Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Potential Trojan / google redirect issues


  • This topic is locked This topic is locked

#1
OldDetroit

OldDetroit

    New Member

  • Member
  • Pip
  • 7 posts
June 23rd edit: I'm changing a few things around to provide better info for the person who helps:

1st and foremost: I'm trying to ensure this computer is clean for an up-coming school usage in an important exam circumstance, and I'll also need to use it for banking and sensitive personal data management for a period of time...hence my paranoia.

I've run the following anti virus applications:

Current version of Norton 360--> full scans: no threats
Norton Power Eraser 2.0 (current version): no threats
Current version of Malwarebytes--> full scans: no threats
Current version of Adaware--> full scan: no threats
TDSSKIller 2.5.5.0--> No threats: one suspicious file-->C:\windows\system32\Drivers\sptd.sys Which I gather is connected to Daemon tools installed on my system, and not necessarily indicative of a problem?
Hitman Pro 3.5--> it detected one hit: OTL.exe which was installed for this forum.

Within the context of these results, I'm starting to think I may be getting worked up over very little cause. If someone could confirm this for me via an examination of the OTL results below, I would be most grateful

****

Hello, and thanks in advance for any assistance you are able to provide. This looks like a lot of work, and it's very good of you to volunteer to do this. I'm very concerned about this PC, for the sake of my personal information, as well as work/school related usages.

I'm running an ASUS laptop with an up to date version of windows vista; my browsing habits are low-risk and I haven't been downloading via peer to peer (or at all) for a year or more on this machine. When I first set it up 3-4 years ago, it was loaded with some questionably downloaded games and utilities. Some key generators were subsequently identified by virus scanners to contain trojans, though no active infections were detected. I use the (up to date) firefox for browsing.

I believe I may be infected with one or more viruses/infections, but I'm having difficulty rooting them out.


Recent Symptoms: June 23rd edits***

1) occasional slowdown --> ***I Must admit, I haven't de-fragged this thing in it's entire life span. The slow down is perhaps not unusual for the computer's age relative to what I'm using it for. It actually seems slower now that I've loaded it down with antivirals...

2) about a week and a half ago, I experienced a loss of print screen & copy paste functionality. The problem cleared up after about 5 minutes and has not returned. As I understand it, loss of copy/paste ability can be related to an scvhost infection?

3) ***I've since researched more into exactly what google re-direct is, and I don't seems to be experiencing re-directs. The pop-up situation below was situational to a questionable computer help forum and a questionable advertising site... ***

I have just started having what I believe to be google re-direct problems, though it has only happened twice. A number of shopping and magazine sites load up (ie mens health etc). It does not occur with all search results.
- this has been a problem since accessing a search through ask.com for macleans campus guide
Malawarebytes reported this block at the moment of access for one of the advertised links :
IP-BLOCK 74.205.26.220 (Type: outgoing, Port: 49859, Process: firefox.exe)





Anyways, here is my OTL log

******

OTL logfile created on: 6/20/2011 5:13:04 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\JD\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 43.82% Memory free
8.17 Gb Paging File | 5.85 Gb Available in Paging File | 71.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 37.39 Gb Free Space | 12.54% Space Free | Partition Type: NTFS

Computer Name: JD-PC | User Name: JD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/06/20 17:11:17 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\JD\Downloads\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/25 02:00:34 | 002,151,128 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/05/25 02:00:34 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/05/01 14:11:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/04/16 21:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccsvchst.exe
PRC - [2010/01/15 09:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/12 14:09:44 | 000,080,496 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2009/11/12 14:09:42 | 000,944,752 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Acer Display\eDisplay Management\dthtml.exe
PRC - [2009/10/30 08:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/07/15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/01 20:58:59 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2008/11/01 20:58:49 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2008/10/12 10:02:58 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/08/29 22:17:38 | 000,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2008/08/29 22:17:37 | 000,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe
PRC - [2008/07/03 10:37:24 | 000,812,952 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Registry Mechanic\RMTray.exe
PRC - [2008/06/17 22:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/06/16 05:52:29 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2008/06/10 04:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/05/29 22:43:38 | 002,580,480 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.bin
PRC - [2008/05/29 22:43:36 | 002,363,392 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.exe
PRC - [2008/04/10 12:12:40 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2008/02/01 14:29:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/01/23 15:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2007/12/11 16:13:22 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\WDC.exe
PRC - [2007/12/04 10:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\ATKOSD.exe
PRC - [2007/11/28 17:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files (x86)\ATK Hotkey\HControl.exe
PRC - [2007/11/28 15:26:00 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\Atouch64.exe
PRC - [2007/11/04 19:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\MsgTranAgt.exe
PRC - [2007/10/02 21:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\AsLdrSrv.exe
PRC - [2007/08/15 11:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\KBFiltr.exe
PRC - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007/02/09 13:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007/02/09 13:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2007/02/07 05:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
PRC - [2006/10/11 13:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2003/12/12 21:50:34 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe


========== Modules (SafeList) ==========

MOD - [2011/06/20 17:11:17 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\JD\Downloads\OTL.exe
MOD - [2011/04/28 21:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\asoehook.dll
MOD - [2011/02/18 14:26:18 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2011/02/18 14:26:18 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2010/08/31 12:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/18 14:36:03 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2008/10/30 14:07:20 | 003,580,712 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2008/03/18 01:26:56 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 23:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV:64bit: - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2011/06/17 20:58:14 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_e877e12.dll -- (Akamai)
SRV - [2011/06/02 22:41:55 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/25 02:00:34 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/16 21:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 09:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/12 14:09:44 | 000,080,496 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2009/08/24 09:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/07/15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/01 20:58:59 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2008/11/01 20:58:49 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/08/29 22:17:38 | 000,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/08/29 22:17:37 | 000,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2008/07/27 15:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/02 21:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007/02/07 05:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2006/06/21 22:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll -- (ASChannel)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/19 13:49:01 | 000,174,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/25 02:00:36 | 000,069,376 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/03/31 00:00:09 | 000,744,568 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\0501000.01D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/31 00:00:09 | 000,040,568 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 21:39:49 | 000,432,760 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011/03/14 23:31:23 | 000,912,504 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011/01/27 03:47:10 | 000,450,680 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2010/11/15 22:45:33 | 000,171,128 | R--- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/21 01:59:12 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/11/09 13:03:13 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/07/15 13:43:30 | 000,020,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\PdiPorts.sys -- (PdiPorts)
DRV:64bit: - [2009/01/27 19:32:21 | 000,090,632 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2009/01/13 09:48:18 | 001,187,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/10/06 14:53:26 | 000,018,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2008/08/29 22:17:36 | 000,114,696 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2008/08/15 23:15:41 | 000,310,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2008/08/15 23:15:40 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2008/08/15 12:07:53 | 000,032,392 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2008/07/11 14:16:50 | 000,015,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2008/06/08 20:23:00 | 000,055,328 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/06/03 18:41:50 | 000,017,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/05/29 10:21:00 | 000,016,440 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\lullaby.sys -- (lullaby)
DRV:64bit: - [2008/05/07 06:40:38 | 000,395,288 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/03/21 01:47:14 | 001,253,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/03/16 21:42:30 | 000,092,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/03/16 21:42:28 | 000,121,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/03/16 21:42:26 | 000,019,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/02/15 18:27:18 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/02/14 18:56:14 | 000,160,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/28 23:46:58 | 000,036,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/01/20 23:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 23:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 23:46:55 | 000,024,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2007/12/18 17:57:12 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2007/11/16 02:09:50 | 000,317,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/10/15 04:40:50 | 000,284,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\etFilter64.sys -- (FiltUSBET)
DRV:64bit: - [2007/09/06 15:52:52 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\etScan64.sys -- (ScanUSBET)
DRV:64bit: - [2007/09/06 05:44:40 | 000,530,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\etDevice64.sys -- (DCamUSBET)
DRV:64bit: - [2007/08/03 01:26:48 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV:64bit: - [2007/07/27 19:45:52 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 20:33:54 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 11:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2007/06/16 21:28:16 | 000,217,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV:64bit: - [2007/02/16 11:12:36 | 000,012,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/02/15 16:11:26 | 000,012,976 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WacomVKHid.sys -- (WacomVKHid)
DRV:64bit: - [2006/10/27 10:01:08 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006/09/18 18:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2011/06/19 13:48:26 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110620.004\EX64.SYS -- (NAVEX15)
DRV - [2011/06/19 13:48:26 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/06/19 13:48:26 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/06/19 13:48:26 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110620.004\ENG64.SYS -- (NAVENG)
DRV - [2011/06/16 01:56:18 | 001,143,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110616.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/06/07 19:40:19 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2011/06/02 22:08:18 | 000,488,056 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110615.001\IDSviA64.sys -- (IDSVia64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A 95 E5 EE 15 2E CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..keyword.URL: "http://toolbar.ask.c...7&gct=&gc=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/06/19 13:57:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011/06/19 13:48:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/01 14:11:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/24 17:20:53 | 000,000,000 | ---D | M]

[2008/08/15 15:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JD\AppData\Roaming\Mozilla\Extensions
[2011/03/26 22:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\ugc5sto1.default\extensions
[2010/12/20 15:39:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\ugc5sto1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/20 09:14:42 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\ugc5sto1.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/11/21 00:07:43 | 000,000,681 | ---- | M] () -- C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\ugc5sto1.default\searchplugins\ask.xml
[2011/03/24 17:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/18 21:38:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2011/06/19 13:48:30 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN
[2011/06/19 13:57:34 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
() (No name found) -- C:\USERS\JD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UGC5STO1.DEFAULT\EXTENSIONS\[email protected]
[2011/05/01 14:11:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 05:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/05/02 10:51:38 | 000,305,853 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10531 more lines...
O2:64bit: - BHO: (ASUS Security Protect Manager) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn64.dll (Bioscrypt Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files (x86)\Registry Mechanic\RMTray.exe (PC Tools)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (APSHook64.dll) - C:\Windows\SysNative\APSHook64.dll ()
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/18 14:13:05 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{a9b695cb-6b14-11dd-8a81-0015aff82bc3}\Shell - "" = AutoRun
O33 - MountPoints2\{a9b695cb-6b14-11dd-8a81-0015aff82bc3}\Shell\AutoRun\command - "" = E:\FalloutLauncher.exe
O33 - MountPoints2\{d1d421ba-317d-11e0-b9ca-0015aff82bc3}\Shell\AutoRun\command - "" = G:\wubi.exe --cdmenu
O33 - MountPoints2\{d38f6212-6b4a-11dd-9adb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d38f6212-6b4a-11dd-9adb-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.bat
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/19 13:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/06/19 13:48:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D
[2011/06/19 12:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/06/19 12:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/06/19 12:57:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2011/06/19 12:57:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/06/19 12:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2011/06/19 12:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/06/19 12:55:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/06/19 12:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/06/17 21:11:23 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\Running man
[2011/06/17 21:10:36 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\Kung.Fu.Panda
[2011/06/11 21:27:20 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\The Terminator
[2011/06/09 23:36:16 | 000,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2011/06/07 19:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/06/07 19:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/06/07 19:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/05/21 20:56:06 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\Conan
[2011/05/21 20:54:37 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\Ghost in the Darkness
[2011/05/21 20:54:14 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\A simple plan
[2011/05/21 20:53:28 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\Clock work O
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/20 16:58:04 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/20 16:58:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/20 16:31:06 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/20 16:31:06 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/20 16:31:06 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/20 16:25:22 | 000,152,098 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/06/20 16:25:04 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/06/20 16:24:50 | 000,152,098 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/06/20 16:24:38 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/20 16:24:38 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/20 16:24:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/20 00:22:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/19 22:24:51 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5E7F5AB7-8589-46E9-9A51-74559BBDE979}.job
[2011/06/19 16:04:56 | 000,006,656 | ---- | M] () -- C:\Users\JD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/19 14:54:40 | 000,002,856 | ---- | M] () -- C:\{5E030D1E-446B-4507-87F0-6B5B9F5597A2}
[2011/06/19 13:56:54 | 000,002,206 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/06/19 13:56:08 | 002,734,792 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/06/19 13:49:01 | 000,174,200 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/06/19 13:49:01 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/06/19 13:49:01 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/06/18 15:19:56 | 002,193,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/17 18:59:40 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/17 17:47:56 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/06/17 17:47:56 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/06/07 19:40:19 | 000,049,752 | ---- | M] () -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/06/07 19:40:15 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011/06/07 19:31:58 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/28 03:26:33 | 000,243,712 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2011/05/28 03:24:36 | 000,096,768 | ---- | M] () -- C:\Windows\SysNative\mshtmled.dll
[2011/05/28 03:24:33 | 000,710,656 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2011/05/28 03:24:04 | 000,056,832 | ---- | M] () -- C:\Windows\SysNative\licmgr10.dll
[2011/05/28 03:23:47 | 001,538,560 | ---- | M] () -- C:\Windows\SysNative\inetcpl.cpl
[2011/05/28 03:23:30 | 000,219,136 | ---- | M] () -- C:\Windows\SysNative\ieui.dll
[2011/05/28 03:23:30 | 000,132,096 | ---- | M] () -- C:\Windows\SysNative\iesysprep.dll
[2011/05/28 03:23:29 | 000,077,312 | ---- | M] () -- C:\Windows\SysNative\iesetup.dll
[2011/05/28 03:23:29 | 000,072,192 | ---- | M] () -- C:\Windows\SysNative\iernonce.dll
[2011/05/28 03:23:28 | 000,252,416 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2011/05/28 02:33:37 | 000,479,232 | ---- | M] () -- C:\Windows\SysNative\html.iec
[2011/05/28 01:53:37 | 000,162,816 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe
[2011/05/28 01:53:19 | 000,070,656 | ---- | M] () -- C:\Windows\SysNative\ie4uinit.exe
[2011/05/28 01:52:45 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\msfeedssync.exe
[2011/05/25 02:00:36 | 000,069,376 | ---- | M] () -- C:\Windows\SysNative\drivers\Lbd.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/19 14:54:32 | 000,002,856 | ---- | C] () -- C:\{5E030D1E-446B-4507-87F0-6B5B9F5597A2}
[2011/06/19 13:55:27 | 002,734,792 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/06/19 13:48:54 | 000,912,504 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys
[2011/06/19 13:48:54 | 000,744,568 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys
[2011/06/19 13:48:54 | 000,450,680 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys
[2011/06/19 13:48:54 | 000,432,760 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symtdiv.sys
[2011/06/19 13:48:54 | 000,382,584 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys
[2011/06/19 13:48:54 | 000,171,128 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys
[2011/06/19 13:48:54 | 000,040,568 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys
[2011/06/19 13:48:54 | 000,007,877 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnetv64.cat
[2011/06/19 13:48:54 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.cat
[2011/06/19 13:48:54 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.cat
[2011/06/19 13:48:54 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.cat
[2011/06/19 13:48:54 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet64.cat
[2011/06/19 13:48:54 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.cat
[2011/06/19 13:48:54 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa.inf
[2011/06/19 13:48:54 | 000,002,792 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds.inf
[2011/06/19 13:48:54 | 000,001,474 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnetv.inf
[2011/06/19 13:48:54 | 000,001,446 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet.inf
[2011/06/19 13:48:54 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.inf
[2011/06/19 13:48:54 | 000,001,422 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.inf
[2011/06/19 13:48:54 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.inf
[2011/06/19 13:48:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.cat
[2011/06/19 13:48:30 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini
[2011/06/19 12:58:28 | 000,034,152 | ---- | C] () -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/06/19 12:58:17 | 000,174,200 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/06/19 12:58:17 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/06/19 12:58:17 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/06/19 12:58:10 | 000,002,206 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/06/17 22:58:10 | 009,272,320 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2011/06/17 22:58:08 | 012,477,440 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2011/06/17 22:58:03 | 001,488,384 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2011/06/17 22:58:03 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2011/06/17 22:58:02 | 002,339,840 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2011/06/17 22:58:01 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2011/06/17 22:57:59 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2011/06/17 22:57:57 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2011/06/17 22:57:57 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2011/06/17 22:57:56 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2011/06/17 22:57:56 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2011/06/17 22:57:56 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2011/06/17 22:57:56 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2011/06/17 22:57:56 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2011/06/17 22:57:56 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2011/06/17 22:57:56 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2011/06/17 22:57:55 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2011/06/17 22:57:55 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2011/06/17 22:57:55 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2011/06/17 22:57:54 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2011/06/17 22:57:54 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2011/06/17 22:57:53 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2011/06/17 22:57:52 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2011/06/17 22:57:51 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2011/06/17 22:57:42 | 000,847,872 | ---- | C] () -- C:\Windows\SysNative\oleaut32.dll
[2011/06/17 22:57:24 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2011/06/17 22:57:23 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2011/06/17 22:57:03 | 000,407,552 | ---- | C] () -- C:\Windows\SysNative\drivers\afd.sys
[2011/06/17 22:56:42 | 002,760,704 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011/06/17 22:56:29 | 000,274,432 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2011/06/17 22:56:28 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2011/06/17 22:56:28 | 000,105,984 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2011/06/17 22:56:22 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\drivers\dfsc.sys
[2011/06/17 22:56:18 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2011/06/17 17:47:56 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/06/17 17:47:56 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/06/07 22:59:12 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/06/07 19:40:19 | 000,049,752 | ---- | C] () -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/06/07 19:31:58 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/06/07 19:31:49 | 000,069,376 | ---- | C] () -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/06/17 17:02:03 | 000,012,306 | ---- | C] () -- C:\Windows\scunin.dat
[2009/07/25 11:02:48 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/07/16 10:45:52 | 000,163,169 | ---- | C] () -- C:\Windows\hpoins28.dat
[2009/07/16 10:45:52 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2009/03/02 22:04:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/02/24 14:30:38 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2009/02/24 14:29:13 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/02/24 14:21:54 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/02/21 21:09:35 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/12/25 16:28:17 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2008/11/01 20:58:54 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2008/11/01 20:58:49 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2008/11/01 20:58:49 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2008/10/28 17:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/08/16 01:25:23 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/08/15 23:11:38 | 000,049,152 | ---- | C] () -- C:\Windows\revdevdll.dll
[2008/08/15 23:01:59 | 000,152,098 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/08/15 23:01:52 | 000,152,098 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/08/15 21:36:36 | 000,000,732 | ---- | C] () -- C:\Users\JD\AppData\Local\d3d9caps64.dat
[2008/08/15 18:40:18 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pxhpinst.exe
[2008/08/15 18:40:04 | 000,000,155 | ---- | C] () -- C:\Windows\winamp.ini
[2008/08/15 14:39:19 | 000,006,656 | ---- | C] () -- C:\Users\JD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/15 11:50:19 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008/08/15 11:50:19 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 23:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 23:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/01/10 08:44:26 | 001,457,024 | R--- | C] () -- C:\Windows\SysWow64\SSCProt.dll
[2006/11/02 12:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 09:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 09:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 09:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 06:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/04/03 11:30:00 | 000,110,592 | R--- | C] () -- C:\Windows\SysWow64\scardsyn.dll
[1999/01/22 15:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL
[1998/05/06 16:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\ODMA32.dll

========== LOP Check ==========

[2011/02/18 14:49:20 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Autodesk
[2011/06/09 06:55:54 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Azureus
[2011/05/26 00:47:56 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Canon
[2008/09/10 10:31:29 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\CoffeeCup Software
[2008/08/15 18:52:29 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\DAEMON Tools
[2009/11/27 08:40:06 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\DAEMON Tools Lite
[2008/12/25 16:31:21 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\DisplayTune
[2009/06/06 08:14:17 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\e-on software
[2010/06/07 15:07:32 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Mount&Blade Warband
[2009/02/24 14:21:32 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\ScanSoft
[2008/11/01 21:54:01 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\SystemRequirementsLab
[2011/06/20 00:22:24 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/19 22:24:51 | 000,000,412 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5E7F5AB7-8589-46E9-9A51-74559BBDE979}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Thanks again for your help. I appreciate any assistance you can provide.

Edited by OldDetroit, 23 June 2011 - 02:22 PM.

  • 0

Advertisements


#2
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hi :yes:
:) . My name is Michael and I am here to help you fix your computer. :unsure:
If you have already received help elsewhere please inform me so that this topic can be closed.
If you haven't, please keep reading:
Note: Before we start the process you should:
  • POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
  • Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
  • Each time I instruct you to download a file to use it, please do it even if I have told you before to download it again. This is because these tools are frequently updated to detect newer infections.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.


Sorry for the late reply and thanks for waiting.

Do you still need help? If yes, please post a new OTL log and tell me the symptoms your computer currently has
  • 0

#3
OldDetroit

OldDetroit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello, and thank you in advance.

I'm presently without access to the machine in question until probably tomorrow. Does the OTL log I posted in the topic above seem to present any issues?

In thinking objectivly about the issues I've been facing as numbered 1-3 in my initial post, the only one that still troubles me is number 2:

About 3 weeks ago, I experienced a loss of print screen & copy paste functionality. The problem cleared up after about 5 minutes and has not returned. As I understand it, loss of copy/paste ability can be related to an scvhost infection?

That said, it was a temporary issue, and I haven't been having any of the blatant signs of infection listed by other users on this site. I guess my main reason for posting is the understanding that losing copy/paste can occur as a side-effect of someone running malicious code on your system. I've run the following scanners as listed above:

Current version of Norton 360--> full scans: no threats
Norton Power Eraser 2.0 (current version): no threats
Current version of Malwarebytes--> full scans: no threats
Current version of Adaware--> full scan: no threats
TDSSKIller 2.5.5.0--> No threats: one suspicious file-->C:\windows\system32\Drivers\sptd.sys Which I gather is connected to Daemon tools installed on my system, and not necessarily indicative of a problem?
Hitman Pro 3.5--> it detected one hit: OTL.exe which was installed for this forum


I will post a new otl log when I get back to my place tomorrow.

Thanks again

Edited by OldDetroit, 28 June 2011 - 05:06 AM.

  • 0

#4
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello
Actually I can see some things that need to be fixed, not a big deal but they're still issues.
However, there's a thing that concerns me a little, but we'll investigate it after you post the fresh OTL log here :)
  • 0

#5
OldDetroit

OldDetroit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Concerns as in intrusion concerns? I can get the log sooner, It'll be on here in about 40 mins.

Thanks
  • 0

#6
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts

Concerns as in intrusion concerns?

No. Most of the drivers on this computer don't have a company name and some times this indicates a file infector infection, but that's just a possibility, so there's no need to worry yet :)
As for the log, we're not in a hurry, when you find time you can post it
  • 0

#7
OldDetroit

OldDetroit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok, so you don't think there is a likelihood of keylogging/ screen capping? Sorry in advance, I'm a bit high strung about identity theft/my financials.

OTL quick scan log:

OTL logfile created on: 6/28/2011 10:24:24 AM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\JD\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 42.18% Memory free
8.18 Gb Paging File | 5.70 Gb Available in Paging File | 69.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 30.58 Gb Free Space | 10.26% Space Free | Partition Type: NTFS

Computer Name: JD-PC | User Name: JD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/06/21 18:11:27 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/20 17:11:17 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\JD\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/25 02:00:34 | 002,151,128 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/05/25 02:00:34 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/04/16 21:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccsvchst.exe
PRC - [2010/01/15 09:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/12 14:09:44 | 000,080,496 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2009/11/12 14:09:42 | 000,944,752 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Acer Display\eDisplay Management\dthtml.exe
PRC - [2009/10/30 08:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/07/15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/27 07:36:30 | 001,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgtray.exe
PRC - [2008/11/01 20:58:59 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2008/11/01 20:58:49 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2008/10/12 10:02:58 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/08/29 22:17:38 | 000,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2008/08/29 22:17:37 | 000,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe
PRC - [2008/07/03 10:37:24 | 000,812,952 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Registry Mechanic\RMTray.exe
PRC - [2008/06/17 22:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/06/16 05:52:29 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2008/05/29 22:43:38 | 002,580,480 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.bin
PRC - [2008/05/29 22:43:36 | 002,363,392 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.exe
PRC - [2008/04/10 12:12:40 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2008/02/01 14:29:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/01/23 15:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2007/12/11 16:13:22 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\WDC.exe
PRC - [2007/12/04 10:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\ATKOSD.exe
PRC - [2007/11/28 17:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files (x86)\ATK Hotkey\HControl.exe
PRC - [2007/11/28 15:26:00 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\Atouch64.exe
PRC - [2007/11/04 19:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\MsgTranAgt.exe
PRC - [2007/10/02 21:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\AsLdrSrv.exe
PRC - [2007/08/15 11:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\KBFiltr.exe
PRC - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007/02/09 13:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007/02/09 13:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2007/02/07 05:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
PRC - [2006/10/11 13:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2003/12/12 21:50:34 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe


========== Modules (SafeList) ==========

MOD - [2011/06/20 17:11:17 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\JD\Desktop\OTL.exe
MOD - [2011/04/28 21:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\asoehook.dll
MOD - [2011/02/18 14:26:18 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2011/02/18 14:26:18 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2010/08/31 12:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/18 14:36:03 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2008/10/30 14:07:20 | 003,580,712 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2008/03/18 01:26:56 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 23:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV:64bit: - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2011/06/17 20:58:14 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_e877e12.dll -- (Akamai)
SRV - [2011/06/02 22:41:55 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/25 02:00:34 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/16 21:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 09:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/12 14:09:44 | 000,080,496 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2009/07/15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/01 20:58:59 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2008/11/01 20:58:49 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/08/29 22:17:38 | 000,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/08/29 22:17:37 | 000,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2008/07/27 15:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/02 21:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007/02/07 05:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2006/06/21 22:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll -- (ASChannel)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/19 13:49:01 | 000,174,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/25 02:00:36 | 000,069,376 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/03/31 00:00:09 | 000,744,568 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\0501000.01D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/31 00:00:09 | 000,040,568 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 21:39:49 | 000,432,760 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011/03/14 23:31:23 | 000,912,504 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011/01/27 03:47:10 | 000,450,680 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2010/11/15 22:45:33 | 000,171,128 | R--- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/21 01:59:12 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/11/09 13:03:13 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/07/15 13:43:30 | 000,020,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\PdiPorts.sys -- (PdiPorts)
DRV:64bit: - [2009/01/27 19:32:21 | 000,090,632 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2009/01/13 09:48:18 | 001,187,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/10/06 14:53:26 | 000,018,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2008/08/29 22:17:36 | 000,114,696 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2008/08/15 23:15:41 | 000,310,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2008/08/15 23:15:40 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2008/08/15 12:07:53 | 000,032,392 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2008/07/11 14:16:50 | 000,015,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2008/06/08 20:23:00 | 000,055,328 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/06/03 18:41:50 | 000,017,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/05/29 10:21:00 | 000,016,440 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\lullaby.sys -- (lullaby)
DRV:64bit: - [2008/05/07 06:40:38 | 000,395,288 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/03/21 01:47:14 | 001,253,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/03/16 21:42:30 | 000,092,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/03/16 21:42:28 | 000,121,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/03/16 21:42:26 | 000,019,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/02/15 18:27:18 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/02/14 18:56:14 | 000,160,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/28 23:46:58 | 000,036,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/01/20 23:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 23:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 23:46:55 | 000,024,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2007/12/18 17:57:12 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2007/11/16 02:09:50 | 000,317,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/10/15 04:40:50 | 000,284,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\etFilter64.sys -- (FiltUSBET)
DRV:64bit: - [2007/09/06 15:52:52 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\etScan64.sys -- (ScanUSBET)
DRV:64bit: - [2007/09/06 05:44:40 | 000,530,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\etDevice64.sys -- (DCamUSBET)
DRV:64bit: - [2007/08/03 01:26:48 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV:64bit: - [2007/07/27 19:45:52 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 20:33:54 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 11:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2007/06/16 21:28:16 | 000,217,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV:64bit: - [2007/02/16 11:12:36 | 000,012,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/02/15 16:11:26 | 000,012,976 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WacomVKHid.sys -- (WacomVKHid)
DRV:64bit: - [2006/10/27 10:01:08 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006/09/18 18:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2011/06/19 13:48:26 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110625.002\EX64.SYS -- (NAVEX15)
DRV - [2011/06/19 13:48:26 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/06/19 13:48:26 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/06/19 13:48:26 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110625.002\ENG64.SYS -- (NAVENG)
DRV - [2011/06/16 01:56:18 | 001,143,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110616.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/06/07 19:40:19 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2011/06/02 22:08:18 | 000,488,056 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110624.050\IDSviA64.sys -- (IDSVia64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A 95 E5 EE 15 2E CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..keyword.URL: "http://toolbar.ask.c...7&gct=&gc=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/06/22 16:19:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011/06/19 13:48:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/21 18:11:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/24 21:39:38 | 000,000,000 | ---D | M]

[2008/08/15 15:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JD\AppData\Roaming\Mozilla\Extensions
[2011/03/26 22:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\ugc5sto1.default\extensions
[2010/12/20 15:39:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\ugc5sto1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/20 09:14:42 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\ugc5sto1.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/11/21 00:07:43 | 000,000,681 | ---- | M] () -- C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\ugc5sto1.default\searchplugins\ask.xml
[2011/06/24 21:39:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/18 21:38:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/06/24 21:39:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/19 13:48:30 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN
[2011/06/22 16:19:50 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
() (No name found) -- C:\USERS\JD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UGC5STO1.DEFAULT\EXTENSIONS\[email protected]
[2011/06/21 18:11:27 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/06/24 21:39:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 05:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/05/02 10:51:38 | 000,305,853 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10531 more lines...
O2:64bit: - BHO: (ASUS Security Protect Manager) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn64.dll (Bioscrypt Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files (x86)\Registry Mechanic\RMTray.exe (PC Tools)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (APSHook64.dll) - C:\Windows\SysNative\APSHook64.dll ()
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/18 14:13:05 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{a9b695cb-6b14-11dd-8a81-0015aff82bc3}\Shell - "" = AutoRun
O33 - MountPoints2\{a9b695cb-6b14-11dd-8a81-0015aff82bc3}\Shell\AutoRun\command - "" = E:\FalloutLauncher.exe
O33 - MountPoints2\{d1d421ba-317d-11e0-b9ca-0015aff82bc3}\Shell\AutoRun\command - "" = G:\wubi.exe --cdmenu
O33 - MountPoints2\{d38f6212-6b4a-11dd-9adb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d38f6212-6b4a-11dd-9adb-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.bat
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/28 10:23:54 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\JD\Desktop\OTL.exe
[2011/06/25 20:41:46 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\Green.Lantern.2011.TS.FIXED.XVID.AC3.HQ.Hive-CM8
[2011/06/25 20:40:48 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\Super 8 2011 TS XViD v2 - IMAGiNE
[2011/06/24 21:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/06/23 16:53:30 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\TDSSKiller
[2011/06/22 21:10:10 | 002,558,968 | ---- | C] (Symantec Corporation) -- C:\Users\JD\Desktop\NPE.exe
[2011/06/22 18:14:20 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\NPE
[2011/06/21 07:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/06/21 07:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/06/21 07:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/06/19 13:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/06/19 13:48:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D
[2011/06/19 12:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/06/19 12:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/06/19 12:57:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2011/06/19 12:57:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/06/19 12:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2011/06/19 12:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/06/19 12:55:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/06/19 12:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/06/17 21:11:23 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\Limitless.2011.720p.RC.BDRip.XviD.LiNE.AC3-FLAWL3SS
[2011/06/17 21:10:36 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\Kung.Fu.Panda.2.2011.TS.V2.XViD-EP1C
[2011/06/11 21:27:20 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\The Lincoln Lawyer 2011 720p BRRiP LiNE XViD - IMAGiNE
[2011/06/09 23:36:16 | 000,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2011/06/07 19:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/06/07 19:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/06/07 19:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/28 10:23:49 | 000,152,098 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/06/28 10:21:25 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/28 10:21:25 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/28 10:21:25 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/28 10:19:31 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5E7F5AB7-8589-46E9-9A51-74559BBDE979}.job
[2011/06/28 10:19:29 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/06/28 10:19:29 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/06/28 10:15:16 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/28 10:15:13 | 000,152,098 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/06/28 10:15:12 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/06/28 10:14:51 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/28 10:14:51 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/28 10:14:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/25 22:40:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/25 20:58:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/25 20:47:18 | 000,009,216 | ---- | M] () -- C:\Users\JD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/22 18:12:08 | 002,558,968 | ---- | M] (Symantec Corporation) -- C:\Users\JD\Desktop\NPE.exe
[2011/06/21 07:23:40 | 000,001,186 | ---- | M] () -- C:\Users\JD\Desktop\hitmanprolog.xml
[2011/06/21 07:09:37 | 000,023,112 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/06/21 07:07:10 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/06/20 17:11:17 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\JD\Desktop\OTL.exe
[2011/06/19 14:54:40 | 000,002,856 | ---- | M] () -- C:\{5E030D1E-446B-4507-87F0-6B5B9F5597A2}
[2011/06/19 13:56:54 | 000,002,206 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/06/19 13:56:08 | 002,734,792 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/06/19 13:49:01 | 000,174,200 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/06/19 13:49:01 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/06/19 13:49:01 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/06/18 15:19:56 | 002,193,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/17 18:59:40 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/07 19:40:19 | 000,049,752 | ---- | M] () -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/06/07 19:40:15 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011/06/07 19:31:58 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/21 07:23:40 | 000,001,186 | ---- | C] () -- C:\Users\JD\Desktop\hitmanprolog.xml
[2011/06/21 07:09:37 | 000,023,112 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/06/21 07:07:10 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/06/19 14:54:32 | 000,002,856 | ---- | C] () -- C:\{5E030D1E-446B-4507-87F0-6B5B9F5597A2}
[2011/06/19 13:55:27 | 002,734,792 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/06/19 13:48:54 | 000,912,504 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys
[2011/06/19 13:48:54 | 000,744,568 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys
[2011/06/19 13:48:54 | 000,450,680 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys
[2011/06/19 13:48:54 | 000,432,760 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symtdiv.sys
[2011/06/19 13:48:54 | 000,382,584 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys
[2011/06/19 13:48:54 | 000,171,128 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys
[2011/06/19 13:48:54 | 000,040,568 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys
[2011/06/19 13:48:54 | 000,007,877 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnetv64.cat
[2011/06/19 13:48:54 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.cat
[2011/06/19 13:48:54 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.cat
[2011/06/19 13:48:54 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.cat
[2011/06/19 13:48:54 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet64.cat
[2011/06/19 13:48:54 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.cat
[2011/06/19 13:48:54 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa.inf
[2011/06/19 13:48:54 | 000,002,792 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds.inf
[2011/06/19 13:48:54 | 000,001,474 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnetv.inf
[2011/06/19 13:48:54 | 000,001,446 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet.inf
[2011/06/19 13:48:54 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.inf
[2011/06/19 13:48:54 | 000,001,422 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.inf
[2011/06/19 13:48:54 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.inf
[2011/06/19 13:48:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.cat
[2011/06/19 13:48:30 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini
[2011/06/19 12:58:28 | 000,034,152 | ---- | C] () -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/06/19 12:58:17 | 000,174,200 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/06/19 12:58:17 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/06/19 12:58:17 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/06/19 12:58:10 | 000,002,206 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/06/17 22:58:10 | 009,272,320 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2011/06/17 22:58:08 | 012,477,440 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2011/06/17 22:58:03 | 001,488,384 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2011/06/17 22:58:03 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2011/06/17 22:58:02 | 002,339,840 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2011/06/17 22:58:01 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2011/06/17 22:57:59 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2011/06/17 22:57:57 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2011/06/17 22:57:57 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2011/06/17 22:57:56 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2011/06/17 22:57:56 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2011/06/17 22:57:56 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2011/06/17 22:57:56 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2011/06/17 22:57:56 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2011/06/17 22:57:56 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2011/06/17 22:57:56 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2011/06/17 22:57:55 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2011/06/17 22:57:55 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2011/06/17 22:57:55 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2011/06/17 22:57:54 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2011/06/17 22:57:54 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2011/06/17 22:57:53 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2011/06/17 22:57:52 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2011/06/17 22:57:51 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2011/06/17 22:57:42 | 000,847,872 | ---- | C] () -- C:\Windows\SysNative\oleaut32.dll
[2011/06/17 22:57:24 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2011/06/17 22:57:23 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2011/06/17 22:57:03 | 000,407,552 | ---- | C] () -- C:\Windows\SysNative\drivers\afd.sys
[2011/06/17 22:56:42 | 002,760,704 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011/06/17 22:56:29 | 000,274,432 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2011/06/17 22:56:28 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2011/06/17 22:56:28 | 000,105,984 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2011/06/17 22:56:22 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\drivers\dfsc.sys
[2011/06/17 22:56:18 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2011/06/17 17:47:56 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/06/17 17:47:56 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/06/07 22:59:12 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/06/07 19:40:19 | 000,049,752 | ---- | C] () -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/06/07 19:31:58 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/06/07 19:31:49 | 000,069,376 | ---- | C] () -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/06/17 17:02:03 | 000,012,306 | ---- | C] () -- C:\Windows\scunin.dat
[2009/07/25 11:02:48 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/07/16 10:45:52 | 000,163,169 | ---- | C] () -- C:\Windows\hpoins28.dat
[2009/07/16 10:45:52 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2009/03/02 22:04:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/02/24 14:30:38 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2009/02/24 14:29:13 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/02/24 14:21:54 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/02/21 21:09:35 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/12/25 16:28:17 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2008/11/01 20:58:54 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2008/11/01 20:58:49 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2008/11/01 20:58:49 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2008/10/28 17:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/08/16 01:25:23 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/08/15 23:11:38 | 000,049,152 | ---- | C] () -- C:\Windows\revdevdll.dll
[2008/08/15 23:01:59 | 000,152,098 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/08/15 23:01:52 | 000,152,098 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/08/15 21:36:36 | 000,000,732 | ---- | C] () -- C:\Users\JD\AppData\Local\d3d9caps64.dat
[2008/08/15 18:40:18 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pxhpinst.exe
[2008/08/15 18:40:04 | 000,000,155 | ---- | C] () -- C:\Windows\winamp.ini
[2008/08/15 14:39:19 | 000,009,216 | ---- | C] () -- C:\Users\JD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/15 11:50:19 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008/08/15 11:50:19 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 23:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 23:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/01/10 08:44:26 | 001,457,024 | R--- | C] () -- C:\Windows\SysWow64\SSCProt.dll
[2006/11/02 12:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 09:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 09:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 09:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 06:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/04/03 11:30:00 | 000,110,592 | R--- | C] () -- C:\Windows\SysWow64\scardsyn.dll
[1999/01/22 15:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL
[1998/05/06 16:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\ODMA32.dll

========== LOP Check ==========

[2011/02/18 14:49:20 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Autodesk
[2011/06/09 06:55:54 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Azureus
[2011/05/26 00:47:56 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Canon
[2008/09/10 10:31:29 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\CoffeeCup Software
[2008/08/15 18:52:29 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\DAEMON Tools
[2009/11/27 08:40:06 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\DAEMON Tools Lite
[2008/12/25 16:31:21 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\DisplayTune
[2009/06/06 08:14:17 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\e-on software
[2010/06/07 15:07:32 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Mount&Blade Warband
[2009/02/24 14:21:32 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\ScanSoft
[2008/11/01 21:54:01 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\SystemRequirementsLab
[2011/06/25 22:40:49 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/28 10:19:31 | 000,000,412 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5E7F5AB7-8589-46E9-9A51-74559BBDE979}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#8
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

You have many security programs, that use a lot of system resources without providing extra protection, and may cause conflicts. Please uninstall:

Norton 360
Askbar
Registry Mechanic
Hitman Pro
Ad-Aware




Next:

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.



Next:

Please delete the OTL.exe file you got, as it's outdated.
Then download OTL to your Desktop
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
    PRC - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
    SRV - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
    SRV - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe -- (ASKService)
    FF - prefs.js..browser.search.defaultenginename: "Ask"
    FF - prefs.js..browser.search.order.1: "Ask"
    [2009/11/20 09:14:42 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\ugc5sto1.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    [2009/11/21 00:07:43 | 000,000,681 | ---- | M] () -- C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\ugc5sto1.default\searchplugins\ask.xml
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
    O33 - MountPoints2\{a9b695cb-6b14-11dd-8a81-0015aff82bc3}\Shell - "" = AutoRun
    O33 - MountPoints2\{a9b695cb-6b14-11dd-8a81-0015aff82bc3}\Shell\AutoRun\command - "" = E:\FalloutLauncher.exe
    O33 - MountPoints2\{d1d421ba-317d-11e0-b9ca-0015aff82bc3}\Shell\AutoRun\command - "" = G:\wubi.exe --cdmenu
    O33 - MountPoints2\{d38f6212-6b4a-11dd-9adb-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{d38f6212-6b4a-11dd-9adb-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.bat
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    C:\{5E030D1E-446B-4507-87F0-6B5B9F5597A2}\*.* /s
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Under the Extra Registry at the bottom, select Use SafeList
  • Click the Run Scan button. Post the two logs OTL.txt and Extras.txt it produces in your next reply.




Next:



Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**




Next:

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#9
OldDetroit

OldDetroit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
The rest I understand, but is it necessary to get rid of Norton? It's taking me some time to find and eliminate the ask tool bar, as well.

Thanks for your patience.
  • 0

#10
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
You have two "main" antivirus programs, AVG and Norton. Norton is a paid antivirus and in my opinion it's not a good one. Actually, I'd advise you at the end to uninstall both and install one of these free antivirus:


However, it's your choice which one you'd like to have on your computer. Just keep only one, because having more than one isn't good :)
  • 0

#11
OldDetroit

OldDetroit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I've got some work to day, so what I've done so far:

Uninstalls as recommended tho Norton and AVG are still on here, and ask is disabled but still on here (as I havn't figured out how to uninstall it.)

I ran the flash drive disinfector, and then followed your OTL instructions (including downloading the new version):

I will run combo and GMER when I have time later on.

Thanks again for your help

Otl txt
OTL logfile created on: 6/28/2011 11:43:19 AM - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\JD\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 52.35% Memory free
8.17 Gb Paging File | 6.07 Gb Available in Paging File | 74.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 29.72 Gb Free Space | 9.97% Space Free | Partition Type: NTFS

Computer Name: JD-PC | User Name: JD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/06/28 11:23:01 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\JD\Desktop\OTL(2).exe
PRC - [2011/06/21 18:11:27 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/16 21:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccsvchst.exe
PRC - [2010/01/15 09:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/12 14:09:44 | 000,080,496 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2009/11/12 14:09:42 | 000,944,752 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Acer Display\eDisplay Management\dthtml.exe
PRC - [2009/10/30 08:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/07/15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/27 07:36:30 | 001,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgtray.exe
PRC - [2008/11/01 20:58:59 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2008/11/01 20:58:49 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2008/10/12 10:02:58 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/08/29 22:17:38 | 000,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2008/08/29 22:17:37 | 000,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe
PRC - [2008/06/17 22:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/06/16 05:52:29 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2008/05/29 22:43:38 | 002,580,480 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.bin
PRC - [2008/05/29 22:43:36 | 002,363,392 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.exe
PRC - [2008/04/10 12:12:40 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2008/02/01 14:29:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/01/23 15:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2007/12/11 16:13:22 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\WDC.exe
PRC - [2007/12/04 10:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\ATKOSD.exe
PRC - [2007/11/28 17:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files (x86)\ATK Hotkey\HControl.exe
PRC - [2007/11/28 15:26:00 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\Atouch64.exe
PRC - [2007/11/04 19:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\MsgTranAgt.exe
PRC - [2007/10/02 21:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\AsLdrSrv.exe
PRC - [2007/08/15 11:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\KBFiltr.exe
PRC - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007/02/09 13:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007/02/09 13:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2007/02/07 05:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
PRC - [2006/10/11 13:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2003/12/12 21:50:34 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe


========== Modules (SafeList) ==========

MOD - [2011/06/28 11:23:01 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\JD\Desktop\OTL(2).exe
MOD - [2011/04/28 21:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\asoehook.dll
MOD - [2011/02/18 14:26:18 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2011/02/18 14:26:18 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2010/08/31 12:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/18 14:36:03 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2008/10/30 14:07:20 | 003,580,712 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2008/03/18 01:26:56 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 23:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV:64bit: - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2011/06/17 20:58:14 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_e877e12.dll -- (Akamai)
SRV - [2011/06/02 22:41:55 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/16 21:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 09:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/12 14:09:44 | 000,080,496 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2009/07/15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/01 20:58:59 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2008/11/01 20:58:49 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/08/29 22:17:38 | 000,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/08/29 22:17:37 | 000,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2008/07/27 15:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/02 21:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007/02/07 05:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2006/06/21 22:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll -- (ASChannel)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/19 13:49:01 | 000,174,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/31 00:00:09 | 000,744,568 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\0501000.01D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/31 00:00:09 | 000,040,568 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 21:39:49 | 000,432,760 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011/03/14 23:31:23 | 000,912,504 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011/01/27 03:47:10 | 000,450,680 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2010/11/15 22:45:33 | 000,171,128 | R--- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/21 01:59:12 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/11/09 13:03:13 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/07/15 13:43:30 | 000,020,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\PdiPorts.sys -- (PdiPorts)
DRV:64bit: - [2009/01/27 19:32:21 | 000,090,632 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2009/01/13 09:48:18 | 001,187,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/10/06 14:53:26 | 000,018,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2008/08/29 22:17:36 | 000,114,696 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2008/08/15 23:15:41 | 000,310,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2008/08/15 23:15:40 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2008/08/15 12:07:53 | 000,032,392 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2008/07/11 14:16:50 | 000,015,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2008/06/08 20:23:00 | 000,055,328 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/06/03 18:41:50 | 000,017,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/05/29 10:21:00 | 000,016,440 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\lullaby.sys -- (lullaby)
DRV:64bit: - [2008/05/07 06:40:38 | 000,395,288 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/03/21 01:47:14 | 001,253,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/03/16 21:42:30 | 000,092,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/03/16 21:42:28 | 000,121,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/03/16 21:42:26 | 000,019,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/02/15 18:27:18 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/02/14 18:56:14 | 000,160,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/28 23:46:58 | 000,036,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/01/20 23:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 23:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 23:46:55 | 000,024,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2007/12/18 17:57:12 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2007/11/16 02:09:50 | 000,317,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/10/15 04:40:50 | 000,284,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\etFilter64.sys -- (FiltUSBET)
DRV:64bit: - [2007/09/06 15:52:52 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\etScan64.sys -- (ScanUSBET)
DRV:64bit: - [2007/09/06 05:44:40 | 000,530,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\etDevice64.sys -- (DCamUSBET)
DRV:64bit: - [2007/08/03 01:26:48 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV:64bit: - [2007/07/27 19:45:52 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 20:33:54 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 11:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2007/06/16 21:28:16 | 000,217,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV:64bit: - [2007/02/16 11:12:36 | 000,012,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/02/15 16:11:26 | 000,012,976 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WacomVKHid.sys -- (WacomVKHid)
DRV:64bit: - [2006/10/27 10:01:08 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006/09/18 18:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2011/06/19 13:48:26 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110627.038\EX64.SYS -- (NAVEX15)
DRV - [2011/06/19 13:48:26 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/06/19 13:48:26 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/06/19 13:48:26 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110627.038\ENG64.SYS -- (NAVENG)
DRV - [2011/06/16 01:56:18 | 001,143,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110616.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/06/02 22:08:18 | 000,488,056 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110625.050\IDSviA64.sys -- (IDSVia64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 4F 5A 62 9E 35 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..keyword.URL: "http://toolbar.ask.c...7&gct=&gc=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/06/22 16:19:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011/06/19 13:48:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/21 18:11:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/24 21:39:38 | 000,000,000 | ---D | M]

[2008/08/15 15:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JD\AppData\Roaming\Mozilla\Extensions
[2011/06/28 11:36:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\ugc5sto1.default\extensions
[2010/12/20 15:39:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\ugc5sto1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/24 21:39:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/18 21:38:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/06/24 21:39:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/19 13:48:30 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN
[2011/06/22 16:19:50 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
() (No name found) -- C:\USERS\JD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UGC5STO1.DEFAULT\EXTENSIONS\[email protected]
[2011/06/21 18:11:27 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/06/24 21:39:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 05:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/28 11:36:55 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (ASUS Security Protect Manager) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn64.dll (Bioscrypt Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (APSHook64.dll) - C:\Windows\SysNative\APSHook64.dll ()
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/18 14:13:05 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2011/06/28 11:29:30 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/28 11:36:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/28 11:29:30 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2011/06/28 11:23:25 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\JD\Desktop\OTL(2).exe
[2011/06/25 20:41:46 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\Green.Lantern.2011.TS.FIXED.XVID.AC3.HQ.Hive-CM8
[2011/06/25 20:40:48 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\Super 8 2011 TS XViD v2 - IMAGiNE
[2011/06/24 21:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/06/24 21:39:38 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/06/24 21:39:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/06/24 21:39:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/06/24 21:39:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/06/23 16:53:30 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\TDSSKiller
[2011/06/22 21:10:10 | 002,558,968 | ---- | C] (Symantec Corporation) -- C:\Users\JD\Desktop\NPE.exe
[2011/06/22 18:14:20 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\NPE
[2011/06/21 07:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/06/21 07:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/06/19 13:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/06/19 13:48:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D
[2011/06/19 12:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/06/19 12:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/06/19 12:57:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2011/06/19 12:57:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/06/19 12:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2011/06/19 12:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/06/19 12:55:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/06/19 12:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/06/17 22:57:59 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/06/17 22:57:55 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/06/17 22:57:54 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/06/17 22:57:54 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/06/17 22:57:54 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/06/17 22:57:54 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/06/17 22:57:54 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/06/17 22:57:54 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/06/17 22:57:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/06/17 22:57:54 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/06/17 22:57:53 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/06/17 22:57:53 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/06/17 22:57:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/06/17 22:57:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/06/17 21:11:23 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\Limitless.2011.720p.RC.BDRip.XviD.LiNE.AC3-FLAWL3SS
[2011/06/17 21:10:36 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\Kung.Fu.Panda.2.2011.TS.V2.XViD-EP1C
[2011/06/11 21:27:20 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\The Lincoln Lawyer 2011 720p BRRiP LiNE XViD - IMAGiNE
[2011/06/09 23:36:16 | 000,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2011/06/07 19:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

========== Files - Modified Within 30 Days ==========

[2011/06/28 11:46:06 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/28 11:46:06 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/28 11:46:06 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/28 11:40:22 | 000,152,098 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/06/28 11:39:57 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/28 11:39:55 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/06/28 11:39:50 | 000,152,098 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/06/28 11:39:35 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/28 11:39:35 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/28 11:39:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/28 11:38:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/28 11:28:27 | 000,132,597 | ---- | M] () -- C:\Users\JD\Desktop\Flash_Disinfector.exe
[2011/06/28 11:23:01 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\JD\Desktop\OTL(2).exe
[2011/06/28 10:58:02 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/28 10:19:31 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5E7F5AB7-8589-46E9-9A51-74559BBDE979}.job
[2011/06/28 10:19:29 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/06/28 10:19:29 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/06/25 20:47:18 | 000,009,216 | ---- | M] () -- C:\Users\JD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/24 21:39:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/06/24 21:39:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/06/24 21:39:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/06/24 21:39:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/06/22 18:12:08 | 002,558,968 | ---- | M] (Symantec Corporation) -- C:\Users\JD\Desktop\NPE.exe
[2011/06/21 07:23:40 | 000,001,186 | ---- | M] () -- C:\Users\JD\Desktop\hitmanprolog.xml
[2011/06/21 07:09:37 | 000,023,112 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/06/19 14:54:40 | 000,002,856 | ---- | M] () -- C:\{5E030D1E-446B-4507-87F0-6B5B9F5597A2}
[2011/06/19 13:56:54 | 000,002,206 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/06/19 13:56:08 | 002,734,792 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/06/19 13:49:01 | 000,174,200 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/06/19 13:49:01 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/06/19 13:49:01 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/06/18 15:19:56 | 002,193,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/17 18:59:40 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/07 19:40:19 | 000,049,752 | ---- | M] () -- C:\Windows\SysNative\drivers\SBREDrv.sys

========== Files Created - No Company Name ==========

[2011/06/28 11:28:55 | 000,132,597 | ---- | C] () -- C:\Users\JD\Desktop\Flash_Disinfector.exe
[2011/06/21 07:23:40 | 000,001,186 | ---- | C] () -- C:\Users\JD\Desktop\hitmanprolog.xml
[2011/06/21 07:09:37 | 000,023,112 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/06/19 14:54:32 | 000,002,856 | ---- | C] () -- C:\{5E030D1E-446B-4507-87F0-6B5B9F5597A2}
[2011/06/19 13:55:27 | 002,734,792 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/06/19 13:48:54 | 000,912,504 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys
[2011/06/19 13:48:54 | 000,744,568 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys
[2011/06/19 13:48:54 | 000,450,680 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys
[2011/06/19 13:48:54 | 000,432,760 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symtdiv.sys
[2011/06/19 13:48:54 | 000,382,584 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys
[2011/06/19 13:48:54 | 000,171,128 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys
[2011/06/19 13:48:54 | 000,040,568 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys
[2011/06/19 13:48:54 | 000,007,877 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnetv64.cat
[2011/06/19 13:48:54 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.cat
[2011/06/19 13:48:54 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.cat
[2011/06/19 13:48:54 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.cat
[2011/06/19 13:48:54 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet64.cat
[2011/06/19 13:48:54 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.cat
[2011/06/19 13:48:54 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa.inf
[2011/06/19 13:48:54 | 000,002,792 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds.inf
[2011/06/19 13:48:54 | 000,001,474 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnetv.inf
[2011/06/19 13:48:54 | 000,001,446 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet.inf
[2011/06/19 13:48:54 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.inf
[2011/06/19 13:48:54 | 000,001,422 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.inf
[2011/06/19 13:48:54 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.inf
[2011/06/19 13:48:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.cat
[2011/06/19 13:48:30 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini
[2011/06/19 12:58:28 | 000,034,152 | ---- | C] () -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/06/19 12:58:17 | 000,174,200 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/06/19 12:58:17 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/06/19 12:58:17 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/06/19 12:58:10 | 000,002,206 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/06/17 22:58:10 | 009,272,320 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2011/06/17 22:58:08 | 012,477,440 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2011/06/17 22:58:03 | 001,488,384 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2011/06/17 22:58:03 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2011/06/17 22:58:02 | 002,339,840 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2011/06/17 22:58:01 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2011/06/17 22:57:59 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2011/06/17 22:57:57 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2011/06/17 22:57:57 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2011/06/17 22:57:56 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2011/06/17 22:57:56 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2011/06/17 22:57:56 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2011/06/17 22:57:56 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2011/06/17 22:57:56 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2011/06/17 22:57:56 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2011/06/17 22:57:56 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2011/06/17 22:57:55 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2011/06/17 22:57:55 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2011/06/17 22:57:55 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2011/06/17 22:57:54 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2011/06/17 22:57:54 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2011/06/17 22:57:53 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2011/06/17 22:57:52 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2011/06/17 22:57:51 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2011/06/17 22:57:42 | 000,847,872 | ---- | C] () -- C:\Windows\SysNative\oleaut32.dll
[2011/06/17 22:57:24 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2011/06/17 22:57:23 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2011/06/17 22:57:03 | 000,407,552 | ---- | C] () -- C:\Windows\SysNative\drivers\afd.sys
[2011/06/17 22:56:42 | 002,760,704 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011/06/17 22:56:29 | 000,274,432 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2011/06/17 22:56:28 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2011/06/17 22:56:28 | 000,105,984 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2011/06/17 22:56:22 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\drivers\dfsc.sys
[2011/06/17 22:56:18 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2011/06/17 17:47:56 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/06/17 17:47:56 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/06/07 19:40:19 | 000,049,752 | ---- | C] () -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/06/17 17:02:03 | 000,012,306 | ---- | C] () -- C:\Windows\scunin.dat
[2009/07/25 11:02:48 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/07/16 10:45:52 | 000,163,169 | ---- | C] () -- C:\Windows\hpoins28.dat
[2009/07/16 10:45:52 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2009/03/02 22:04:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/02/24 14:30:38 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2009/02/24 14:29:13 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/02/24 14:21:54 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/02/21 21:09:35 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/12/25 16:28:17 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2008/11/01 20:58:54 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2008/11/01 20:58:49 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2008/11/01 20:58:49 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2008/10/28 17:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/08/16 01:25:23 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/08/15 23:11:38 | 000,049,152 | ---- | C] () -- C:\Windows\revdevdll.dll
[2008/08/15 23:01:59 | 000,152,098 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/08/15 23:01:52 | 000,152,098 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/08/15 21:36:36 | 000,000,732 | ---- | C] () -- C:\Users\JD\AppData\Local\d3d9caps64.dat
[2008/08/15 18:40:18 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pxhpinst.exe
[2008/08/15 18:40:04 | 000,000,155 | ---- | C] () -- C:\Windows\winamp.ini
[2008/08/15 14:39:19 | 000,009,216 | ---- | C] () -- C:\Users\JD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/15 11:50:19 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008/08/15 11:50:19 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 23:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 23:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/01/10 08:44:26 | 001,457,024 | R--- | C] () -- C:\Windows\SysWow64\SSCProt.dll
[2006/11/02 12:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 09:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 09:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 09:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 06:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/04/03 11:30:00 | 000,110,592 | R--- | C] () -- C:\Windows\SysWow64\scardsyn.dll
[1999/01/22 15:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL
[1998/05/06 16:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\ODMA32.dll

========== Custom Scans ==========


< C:\{5E030D1E-446B-4507-87F0-6B5B9F5597A2}\*.* /s >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 03:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 03:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe
[2008/10/29 03:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 03:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/30 00:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 04:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 23:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 03:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe
[2008/10/29 03:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 03:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 02:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 23:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 23:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 23:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 23:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 23:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 23:50:24 | 000,027,648 | ---- | M] () MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 23:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 23:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 23:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 23:49:46 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 23:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 04:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 23:49:47 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe
[2008/01/20 23:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 03:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 23:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe
[2008/01/20 23:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/21 18:11:25 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/21 18:11:25 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/21 18:11:25 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/06/21 18:11:27 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/06/21 18:11:27 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/21 18:11:27 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/13 20:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/13 20:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/13 20:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/06/13 20:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/05/28 01:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/05/28 01:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/05/28 01:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/28 03:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/05/28 03:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/28 01:53:19 | 000,070,656 | ---- | M] ()
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/28 01:53:19 | 000,070,656 | ---- | M] ()
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/28 01:53:19 | 000,070,656 | ---- | M] ()
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/28 03:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/05/28 03:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Extras txt:

OTL Extras logfile created on: 6/28/2011 11:43:19 AM - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\JD\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 52.35% Memory free
8.17 Gb Paging File | 6.07 Gb Available in Paging File | 74.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 29.72 Gb Free Space | 9.97% Space Free | Partition Type: NTFS

Computer Name: JD-PC | User Name: JD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AE0131-8320-4441-9AA0-F937F53DD624}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0512BB4B-50B8-4049-B323-74EFAE54E438}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{057CAB29-5AB7-4F88-8590-9636E31FD8E7}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
"{0CA6464E-F191-4A2C-9562-B844680E318A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1206A793-5FDF-4F84-ACD4-C627EA66A844}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{17E70566-E283-455E-A3AC-0F53CD624EE8}" = rport=10244 | protocol=6 | dir=out | app=system |
"{1A0CE90B-8813-4950-9168-DD74B9F86205}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1BC56D85-BE43-4798-AFC1-6CD42D755C03}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20FAC269-99AD-41AC-88FA-6334A68E77CC}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{217846D5-2704-4AE9-AC51-F50D1D69590C}" = rport=10244 | protocol=6 | dir=out | app=system |
"{4C304F31-0998-41E8-AAA2-5256FF006C03}" = lport=3390 | protocol=6 | dir=in | app=system |
"{4FE2D53B-F4F3-440D-93DA-D96707F697BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{61EDE0F8-3FA0-4C83-A7F8-FCA9EC612DE1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A67CE5B-2B83-4D5A-BD2D-9256C1D1383E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7C898966-BE40-4081-8B8F-6C1DAE71F664}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{7E616532-CCAC-4188-A31B-05B524A88AC5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8399B10A-3EE1-4308-B4DD-C3E9D5BCEBB0}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{8DCF5146-888B-4F9D-B9C7-D2881A9CF95B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{93CD0BAD-84C8-4ED5-B40E-242619D00067}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9705F371-2CEB-45A4-A34A-369AAF4EA6B5}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9DD21600-0B51-4554-8828-7DEE3117641A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD57261F-256F-4236-932E-E1B45841B668}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C054EFF9-A52E-4560-871D-5275B4BD4816}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D138C9BF-F9CE-4810-AFC3-A35F09C8B733}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D177A715-93A7-403B-B8FB-FF51E59D845F}" = lport=10244 | protocol=6 | dir=in | app=system |
"{D2AC9F99-F51E-4188-8BC5-DDD4E8AFA9BC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2DC6FD7-42C2-44C7-8C36-28EA5DFC4F0F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2FF6FE3-A4ED-4F65-A566-826B5C60CE88}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6001EA4-3C44-4B51-8BC2-0A3E63417EEE}" = lport=3390 | protocol=6 | dir=in | app=system |
"{D8DE9EBC-BF0B-4012-9FE8-367C2E54DF54}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{DA22878C-D6F7-4AB0-8C3A-DEEB0CB590D3}" = lport=49529 | protocol=6 | dir=in | name=akamai netsession interface |
"{DF498F18-D66C-47EE-B25E-C08B192D6C74}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DF652C89-F32E-4600-875D-944B09E684B9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED97EF0E-5145-4123-82E8-EFCB4EFE737A}" = lport=10244 | protocol=6 | dir=in | app=system |
"{F535D734-D766-4F25-8E67-F4FE10B9D789}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BCCF87-5C4B-450E-9617-5C81C2C85B04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B2B9ADE-168E-42D0-9297-FA3C34D927BE}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0C5FFF5E-6F1D-424F-B317-3D2CEA11C3B6}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{0ECE40E0-B11A-4BFD-88EB-E541C4D1BF80}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{0F2E0C31-3956-4FD8-9EAF-6BE5F9B93C0C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{114951E5-BA7A-44B2-ADA2-654D99CBFC6F}" = protocol=17 | dir=in | app=c:\program files (x86)\sega\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{12C7733D-1A49-4AF2-90EA-8BC995B58896}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{133FA9AF-6C2B-4122-B229-211DD966DD1E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13FF4CC4-3A3B-45BF-9BC6-A8522DBA4313}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{1E414E05-1AC6-45B5-8C1F-808766C05778}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{241CC619-9EB2-495D-A798-9FABE38FFC6D}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{26AD0CEA-27A9-4D81-AE34-FE6ADA822E14}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{2843662E-FD9D-4F64-A117-CD6D5AB6FB0C}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{2870AD94-7C68-4610-9056-92E2A102B4D9}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{2883C91D-12D2-4749-99FD-49F434E88286}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2CABC8C2-7FCD-45BC-8E10-E2C34ABB5937}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |
"{2CB0E864-50CB-4581-87D0-A04932F6F6AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{323387D4-1F00-42F0-B4E8-88660C20A98E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{35833BB7-975C-4E8A-A32A-87F935A4F8CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{36AEBEE4-6AFE-4AD4-8C59-814C55426BB7}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{3EC4B50A-137A-4366-8B3E-F2C4902E733E}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |
"{477063A6-3961-4ED7-9374-2BB4B5841CBD}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |
"{47A13876-D907-43E5-A082-287BEBEA03D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4ADF19F8-1B54-4B48-AE3C-620380775364}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe |
"{4CDE7020-AA4A-43B9-AA34-71DD9842E06A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{60D98041-A735-4FF2-806D-AA1812DD165A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{62955ACD-AB52-4C02-B58A-2B29C9DB6ABB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{655304C9-D421-4055-AE30-9AABAB2223B1}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |
"{6C0211C9-B55B-4AFE-96D4-CD017B9642D1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{71B17A24-8075-424A-8F9D-7553859E264D}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |
"{72D855FB-9450-4CC4-B27B-92EF4BA5FD99}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{79FCB88E-9237-4270-8300-046171E55242}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7B4EC06D-B3AA-4A58-8A5A-BEF7E7DB5E45}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{831C63DB-EFFC-4C28-B7D9-B5275354190E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{834D2D75-23CE-4A5D-9254-BAA542870311}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{84558EE7-0195-4D28-8370-8487E410DE38}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{88F07B79-8C19-4158-BD1B-409A1ECC7CAA}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{8A4C1E76-F7F0-47D0-A9F8-B9781A9DF94F}" = protocol=6 | dir=in | app=c:\program files (x86)\sega\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{8D7005E3-175A-48D9-B2B6-235995F3BD43}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8E477B99-FFB0-4F89-9300-D2CAFAD682C3}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |
"{9062402A-F30F-4A89-8C4F-8AFCCDBDE8FD}" = protocol=6 | dir=out | app=system |
"{9339B74C-486A-44D7-B898-DA54B43E5CD0}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9BEF0F81-24A0-41B8-A9C8-C7BD5C4E5A90}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{9E7A9F13-39B9-4107-9530-04FD0954758A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A3003171-2EF5-4230-9C05-37C6134B8842}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A5AD711B-59CF-4774-A1B8-777A57F3053F}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{AB5EF114-FA77-4DC2-ADA4-DC083B15E84E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{B747534B-5C30-4AFB-989E-61E8B38CCEA3}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{B8EE7F25-2751-4DFE-999B-EDF25EB3E6DA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe |
"{BC35A4E5-65BC-48E9-933B-FBDB07802E14}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{BD6DAF1E-0D0A-46D1-8FBA-C31CDFA69D64}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{C1303C92-5739-4C20-89C3-DA3CAA9E7CE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CCF1A4AA-25B3-4214-B2EC-B7D280EFC38A}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |
"{D1F7B72B-DC17-4886-999E-929F38198A4F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DD39FE62-2D40-4B33-AF54-0E676756117A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DFBB320F-07A6-449C-8F1A-20590E468024}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E2A643DC-2012-46AF-883B-CD72AA1BC116}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E3753533-1AF8-47B8-BDD2-1595A6494A04}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EE792BFE-78C4-4765-9D29-0C3392F9C923}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE833222-1B87-491C-9CD8-9A99F1E65585}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EFDD2892-005F-4D81-9796-8E35B3795E85}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{F24C9CFA-D5CA-42E6-8C53-E72916A30742}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F5437C20-CF5D-469C-B66E-4DDF02323372}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |
"{F6FF434F-C55A-4F8D-8656-A38755D794F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FDB198CD-07EA-4BA1-9A0F-161B9E2C1B37}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{0B507717-F82C-4223-A167-8B726D63CE43}C:\program files (x86)\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"TCP Query User{4667F0FD-A947-43A3-812B-0212B33D3FEE}C:\users\jd\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\jd\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{5FA394BF-4007-489A-A2C4-EE6EE58B92A8}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{6195122B-9306-4801-8299-09B79AE386DA}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{7D8CD598-2138-4065-A569-DA2B560B3AFE}C:\users\jd\downloads\wotlk-intro_en_us-downloader.exe" = protocol=6 | dir=in | app=c:\users\jd\downloads\wotlk-intro_en_us-downloader.exe |
"TCP Query User{CD2BD860-5CD0-4BBA-8099-A89B87735C1D}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{E4418942-BB1A-4001-8FA1-5555C770D76F}C:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{6FE53B89-9720-454E-8E6C-0CD29C93DC39}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{903B2C09-2D8C-44BF-88B5-D1B1D3098466}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{C27A3C99-69F2-41BB-A5ED-6F61FDE8F9D6}C:\program files (x86)\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"UDP Query User{C99F8FF1-D0D0-4BEA-8BE1-3398720F598B}C:\users\jd\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\jd\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{E2482869-E9A8-4848-B3E8-20BBECB9B985}C:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{E4D85E20-F9D1-4A6A-90F9-53371515F239}C:\users\jd\downloads\wotlk-intro_en_us-downloader.exe" = protocol=17 | dir=in | app=c:\users\jd\downloads\wotlk-intro_en_us-downloader.exe |
"UDP Query User{F17C8508-2B4B-4B83-8C8D-4AF862B05D45}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear eXtreme
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{470DA0AE-96BF-4F9C-888C-360DEF2DE71E}" = Autodesk DirectConnect 2010 R1 (64-bit)
"{47374ACF-9023-40e7-9830-ECED0DCBC3DC}" = Autodesk Maya 2011 English Documentation 64-bit
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{887CB4A1-5DB4-4924-A2C6-CDCB72376CC7}" = Autodesk Maya 2011 64-bit
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{A9513BBC-73B4-4856-BF83-0166523ABF09}" = 64 Bit HP CIO Components Installer
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver 11.0 03
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBF6B4E9-CD43-476A-895D-4D688D41CE63}" = Composite 2011 (64-bit)
"{DDE113EA-5DB0-4F68-BB58-5F67DD2308B4}" = Autodesk MatchMover 2011 64-bit
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2011.0.0
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{6084D038-3401-4C9D-A216-86E6EEA25AFB}" = ZBrush3
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8448D435-7543-411F-A0CC-7AA40D815E8F}" = Express Gate
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A586DC50-B18D-48FB-B7CC-A598200457C2}" = Acer eDisplay Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B66899F2-C58D-4CEC-9FA8-867883FFB707}" = CoffeeCup Free FTP
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D54049D3-256C-4E19-AAE9-861F6B00BF29}" = AGEIA GAME System Software
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}" = ASUS Security Protect Manager
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Akamai" = Akamai NetSession Interface
"Ask Toolbar_is1" = Vuze Toolbar
"AVG8Uninstall" = AVG Free 8.0
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Crysis WARHEAD®" = Crysis WARHEAD®
"EA Download Manager" = EA Download Manager
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"EphPod" = EphPod
"Google Chrome" = Google Chrome
"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"mIRC" = mIRC
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MP Navigator 2.2" = Canon MP Navigator 2.2
"N360" = Norton 360
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"Starcraft" = Starcraft
"SystemRequirementsLab" = System Requirements Lab
"USB2.0 1.3M UVC WebCam" = USB2.0 1.3M UVC WebCam
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Vue 7 xStream PLE 64bit" = Vue 7 xStream PLE 64bit
"Wacom Tablet Driver" = Wacom Tablet
"Winamp" = Winamp (remove only)
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/22/2010 9:02:00 PM | Computer Name = JD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/22/2010 9:02:00 PM | Computer Name = JD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2762653

Error - 12/22/2010 9:02:00 PM | Computer Name = JD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2762653

Error - 12/22/2010 9:02:01 PM | Computer Name = JD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/22/2010 9:02:01 PM | Computer Name = JD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2763651

Error - 12/22/2010 9:02:01 PM | Computer Name = JD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2763651

Error - 12/22/2010 9:02:02 PM | Computer Name = JD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/22/2010 9:02:02 PM | Computer Name = JD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2764650

Error - 12/22/2010 9:02:02 PM | Computer Name = JD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2764650

Error - 12/22/2010 9:02:03 PM | Computer Name = JD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ ASUS Security Protect Manager Events ]
Error - 6/28/2009 7:08:07 AM | Computer Name = JD-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 6/29/2009 2:35:05 PM | Computer Name = JD-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 7/4/2009 8:11:38 PM | Computer Name = JD-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 7/14/2009 12:02:52 PM | Computer Name = JD-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 7/15/2009 2:03:41 PM | Computer Name = JD-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 7/27/2009 7:35:13 AM | Computer Name = JD-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 8/2/2009 7:10:22 AM | Computer Name = JD-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 8/13/2009 7:41:45 PM | Computer Name = JD-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 8/22/2009 6:43:03 AM | Computer Name = JD-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 9/5/2009 6:05:46 AM | Computer Name = JD-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

[ Media Center Events ]
Error - 10/25/2008 8:30:36 AM | Computer Name = JD-PC | Source = Mcx2Dvcs | ID = 401
Description =

[ System Events ]
Error - 6/24/2011 8:30:29 PM | Computer Name = JD-PC | Source = HTTP | ID = 15016
Description =

Error - 6/24/2011 8:30:49 PM | Computer Name = JD-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 6/25/2011 7:30:36 PM | Computer Name = JD-PC | Source = HTTP | ID = 15016
Description =

Error - 6/28/2011 9:14:49 AM | Computer Name = JD-PC | Source = HTTP | ID = 15016
Description =

Error - 6/28/2011 10:30:45 AM | Computer Name = JD-PC | Source = DCOM | ID = 10010
Description =

Error - 6/28/2011 10:32:36 AM | Computer Name = JD-PC | Source = HTTP | ID = 15016
Description =

Error - 6/28/2011 10:36:35 AM | Computer Name = JD-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 6/28/2011 10:36:38 AM | Computer Name = JD-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 6/28/2011 10:36:38 AM | Computer Name = JD-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 6/28/2011 10:39:35 AM | Computer Name = JD-PC | Source = HTTP | ID = 15016
Description =


< End of report >
  • 0

#12
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,
Just to remind you that you have to run two additional scans, GMER and ComboFix :)
  • 0

#13
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP