.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHC2F5.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHC362.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHC3DB.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHC5B7.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHC6EC.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHC7EA.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHC7F5.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHC843.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHC885.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHCB17.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHCB5F.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHCC42.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHCD38.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHCFDC.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHD09.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHD0E4.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHD1AC.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHD1EE.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHD268.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHD385.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHD392.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHD412.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHD46F.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHD4A0.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHD542.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHD714.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHD78E.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHD7C3.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHD812.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHD9D8.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHDA2E.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHDA8B.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHDBC4.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHDBE9.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHDC1.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHDC7A.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHDCCD.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHDD7D.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHDD91.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHE027.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHE141.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHE1BE.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHE288.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHE5B4.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHE5E.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHE612.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHE627.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHE68B.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHE79F.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHE7AF.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHE7D0.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHE94F.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHE95A.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHE9FE.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHEA6D.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHEA93.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHECE0.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHEFCA.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHEFDB.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHF006.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHF11F.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHF19C.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHF19D.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHF212.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHF2D2.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHF422.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHF4F4.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHF61F.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHF68E.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHF698.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHF6C9.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHF707.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHF72F.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHF746.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHF7F4.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHF962.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHF9A.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHFA00.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHFA7D.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHFAB5.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHFC0B.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHFD98.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHFE49.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHFE50.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHFF45.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DWHFF85.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\e4j4BE7.tmp_dir6702\exe4jlib.jar deleted successfully.
C:\Users\Owner\AppData\Local\Temp\e4j4BE7.tmp_dir6702\i4jdel.exe deleted successfully.
C:\Users\Owner\AppData\Local\Temp\e4j4BE7.tmp_dir6702 folder deleted successfully.
C:\Users\Owner\AppData\Local\Temp\lil4125.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\lil4126.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\lil4136.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\lil4137.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\lil4148.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\lil4187.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\lil4188.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\lil4189.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\NDF14E7.tmp deleted successfully.
C:\Users\Owner\AppData\Local\Temp\TCDA95A.tmp folder deleted successfully.
C:\Users\Owner\AppData\Local\Temp\TCDCCBC.tmp folder deleted successfully.
C:\Users\Owner\AppData\Local\Temp\~DF4B08866798E6338F.TMP deleted successfully.
C:\Users\Owner\AppData\Local\Temp\~DF6A4A729EE3FB236C.TMP deleted successfully.
C:\Users\Owner\AppData\Local\Temp\~DFAA6AF18066F6D857.TMP deleted successfully.
C:\Windows\Temp\avg-d9701e0c-d248-4c37-8aa5-68426df60c25.tmp deleted successfully.
[File - Lop Check]
C:\Users\Owner\AppData\Roaming\C5F77F1507117267D95EEAD6894CD1B8 folder moved successfully.
[Purity]
Purity scan complete.
[Empty Temp Folders]


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 99671487 bytes
->Temporary Internet Files folder emptied: 24098141 bytes
->Java cache emptied: 7614724 bytes
->FireFox cache emptied: 87760464 bytes
->Flash cache emptied: 51931 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6763506 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 216.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTS Restore Point
< End of fix log >
OTS by OldTimer - Version 3.1.41.0 fix logfile created on 01122011_144854

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Results from GMER.log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-12 15:55:17
Windows 6.1.7600
Running: 66mqypom.exe


---- Files - GMER 1.0.15 ----

File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes

---- EOF - GMER 1.0.15 ----

Results from OTL.txt

OTL logfile created on: 1/12/2011 4:01:12 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.11 Gb Total Space | 372.68 Gb Free Space | 82.61% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Raptr\raptr.exe ()
PRC - C:\Program Files (x86)\Raptr\raptr_im.exe ()
PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mlauncher.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mcomm.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe ()
PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe (CinemaNow Inc.)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Modules (SafeList) ==========

MOD - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_dbc0250.dll ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (FastBootAgent) -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe (ASUSTeK Computer Inc.)
SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe ()
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (NETw1v64) Intel® -- C:\Windows\SysNative\drivers\NETw1v64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110111.002\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110111.002\ENG64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://antivirus.vt.edu
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/08/10 11:41:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/23 22:53:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2011/01/09 16:38:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/25 10:55:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/25 10:55:59 | 000,000,000 | ---D | M]

[2010/02/21 19:40:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/01/11 18:46:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u31q2sju.default\extensions
[2010/12/23 22:53:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u31q2sju.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/23 22:53:15 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u31q2sju.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/12/23 22:53:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u31q2sju.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/01/09 19:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/25 10:54:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/27 17:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
[2010/05/25 11:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found.
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CinemaNowMediaManagerApp] C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe (CinemaNow Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AdobeBridge] C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.)
O4 - HKCU..\Run: [DW6] C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [Epson Stylus NX420(Network)] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIGCA.EXE File not found
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [Raptr] C:\Program Files (x86)\Raptr\raptrstub.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/12 15:59:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/01/12 14:48:54 | 000,000,000 | ---D | C] -- C:\_OTS
[2011/01/11 19:11:32 | 000,642,560 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTS.exe
[2011/01/10 18:23:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\OneNote Notebooks
[2011/01/10 18:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011/01/09 18:15:59 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/01/09 16:44:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVG10
[2011/01/09 16:43:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/01/09 16:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/01/09 16:42:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/01/09 16:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/01/09 16:38:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/01/09 16:35:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/01/09 16:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/12/27 10:18:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
[2010/12/27 10:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/27 10:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/12/27 10:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2010/12/27 10:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/25 01:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2010/12/25 01:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/25 01:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/12/23 21:22:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Registry Backup
[2010/12/16 18:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

========== Files - Modified Within 30 Days ==========

[2011/01/12 15:59:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/01/12 15:59:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-165630816-1800415273-3807148623-1000UA.job
[2011/01/12 15:21:52 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/12 15:21:52 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/12 15:17:46 | 000,296,448 | ---- | M] () -- C:\Users\Owner\Desktop\66mqypom.exe
[2011/01/12 15:17:37 | 000,296,448 | ---- | M] () -- C:\Users\Owner\Desktop\sskkly7f.exe
[2011/01/12 14:52:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/12 14:52:24 | 3193,884,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/12 14:45:50 | 000,641,507 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2011/01/12 11:15:04 | 104,088,051 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/01/12 00:23:11 | 000,247,188 | ---- | M] () -- C:\Users\Owner\Desktop\OTS settings screen shot.jpg
[2011/01/12 00:19:22 | 000,206,438 | ---- | M] () -- C:\Users\Owner\Desktop\AVG Alerts.jpg
[2011/01/12 00:13:45 | 000,073,406 | ---- | M] () -- C:\Users\Owner\Desktop\Symantec Screenshot.jpg
[2011/01/11 21:59:04 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-165630816-1800415273-3807148623-1000Core.job
[2011/01/11 19:11:41 | 000,642,560 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTS.exe
[2011/01/11 12:39:24 | 000,000,710 | ---- | M] () -- C:\Users\Owner\Documents\ChatLog Fairfax County 2011_01_11 12_39.rtf
[2011/01/11 12:26:47 | 000,001,294 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/01/10 16:22:29 | 000,736,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/10 16:22:29 | 000,631,224 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/10 16:22:29 | 000,109,310 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/10 16:22:05 | 000,029,237 | ---- | M] () -- C:\Users\Owner\Desktop\s&c return label.png
[2011/01/09 16:42:20 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/01/09 16:42:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/01/09 16:42:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2011/01/09 16:42:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/01/05 12:01:55 | 000,018,986 | ---- | M] () -- C:\Users\Owner\Desktop\To Do 12.21.2010.docx
[2010/12/27 10:26:45 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/25 10:54:55 | 000,749,728 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/25 03:50:03 | 004,983,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/25 01:24:06 | 000,001,284 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/25 01:24:06 | 000,001,260 | ---- | M] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/12/23 23:04:42 | 000,000,024 | ---- | M] () -- C:\ProgramData\CinemaNowSvc.ini
[2010/12/23 16:20:36 | 000,007,602 | ---- | M] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2010/12/16 16:26:24 | 000,016,312 | ---- | M] () -- C:\Users\Owner\Desktop\To Do 12.16.2010.docx
[2010/12/16 11:10:05 | 000,000,373 | ---- | M] () -- C:\Users\Owner\Documents\ChatLog VT SWIM Meeitng 2010_12_16 11_10.rtf
[2010/12/15 13:36:50 | 000,015,238 | ---- | M] () -- C:\Users\Owner\Desktop\To Do List.docx

========== Files Created - No Company Name ==========

[2011/01/12 15:17:45 | 000,296,448 | ---- | C] () -- C:\Users\Owner\Desktop\66mqypom.exe
[2011/01/12 15:17:35 | 000,296,448 | ---- | C] () -- C:\Users\Owner\Desktop\sskkly7f.exe
[2011/01/12 14:45:50 | 000,641,507 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2011/01/12 11:15:04 | 104,088,051 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/01/12 00:23:10 | 000,247,188 | ---- | C] () -- C:\Users\Owner\Desktop\OTS settings screen shot.jpg
[2011/01/12 00:19:22 | 000,206,438 | ---- | C] () -- C:\Users\Owner\Desktop\AVG Alerts.jpg
[2011/01/12 00:13:44 | 000,073,406 | ---- | C] () -- C:\Users\Owner\Desktop\Symantec Screenshot.jpg
[2011/01/11 12:39:24 | 000,000,710 | ---- | C] () -- C:\Users\Owner\Documents\ChatLog Fairfax County 2011_01_11 12_39.rtf
[2011/01/10 18:23:06 | 000,001,294 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/01/10 16:22:04 | 000,029,237 | ---- | C] () -- C:\Users\Owner\Desktop\s&c return label.png
[2011/01/09 16:42:20 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/01/09 16:42:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/01/09 16:42:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2011/01/09 16:42:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2010/12/27 10:18:38 | 000,001,963 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/25 10:54:55 | 000,749,728 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/25 01:24:06 | 000,001,284 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/25 01:24:06 | 000,001,260 | ---- | C] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/12/23 16:20:36 | 000,007,602 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2010/12/21 08:40:43 | 000,018,986 | ---- | C] () -- C:\Users\Owner\Desktop\To Do 12.21.2010.docx
[2010/12/16 11:24:01 | 000,016,312 | ---- | C] () -- C:\Users\Owner\Desktop\To Do 12.16.2010.docx
[2010/12/16 11:10:05 | 000,000,373 | ---- | C] () -- C:\Users\Owner\Documents\ChatLog VT SWIM Meeitng 2010_12_16 11_10.rtf
[2010/11/14 19:48:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/10 13:49:09 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010/10/10 00:19:30 | 000,076,407 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Smiley.ico
[2010/08/17 21:52:21 | 000,000,120 | ---- | C] () -- C:\Users\Owner\AppData\Local\Cgiteqal.dat
[2010/08/17 21:52:21 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\Hnisoxew.bin
[2010/08/13 08:13:52 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/08/12 16:46:21 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/07/30 20:34:07 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/07/30 20:27:35 | 000,000,071 | ---- | C] () -- C:\Windows\ENX420.ini
[2010/03/28 20:28:41 | 000,000,600 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\winscp.rnd
[2010/02/15 18:14:27 | 000,000,108 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2010/01/20 23:54:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/19 13:33:41 | 000,000,024 | ---- | C] () -- C:\ProgramData\CinemaNowSvc.ini
[2009/12/20 20:42:18 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/09/17 10:24:05 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/09/17 10:03:04 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/09/17 10:02:46 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/08/19 03:33:09 | 000,000,031 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 00:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/12/01 20:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2006/05/18 22:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

========== LOP Check ==========

[2011/01/09 16:44:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG10
[2011/01/06 20:28:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Azureus
[2010/11/11 16:42:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Echo Software
[2010/11/17 14:07:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\EndNote
[2010/09/08 15:23:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Epson
[2011/01/10 20:04:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FileZilla
[2010/12/23 22:53:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\KompoZer
[2010/07/30 20:49:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leader Technologies
[2010/07/30 20:44:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2010/12/23 22:53:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenCandy
[2011/01/10 11:11:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PrimoPDF
[2011/01/12 15:11:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Raptr
[2010/02/15 18:14:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2010/10/13 19:51:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2009/07/14 00:08:49 | 000,023,186 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %Windir%\pchealth\helpctr\System|*.exe;false;true;true /FP >

< %Windir%\pchealth\helpctr\System\DVDUpgrd\*.exe >

< %Windir%\pchealth\helpctr\System\ErrMsg\*.exe >

< %Windir%\pchealth\helpctr\System\errors\*.exe >

< %Temp%\IXP000.TMP\*.exe >

< %AppData%\*.dat >
[2010/02/15 18:14:49 | 000,000,108 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat

< %AppData%\Microsoft\Crypto\RSA\S-1-5-21-606747145-764733703-839522115-1003\*.* >

< c:\RECYCLER\S-1-5-21-6789101336-0645104624-973937180-6312\*.* >

< %UserProfile%\Microsoft\*.* >

< %Windir%\Windows\*.* >

Invalid Environment Variable: System

Invalid Environment Variable: System

Invalid Environment Variable: System

Invalid Environment Variable: System

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/04/04 14:38:49 | 000,001,718 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %APPDATA%\Microsoft\ /s >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/01/10 21:58:30 | 000,000,221 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/01/12 15:17:46 | 000,296,448 | ---- | M] () -- C:\Users\Owner\Desktop\66mqypom.exe
[2011/01/12 15:59:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/01/11 19:11:41 | 000,642,560 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTS.exe
[2011/01/12 15:17:37 | 000,296,448 | ---- | M] () -- C:\Users\Owner\Desktop\sskkly7f.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2006/05/18 22:53:01 | 000,013,022 | ---- | M] () -- C:\Windows\snp2uvc.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2010/08/13 11:48:28 | 000,072,080 | ---- | M] () -- C:\Users\Owner\g2mdlhlpx.exe
[2010/09/27 09:20:40 | 000,103,784 | ---- | M] () -- C:\Users\Owner\GoToAssistDownloadHelper.exe

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe /x >
[2010/12/25 10:55:41 | 000,000,000 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\.autoreg
[2010/12/25 10:55:41 | 000,019,416 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
[2010/12/25 10:55:41 | 000,002,129 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\application.ini
[2010/12/25 10:55:41 | 000,004,137 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\blocklist.xml
[2010/12/25 10:55:41 | 000,000,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\browserconfig.properties
[2010/12/25 10:55:45 | 000,000,583 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\crashreporter-override.ini
[2010/12/25 10:55:45 | 000,003,803 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.ini
[2010/12/25 10:55:45 | 000,000,115 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\dependentlibs.list
[2010/12/25 10:55:45 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\freebl3.chk
[2010/12/25 10:55:45 | 000,249,856 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
[2010/02/21 19:39:51 | 000,051,796 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\install.log
[2010/12/25 10:55:45 | 001,017,304 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
[2010/12/25 10:55:41 | 000,031,393 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\LICENSE
[2010/12/25 10:55:46 | 000,719,832 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
[2010/12/25 10:55:46 | 000,719,832 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozcrt19.dll
[2010/12/25 10:55:46 | 000,203,736 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nspr4.dll
[2010/12/25 10:55:46 | 000,646,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nss3.dll
[2010/12/25 10:55:46 | 000,343,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
[2010/12/25 10:55:46 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.chk
[2010/12/25 10:55:46 | 000,098,304 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
[2010/12/25 10:55:46 | 000,089,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll
[2010/12/25 10:55:46 | 000,000,142 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\platform.ini
[2010/12/25 10:55:46 | 000,021,976 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plc4.dll
[2010/12/25 10:55:46 | 000,019,416 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plds4.dll
[2010/12/25 10:55:41 | 000,000,181 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\README.txt
[2010/12/25 10:55:47 | 000,016,246 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\removed-files
[2010/12/25 10:55:47 | 000,105,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\smime3.dll
[2010/12/25 10:55:47 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\softokn3.chk
[2010/12/25 10:55:47 | 000,155,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
[2010/12/25 10:55:47 | 000,492,504 | ---- | M] (sqlite.org) -- C:\Program Files (x86)\Mozilla Firefox\sqlite3.dll
[2010/12/25 10:55:47 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
[2010/12/25 10:55:47 | 000,000,006 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\update.locale
[2010/12/25 10:55:48 | 000,000,707 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\updater.ini
[2010/12/25 10:55:48 | 000,019,416 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
[2010/12/25 10:55:50 | 011,775,448 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xul.dll

< %ProgramFiles%\Microsoft Common\*.* >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/08 09:46:19 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/12/23 23:04:42 | 000,000,024 | ---- | M] () -- C:\ProgramData\CinemaNowSvc.ini
[2009/09/17 10:03:35 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/09/17 10:02:59 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %USERPROFILE%\Cookies\*.txt /x >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\Computers\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:90EE3BE1

< End of report >

Results from OTL Extras.txt
OTL Extras logfile created on: 1/12/2011 4:01:12 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.11 Gb Total Space | 372.68 Gb Free Space | 82.61% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1FDA65E4-7C46-49AA-9721-A734125D68F3}" = Symantec Endpoint Protection
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{48B0F24F-B828-4B1A-A22E-C65454B32A7A}" = Windows Live Family Safety
"{544974E3-D015-401C-900C-E5D137BC930E}" = AVG 2011
"{5DDF6B75-2369-4D52-9867-10EFD8878185}" = AVG 2011
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D42F84B6-3709-4A50-8502-6719D16AE6C8}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"Elantech" = ETDWare PS/2-x64 7.0.5.7_WHQL
"EPSON NX420 Series" = EPSON NX420 Series Printer Uninstall
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C79DC59-6099-323B-B27B-90B45542B270}" = Google Talk Plugin
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112596253}" = Galapago
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{865CD808-6D31-4269-9D36-693CFE75D26A}" = Express Gate
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A16656CE-4B17-4484-A13F-22B9500E5223}" = Fast Boot
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.0 MUI
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CDC08463-9303-4BF1-BF8C-E1A2ECEE3248}" = Adobe Creative Suite 5 Web Premium
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1F1A2AD-A1CE-4D9D-B510-31F280B45E0B}" = Microsoft Expression Encoder 3
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"conduitEngine" = Conduit Engine
"Encoder_3.0.1332.0" = Microsoft Expression Encoder 3
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.3.5.1
"InFlac" = InFlac 1.1.1
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"jZip" = jZip
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"LTCM Client" = LTCM Client
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Raptr" = Raptr
"RealPlayer 12.0" = RealPlayer
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"VLC media player" = VLC media player 1.1.4
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.2.7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457
"SEPVersion" = VT-SEPVersion checks for latest updates of Symantec Endpoint Protection
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/21/2010 4:17:10 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/21/2010 4:17:10 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13273735

Error - 7/21/2010 4:17:10 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13273735

Error - 7/21/2010 4:17:11 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/21/2010 4:17:11 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13274733

Error - 7/21/2010 4:17:11 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13274733

Error - 7/21/2010 4:17:12 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/21/2010 4:17:12 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13275732

Error - 7/21/2010 4:17:12 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13275732

Error - 7/21/2010 4:17:13 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ Media Center Events ]
Error - 8/2/2010 10:51:04 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 10:50:59 PM - Error connecting to the internet. 10:50:59 PM - Unable
to contact server..

Error - 8/3/2010 4:28:44 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 4:28:44 AM - Error connecting to the internet. 4:28:44 AM - Unable
to contact server..

Error - 8/3/2010 12:34:40 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 4:28:49 AM - Error connecting to the internet. 4:28:49 AM - Unable
to contact server..

Error - 10/3/2010 12:44:51 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 12:44:43 PM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

Error - 10/13/2010 1:08:48 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 1:08:48 PM - Error connecting to the internet. 1:08:48 PM - Unable
to contact server..

Error - 10/13/2010 1:09:39 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 1:09:35 PM - Error connecting to the internet. 1:09:35 PM - Unable
to contact server..

Error - 10/13/2010 2:11:06 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 2:11:05 PM - Error connecting to the internet. 2:11:05 PM - Unable
to contact server..

Error - 10/13/2010 2:11:54 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 2:11:53 PM - Error connecting to the internet. 2:11:53 PM - Unable
to contact server..

Error - 10/20/2010 1:02:13 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 1:02:13 AM - Error connecting to the internet. 1:02:13 AM - Unable
to contact server..

Error - 10/20/2010 1:02:50 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 1:02:45 AM - Error connecting to the internet. 1:02:45 AM - Unable
to contact server..

[ System Events ]
Error - 12/1/2010 1:45:38 PM | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = The name "OWNER-PC :20" could not be registered on the interface
with IP address 172.31.80.195. The computer with the IP address 198.82.162.243 did
not allow the name to be claimed by this computer.

Error - 12/1/2010 2:13:28 PM | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 172.31.115.52. The computer with the IP address 198.82.162.243 did
not allow the name to be claimed by this computer.

Error - 12/1/2010 2:13:31 PM | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = The name "OWNER-PC :20" could not be registered on the interface
with IP address 172.31.115.52. The computer with the IP address 198.82.162.243 did
not allow the name to be claimed by this computer.

Error - 12/1/2010 3:33:30 PM | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = The name "OWNER-PC :20" could not be registered on the interface
with IP address 172.31.115.52. The computer with the IP address 198.82.162.243 did
not allow the name to be claimed by this computer.

Error - 12/1/2010 9:23:24 PM | Computer Name = Owner-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.

Error - 12/1/2010 10:38:17 PM | Computer Name = Owner-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.

Error - 12/1/2010 10:40:14 PM | Computer Name = Owner-PC | Source = Ntfs | ID = 262281
Description = The default transaction resource manager on volume D: encountered
a non-retryable error and could not start. The data contains the error code.

Error - 12/2/2010 8:58:26 AM | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 172.31.119.50. The computer with the IP address 198.82.162.243 did
not allow the name to be claimed by this computer.

Error - 12/2/2010 8:58:29 AM | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = The name "OWNER-PC :20" could not be registered on the interface
with IP address 172.31.119.50. The computer with the IP address 198.82.162.243 did
not allow the name to be claimed by this computer.

Error - 12/2/2010 12:41:04 PM | Computer Name = Owner-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR8.


< End of report >

Thank you again for your help : )
  • 0

#4
SweetTech
Posted 12 January 2011 - 03:32 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

How are things running?

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
:OTL
O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found.
O4 - HKCU..\Run: [Epson Stylus NX420(Network)] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIGCA.EXE File not found
[2011/01/12 15:17:46 | 000,296,448 | ---- | M] () -- C:\Users\Owner\Desktop\66mqypom.exe
[2011/01/12 15:17:37 | 000,296,448 | ---- | M] () -- C:\Users\Owner\Desktop\sskkly7f.exe
[2011/01/12 15:17:45 | 000,296,448 | ---- | C] () -- C:\Users\Owner\Desktop\66mqypom.exe
[2011/01/12 15:17:35 | 000,296,448 | ---- | C] () -- C:\Users\Owner\Desktop\sskkly7f.exe
[2010/08/17 21:52:21 | 000,000,120 | ---- | C] () -- C:\Users\Owner\AppData\Local\Cgiteqal.dat
[2010/08/17 21:52:21 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\Hnisoxew.bin

:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Scanning with MalwareBytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#5
kksteine
Posted 12 January 2011 - 09:41 PM

kksteine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
SweetTech - here are the results from the four steps you suggested:

Results from the OTS fix

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Epson Stylus NX420(Network) deleted successfully.
C:\Users\Owner\Desktop\66mqypom.exe moved successfully.
C:\Users\Owner\Desktop\sskkly7f.exe moved successfully.
File C:\Users\Owner\Desktop\66mqypom.exe not found.
File C:\Users\Owner\Desktop\sskkly7f.exe not found.
C:\Users\Owner\AppData\Local\Cgiteqal.dat moved successfully.
C:\Users\Owner\AppData\Local\Hnisoxew.bin moved successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 687415 bytes
->Temporary Internet Files folder emptied: 197966 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35473488 bytes
->Flash cache emptied: 611 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 35.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.1 log created on 01122011_163759

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...



Results from malwarebytes

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5508

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/12/2011 5:15:24 PM
mbam-log-2011-01-12 (17-15-24).txt

Scan type: Quick scan
Objects scanned: 158333
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Results from ESET scan

C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe a variant of Win32/RegistryBooster application
C:\Users\Owner\AppData\Roaming\OpenCandy\OpenCandy_91E2156124F041F3BD368B2A6A684D5D\registrybooster(7).exe a variant of Win32/RegistryBooster application
C:\_OTS\MovedFiles\01122011_144854\C_Users\Owner\AppData\Roaming\C5F77F1507117267D95EEAD6894CD1B8\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application



Results from System Security Check

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 18
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.0 MUI
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````


Also, AVG and Symantec have both gone on another rampage of showing the quarantined infected temp files. It seems to take awhile after re-booting for the programs to start showing these infected files. It is never right away. If I try to close the boxes, however, they just re-open immediately with more infected temp files.

thanks again so much for your help

kksteine
  • 0

#6
SweetTech
Posted 13 January 2011 - 10:24 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello kksteine,

How are you doing on this fine day?

In this post, we will be addressing the items from your latest post to me.

Your MBAM log was clean. :D

The ESET Online Virus Scanner did find a few things:

C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe a variant of Win32/RegistryBooster application
C:\Users\Owner\AppData\Roaming\OpenCandy\OpenCandy_91E2156124F041F3BD368B2A6A684D5D\registrybooster(7).exe a variant of Win32/RegistryBooster application

This is being detected because this is a program related to boosting the register. These are not programs that I personally recommend using.

C:\_OTS\MovedFiles\01122011_144854\C_Users\Owner\AppData\Roaming\C5F77F1507117267D95EEAD6894CD1B8\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application

This is currently in quarantine, and we will deal with it once we clean-up our tools.

Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Microsoft: ‘Unprecedented Wave of Java Exploitation’
Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



What Anti-Virus program do you plan on using? Norton or AVG? It's not recommended to be running more than one Anti-Virus program.
  • 0

#7
kksteine
Posted 13 January 2011 - 06:46 PM

kksteine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Good evening SweetTech!

My day was pretty good, thank you. I hope yours was as well :-)

I successfully updated the adobe and java programs.

I plan to stay with the Symantec EndpointProtection. Should I delete AVG? I was actually just trying it out right now anyway. Also these other programs are on my computer:

SuperAntiSpyware
Spybot Search & Destroy
McAfee Security Scan Plus
malwarebytes
Uniblu registry booster

Which of these would be best to uninstall, or can i uninstall all of them?

Also, Raptr client keeps trying to update on my hard drive, but I'm not sure what it is or why I have it. I have been avoiding allowing it to update because I was afraid it was infected. Is it safe to uninstall, or is it something I need?

thanks

kksteine
  • 0

#8
SweetTech
Posted 13 January 2011 - 07:18 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello kksteine,

Yes, my day was good.

Glad to hear that the updates went good.

Lets remove AVG then.

After removing it download and run this tool:

AVG Removal Tool

Download and save AVG Removal Tool to your desktop

Run it to remove AVG. After this, please restart your computer.


NEXT:



If you don't use SuperAntiSpyware, Spybot Search & Destroy, McAfee Security Scan Plus, and UniBlue Registry Booster then I'd uninstall them.

I would keep MalwareBytes' Anti-Malware. It's an excellent program to use.


Rapt Client sems to be some sort of program to see what your friends are playing on their xBox, PS3, Stream, etc.

I've never heard of it before. But from what I'm able to find it doesn't seem to be a program that is necessary to have installed.
  • 0

#9
kksteine
Posted 13 January 2011 - 08:37 PM

kksteine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I think everything has been un-installed except for a couple of things:

Uniblue registry booster 'can not be found' to be un-installed.

Spybot components could not be removed and will need to be removed manually. I just don't know what components they were referring to.

kksteine
  • 0

#10
SweetTech
Posted 14 January 2011 - 11:25 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello kksteine,

How are you doing today?

I'd like to ask that you download a program called RevoUninstaller, and see if that will allow you to remove UniBlue Registry Booster as wel as Spybot.

RevoUninstaller
Download and install Revo Uninstaller
  • Double click the Revo Uninstaller icon on your desktop to start the program
  • Scroll through the listed programs and Right Click on the program you wish to uninstall
  • From the pop out menu choose Uninstall
  • Click Yes to the confirmation dialogue
  • In the next window select the Advanced mode
  • Click Next to start uninstalling the program
  • Answer Yes to confirm the uninstall
  • When the program has completed the four steps, click Next to allow the program to search for leftovers
  • Once complete, click Next, then Finish
  • Repeat the above steps for any other programs you wish to remove.



If it doesn't then I will attempt to remove it manually.

OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following bolded text into the Posted Image textbox.


    netsvcs
    drivers32
    %Windir%\pchealth\helpctr\System|*.exe;false;true;true /FP
    %Windir%\pchealth\helpctr\System\DVDUpgrd\*.exe
    %Windir%\pchealth\helpctr\System\ErrMsg\*.exe
    %Windir%\pchealth\helpctr\System\errors\*.exe
    %AppData%\*.manifest
    %FontsDir%\*.com /30
    %systemroot%\Config\*.*
    %Temp%\IXP000.TMP\*.exe
    %AppData%\*.dat
    %AppData%\Microsoft\Crypto\RSA\S-1-5-21-606747145-764733703-839522115-1003\*.*
    c:\RECYCLER\S-1-5-21-6789101336-0645104624-973937180-6312\*.*
    %UserProfile%\Microsoft\*.*
    %Windir%\Windows\*.*
    %System%\Update\*.exe
    %System%\Update\*.dat
    %System%\adobe*.exe
    %System%\NEV*.*
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %APPDATA%\Microsoft\ /s
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\*.bat
    %ProgramFiles%\Microsoft Common\*.*
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %USERPROFILE%\Cookies\*.txt /x
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\Computers\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.

  • 0

Advertisements

#11
kksteine
Posted 14 January 2011 - 02:55 PM

kksteine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Good afternoon SweetTech!

Uniblue could not be uninstalled because 'it does not exist' but it is still in my program list. The program you recommended deleted a lot of left over registry entries and files though. Spybot was not on the list of programs because it has been uninstalled; there was just a warning that there are left over files that would have to be manually deleted.

OTL Scan Results

OTL logfile created on: 1/14/2011 1:22:59 PM - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Owner\Desktop\Trojan Horse Removal Tools
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 47.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.11 Gb Total Space | 370.53 Gb Free Space | 82.14% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\Trojan Horse Removal Tools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mlauncher.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mcomm.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe ()
PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe (CinemaNow Inc.)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Modules (SafeList) ==========

MOD - C:\Users\Owner\Desktop\Trojan Horse Removal Tools\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_dbc0250.dll ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (FastBootAgent) -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe (ASUSTeK Computer Inc.)
SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe ()
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (NETw1v64) Intel® -- C:\Windows\SysNative\drivers\NETw1v64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110113.018\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110113.018\ENG64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://antivirus.vt.edu
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/23 22:53:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/25 10:55:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/01/13 19:32:20 | 000,000,000 | ---D | M]

[2010/02/21 19:40:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/01/13 19:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u31q2sju.default\extensions
[2011/01/13 08:32:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u31q2sju.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/01/13 19:32:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/25 10:54:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/01/13 19:32:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/13 19:31:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/05/25 11:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/01/12 16:38:09 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CinemaNowMediaManagerApp] C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe (CinemaNow Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AdobeBridge] C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe File not found
O4 - HKCU..\Run: [DW6] C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/14 13:16:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\VS Revo Group
[2011/01/14 13:16:00 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2011/01/14 13:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/01/14 13:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/01/14 13:11:43 | 007,783,072 | ---- | C] (VS Revo Group ) -- C:\Users\Owner\Desktop\RevoUninProSetup.exe
[2011/01/14 09:48:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/01/13 20:31:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/01/13 19:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/01/13 18:51:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2010 Taxes
[2011/01/13 16:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/01/13 16:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/01/13 16:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/01/13 16:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/01/13 16:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2011/01/12 22:42:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Trojan Horse Removal Tools
[2011/01/12 17:18:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/01/12 17:08:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2011/01/12 17:08:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/12 17:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/12 17:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/12 17:08:13 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/01/12 17:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/12 16:37:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/12 14:48:54 | 000,000,000 | ---D | C] -- C:\_OTS
[2011/01/10 18:23:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\OneNote Notebooks
[2011/01/10 18:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011/01/09 16:44:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVG10
[2011/01/09 16:43:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/01/09 16:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/01/09 16:35:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/01/09 16:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/12/27 10:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/25 01:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/25 01:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/12/23 21:22:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Registry Backup
[2010/12/16 18:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

========== Files - Modified Within 30 Days ==========

[2011/01/14 13:16:01 | 000,000,999 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/01/14 13:16:01 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/01/14 13:12:06 | 007,783,072 | ---- | M] (VS Revo Group ) -- C:\Users\Owner\Desktop\RevoUninProSetup.exe
[2011/01/14 12:59:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-165630816-1800415273-3807148623-1000UA.job
[2011/01/14 11:58:01 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/14 11:58:01 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/14 11:32:59 | 000,000,416 | ---- | M] () -- C:\Users\Owner\Documents\ChatLog Spencer 2011_01_14 11_32.rtf
[2011/01/14 10:06:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/14 10:06:21 | 3193,884,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/14 09:48:13 | 635,194,671 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/14 09:43:52 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/01/13 21:59:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-165630816-1800415273-3807148623-1000Core.job
[2011/01/13 16:38:17 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/01/13 16:35:46 | 000,001,936 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/01/13 16:35:45 | 000,001,938 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/01/13 08:44:35 | 000,000,162 | -H-- | M] () -- C:\Users\Owner\Desktop\~$ Do 12.16.2010.docx
[2011/01/12 16:38:09 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/01/11 12:26:47 | 000,001,294 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/01/10 16:22:29 | 000,736,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/10 16:22:29 | 000,631,224 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/10 16:22:29 | 000,109,310 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/05 12:01:55 | 000,018,986 | ---- | M] () -- C:\Users\Owner\Desktop\To Do 12.21.2010.docx
[2010/12/25 10:54:55 | 000,749,728 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/25 03:50:03 | 004,983,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/23 23:04:42 | 000,000,024 | ---- | M] () -- C:\ProgramData\CinemaNowSvc.ini
[2010/12/23 16:20:36 | 000,007,602 | ---- | M] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/16 16:26:24 | 000,016,312 | ---- | M] () -- C:\Users\Owner\Desktop\To Do 12.16.2010.docx
[2010/12/15 13:36:50 | 000,015,238 | ---- | M] () -- C:\Users\Owner\Desktop\To Do List.docx

========== Files Created - No Company Name ==========

[2011/01/14 13:16:01 | 000,000,999 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/01/14 13:16:01 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/01/14 11:32:59 | 000,000,416 | ---- | C] () -- C:\Users\Owner\Documents\ChatLog Spencer 2011_01_14 11_32.rtf
[2011/01/14 09:48:13 | 635,194,671 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/13 16:38:17 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/01/13 16:35:46 | 000,001,936 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/01/13 16:35:45 | 000,001,938 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/01/13 08:44:35 | 000,000,162 | -H-- | C] () -- C:\Users\Owner\Desktop\~$ Do 12.16.2010.docx
[2011/01/10 18:23:06 | 000,001,294 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2010/12/25 10:54:55 | 000,749,728 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/23 16:20:36 | 000,007,602 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2010/12/21 08:40:43 | 000,018,986 | ---- | C] () -- C:\Users\Owner\Desktop\To Do 12.21.2010.docx
[2010/12/16 11:24:01 | 000,016,312 | ---- | C] () -- C:\Users\Owner\Desktop\To Do 12.16.2010.docx
[2010/11/14 19:48:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/10 13:49:09 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010/10/10 00:19:30 | 000,076,407 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Smiley.ico
[2010/08/13 08:13:52 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/08/12 16:46:21 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/07/30 20:34:07 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/07/30 20:27:35 | 000,000,071 | ---- | C] () -- C:\Windows\ENX420.ini
[2010/03/28 20:28:41 | 000,000,600 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\winscp.rnd
[2010/02/15 18:14:27 | 000,000,108 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2010/01/20 23:54:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/19 13:33:41 | 000,000,024 | ---- | C] () -- C:\ProgramData\CinemaNowSvc.ini
[2009/12/20 20:42:18 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/09/17 10:24:05 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/09/17 10:03:04 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/09/17 10:02:46 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/08/19 03:33:09 | 000,000,031 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 00:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/12/01 20:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2006/05/18 22:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

========== LOP Check ==========

[2011/01/09 16:44:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG10
[2011/01/06 20:28:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Azureus
[2010/11/11 16:42:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Echo Software
[2010/11/17 14:07:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\EndNote
[2010/09/08 15:23:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Epson
[2011/01/10 20:04:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FileZilla
[2010/12/23 22:53:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\KompoZer
[2010/07/30 20:49:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leader Technologies
[2010/07/30 20:44:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2010/12/23 22:53:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenCandy
[2011/01/14 12:14:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PrimoPDF
[2011/01/13 21:09:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Raptr
[2010/02/15 18:14:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2010/10/13 19:51:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2009/07/14 00:08:49 | 000,025,188 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %Windir%\pchealth\helpctr\System|*.exe;false;true;true /FP >

< %Windir%\pchealth\helpctr\System\DVDUpgrd\*.exe >

< %Windir%\pchealth\helpctr\System\ErrMsg\*.exe >

< %Windir%\pchealth\helpctr\System\errors\*.exe >

< %AppData%\*.manifest >

Invalid Environment Variable: FontsDir

< %systemroot%\Config\*.* >

< %Temp%\IXP000.TMP\*.exe >

< %AppData%\*.dat >
[2010/02/15 18:14:49 | 000,000,108 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat

< %AppData%\Microsoft\Crypto\RSA\S-1-5-21-606747145-764733703-839522115-1003\*.* >

< c:\RECYCLER\S-1-5-21-6789101336-0645104624-973937180-6312\*.* >

< %UserProfile%\Microsoft\*.* >

< %Windir%\Windows\*.* >

Invalid Environment Variable: System

Invalid Environment Variable: System

Invalid Environment Variable: System

Invalid Environment Variable: System

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/04/04 14:38:49 | 000,001,718 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %APPDATA%\Microsoft\ /s >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/01/10 21:58:30 | 000,000,221 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/01/14 13:12:06 | 007,783,072 | ---- | M] (VS Revo Group ) -- C:\Users\Owner\Desktop\RevoUninProSetup.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2006/05/18 22:53:01 | 000,013,022 | ---- | M] () -- C:\Windows\snp2uvc.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2010/08/13 11:48:28 | 000,072,080 | ---- | M] () -- C:\Users\Owner\g2mdlhlpx.exe
[2010/09/27 09:20:40 | 000,103,784 | ---- | M] () -- C:\Users\Owner\GoToAssistDownloadHelper.exe

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.bat >

< %ProgramFiles%\Microsoft Common\*.* >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/08 09:46:19 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/12/23 23:04:42 | 000,000,024 | ---- | M] () -- C:\ProgramData\CinemaNowSvc.ini
[2009/09/17 10:03:35 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/09/17 10:02:59 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %USERPROFILE%\Cookies\*.txt /x >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\Computers\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:90EE3BE1

< End of report >

thanks,

kksteine
  • 0

#12
SweetTech
Posted 14 January 2011 - 03:06 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Good Afternoon kksteine,

I have created a script to remove over some leftover Spybot folders and a UniBlu Folder.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://antivirus.vt.edu
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found.
O4 - HKCU..\Run: [AdobeBridge] C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe File not found
[2010/12/25 01:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/25 01:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/10/13 19:51:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue

:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Are you experiencing any outstanding issues?
  • 0

#13
SweetTech
Posted 14 January 2011 - 03:06 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Good Afternoon kksteine,

I have created a script to remove over some leftover Spybot folders and a UniBlu Folder.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://antivirus.vt.edu
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found.
O4 - HKCU..\Run: [AdobeBridge] C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe File not found
[2010/12/25 01:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/25 01:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/10/13 19:51:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue

:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Are you experiencing any outstanding issues?
  • 0

#14
kksteine
Posted 14 January 2011 - 03:33 PM

kksteine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
SweetTech,

I do not think I have any outstanding issues. I have not had my computer running long enough to tell for sure if the trojan horse pop-up warnings have stopped, but I think everything may be good : )

b]Results from Fix[/b]

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy folder moved successfully.
C:\Users\Owner\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\Owner\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\Owner\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\Owner\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\Owner\AppData\Roaming\Uniblue folder moved successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\Trojan Horse Removal Tools\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\Trojan Horse Removal Tools\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 18578678 bytes
->Temporary Internet Files folder emptied: 2354853 bytes
->Java cache emptied: 95724 bytes
->FireFox cache emptied: 75465772 bytes
->Flash cache emptied: 3999 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9160 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 31169 bytes

Total Files Cleaned = 92.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.1 log created on 01142011_161922

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\EndNote\Templates.2868\EndNote Cwyw.dotm moved successfully.
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Owner\AppData\Local\Temp\~DF4BB56988E1F095C1.TMP not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFCAB201CEE7DD973A.TMP not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFCFD720A98634D875.TMP not found!
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{6C31B46C-62EA-4012-852F-50B4B11CA2D4}.tmp moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2B74F6BB-360B-499A-B247-BE1E812208B8}.tmp moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{571835EA-7CCC-4841-89AA-DC24C0DAE92F}.tmp moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5C252582-152C-40C7-8F96-79084ED146CA}.tmp moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5E16B37F-1788-416E-B336-4969B275FBCC}.tmp moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6547D6B8-2131-457A-9439-EEFB76CB1FB2}.tmp moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9D70BCD2-3B37-40D0-A7B7-11544A3F22B3}.tmp moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C1F0E5F4-0BE1-4445-9F54-6220ED46A019}.tmp moved successfully.
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C6D08383-32E1-4237-9E88-523F4FCA2DA2}.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\19BFED09.png not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\212C2728.png not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\51DA12F4.png not found!
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\738DB580.emf moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\793F9922.emf moved successfully.
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A1F41CFF.png not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A88F8903.png not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E5742E65.png not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\ED119F76.png not found!

Registry entries deleted on Reboot...


THANK YOU SO MUCH!

kksteine
  • 0

#15
SweetTech
Posted 14 January 2011 - 03:46 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello kksteine,

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Commands
[ClearAllRestorePoints]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP