Ok, so I ran a HJT because I was experiencing some popups from party poker and I can't find out why. I also noted lots of (file missing) in my HJT log. Advice/help please.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:48:01 PM, on 4/26/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\RivaTuner v2.24\RivaTuner.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\foobar2000\foobar2000.exe
C:\Users\Nate\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EasyMessage] "C:\Program Files (x86)\Easy Message\em2.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FF39DDF-B0B3-41C3-A1B0-E327094E14CE}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\Belkin\F5D7000v8\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7570 bytes

Mostly can't get rid of the party poker pop-up, but other things feel slower than before!


DDS (Ver_10-03-17.01) - NTFSX64
Run by Nate at 23:32:41.25 on Tue 04/27/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20
Platform: Windows Vista SP2 (WinNT 6.00.1906) [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\RivaTuner v2.24\RivaTuner.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\World of Warcraft\WoW.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Nate\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mWinlogon: Userinit=userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files (x86)\hotspot shield\hssie\HssIE.dll
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [TurboV] "c:\program files\asus\turbov\TurboV.exe"
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [EasyMessage] "c:\program files (x86)\easy message\em2.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoSMBalloonTip = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\nate\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: {3FF39DDF-B0B3-41C3-A1B0-E327094E14CE} = 8.8.8.8,8.8.4.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\hotspot shield\hssie\HssIE_64.dll
mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"
mRun-x64: [RivaTunerStartupDaemon] "c:\program files (x86)\rivatuner v2.24\RivaTunerWrapper.exe" /S
mRun-x64: [RivaTuner] "c:\program files (x86)\rivatuner v2.24\RivaTunerWrapper.exe" /T
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
AppInit_DLLs-X64: avgrssta.dll
STS-X64: {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - No File
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)

================= FIREFOX ===================

FF - ProfilePath - c:\users\nate\appdata\roaming\mozilla\firefox\profiles\n3ync0n7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\veetle\player\npvlc.dll
FF - plugin: c:\program files (x86)\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files (x86)\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\windows\syswow64\adobe\director\np32dsw.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-3-4 269320]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-3-4 35464]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-3-4 317520]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\asus\assysctrlservice\1.00.00\AsSysCtrlService.exe [2008-8-15 86016]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\hotspot shield\bin\hsswd.exe [2010-1-9 285744]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-1-22 240232]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimdx.sys [2009-6-30 75776]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\rivatuner v2.24\RivaTuner64.sys [2009-2-25 19952]
S2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\microsoft.net\framework\v4.0.21006\mscorsvw.exe [2009-10-7 129856]
S2 clr_optimization_v4.0.21006_64;Microsoft .NET Framework NGEN v4.0.21006_X64;c:\windows\microsoft.net\framework64\v4.0.21006\mscorsvw.exe [2009-10-7 138560]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\belkin\f5d7000v8\jswpsapi.exe [2007-10-29 352338]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.21006\wpf\WPFFontCache_v0400.exe [2009-10-7 1007448]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-4-11 89920]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 427880]

=============== Created Last 30 ================

2010-04-26 21:05:19 32768 ----a-w- c:\windows\system32\nshhttp.dll
2010-04-26 21:05:19 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2010-04-26 21:05:18 620032 ----a-w- c:\windows\system32\drivers\http.sys
2010-04-26 21:05:18 33792 ----a-w- c:\windows\system32\httpapi.dll
2010-04-26 21:05:18 30720 ----a-w- c:\windows\syswow64\httpapi.dll
2010-04-26 20:58:35 29696 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-26 20:58:35 225280 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-26 20:58:35 1427336 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-26 20:58:34 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-04-26 20:58:31 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-04-26 20:58:31 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-26 18:00:41 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-26 18:00:41 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-04-22 23:20:23 0 d-----w- c:\program files (x86)\common files\Akamai
2010-04-19 12:56:04 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-04-16 03:19:00 0 d-----w- c:\users\nate\appdata\roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2010-04-12 15:27:46 0 d-----w- c:\users\nate\appdata\roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2010-04-12 15:27:46 0 d-----w- c:\users\nate\appdata\roaming\app
2010-04-12 15:27:42 0 d-----w- c:\users\nate\appdata\roaming\Dofus 2
2010-04-12 15:27:42 0 d-----w- c:\users\nate\appdata\roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2010-04-11 00:49:20 0 d-----w- c:\program files (x86)\Easy Message
2010-04-09 13:10:55 0 d-----w- c:\program files (x86)\Dofus 2
2010-04-09 13:10:54 0 d-----w- c:\programdata\Adobe
2010-04-04 11:31:11 0 d-----w- c:\programdata\Sun
2010-04-04 11:30:56 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-04-04 11:30:56 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-04-04 11:30:56 145184 ----a-w- c:\windows\syswow64\java.exe

==================== Find3M ====================

2010-04-27 18:43:03 34800 ----a-w- c:\programdata\nvModes.dat
2010-04-27 01:05:20 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-27 01:05:20 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-04-21 10:15:38 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-03-23 19:07:51 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-16 16:19:04 525792 ----a-w- c:\windows\DIFxAPI.dll
2010-03-13 05:55:34 1660448 ----a-w- c:\windows\system32\RtkAPO64.dll
2010-03-13 05:55:34 149536 ----a-w- c:\windows\system32\RtkCfg64.dll
2010-03-13 05:55:28 69664 ----a-w- c:\windows\system32\RCoInst64.dll
2010-03-13 05:55:28 477216 ----a-w- c:\windows\system32\RtkApi64.dll
2010-03-13 05:55:28 1210912 ----a-w- c:\windows\system32\RTCOM64.dll
2010-03-13 05:55:26 332320 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2010-03-13 05:55:26 1929760 ----a-w- c:\windows\system32\RtPgEx64.dll
2010-03-13 05:47:08 2291616 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2010-03-12 11:22:00 35464 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-03-12 11:22:00 12976 ----a-w- c:\windows\system32\avgrssta.dll
2010-03-12 11:21:39 269320 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-03-09 16:50:32 86528 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 16:25:21 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2010-03-09 16:07:05 1032192 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 15:42:17 834048 ----a-w- c:\windows\syswow64\wininet.dll
2010-03-09 15:42:08 1176064 ----a-w- c:\windows\syswow64\urlmon.dll
2010-03-09 15:40:29 477184 ----a-w- c:\windows\syswow64\mshtmled.dll
2010-03-09 15:40:29 3601920 ----a-w- c:\windows\syswow64\mshtml.dll
2010-03-09 15:39:49 6080000 ----a-w- c:\windows\syswow64\ieframe.dll
2010-03-09 15:39:49 193024 ----a-w- c:\windows\syswow64\iepeers.dll
2010-03-09 15:39:49 180736 ----a-w- c:\windows\syswow64\ieui.dll
2010-03-09 15:39:47 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2010-03-04 18:00:08 602624 ----a-w- c:\windows\system32\vbscript.dll
2010-03-04 17:33:45 430080 ----a-w- c:\windows\syswow64\vbscript.dll
2010-03-02 20:08:22 324000 ----a-w- c:\windows\system32\FMAPO64.dll
2010-02-26 11:20:12 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-02-18 14:28:01 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-01-28 12:23:38 325904 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2009-04-11 16:30:49 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:14 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:14 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 23:33:26.51 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Windows Vista SP2
Boot Device: \Device\HarddiskVolume1
Install Date: 6/30/2009 9:44:50 AM
System Uptime: 4/27/2010 7:42:27 PM (4 hours ago)

Motherboard: ASUSTeK Computer INC. | | P6T
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | LGA1366 | 2668/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 138 GiB total, 39.886 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_82C61043&REV_02\4&9B46FCD&0&00E2
Manufacturer: Realtek
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_82C61043&REV_02\4&9B46FCD&0&00E2
Service: RTL8169

==== System Restore Points ===================

RP250: 4/21/2010 11:14:35 AM - Avg Update
RP251: 4/21/2010 11:15:39 AM - Avg Update
RP252: 4/23/2010 3:23:12 PM - Scheduled Checkpoint
RP253: 4/24/2010 3:42:37 PM - Scheduled Checkpoint
RP254: 4/26/2010 1:56:33 PM - Scheduled Checkpoint
RP255: 4/26/2010 10:03:29 PM - Windows Update

==== Installed Programs ======================

µTorrent
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 4.57
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11
AIM Lite 0.33
Apple Software Update
AVG Free 9.0
AVI/MPEG/RM/WMV Joiner 4.82
BadCopy Pro
Belkin Wireless G PCI Adapter
Combined Community Codec Pack 2008-09-21 16:18
Crystal Reports for Visual Studio
Data Lifeguard Diagnostic for Windows
DiskOnKey
Dofus 1.28.0
Dotfuscator Software Services - Community Edition
Driver Sweeper 1.5.5
Easy Message
EPU-6 Engine
Express Gate
foobar2000 v0.9.6.8
Foxit Reader
Game Booster
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotspot Shield 1.37
Java Auto Updater
Java(TM) 6 Update 20
JMicron JMB36X Driver
K-Lite Mega Codec Pack 4.1.4
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Help 3.0 Beta 2
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel Viewer
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SharePoint Development Tools
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP2 Beta English
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft Sync Framework SDK v1.0 SP1 Beta
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 Beta 2 x86 Runtime - 10.0.21006
Microsoft Visual F# Runtime 1.0
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Beta 2
Microsoft Visual Studio 2010 Professional Beta 2 - ENU
Microsoft Visual Studio Macro Tools
mIRC
Mount&Blade
Mozilla Firefox (3.6.3)
Mozilla Thunderbird (2.0.0.24)
Mumble and Murmur
Notepad++
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenOffice.org 3.1
PowerISO
PyME
Quick Batch File Compiler 2.0.7.1
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
RivaTuner v2.24
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
SopCast 3.2.4
SpeedFan (remove only)
Spybot - Search & Destroy
SQL Server 2008 R2 Management Objects
SQL Server System CLR Types
Steam
SteelSeries Ikari Laser
StreamTorrent 1.0
TeamSpeak 2 RC2
TurboV
TVAnts 1.0
TVUPlayer 2.5.2.2
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981433)
Veetle TV 0.9.16
VideoLAN VLC media player 0.8.6i
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2010 Beta 2 Tools for SQL Server Compact ENU
VisualSVN 1.7.7
Warcraft III
Warcraft III: All Products
Warkeys 1.14.1.0b
Windows Media Player Firefox Plugin
WinRAR archiver
Zombie Panic! Source

==== Event Viewer Messages From Past Week ========

4/27/2010 7:44:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SCDEmu
4/26/2010 10:10:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/26/2010 10:10:38 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/26/2010 10:04:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/23/2010 12:20:38 AM, Error: Service Control Manager [7030] - The Akamai NetSession Interface service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

==== End Of File ===========================

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate log in the Malware Removal forum and wait for help.
Hi Nate1492 and welcome to Safer Networking. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Vista Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System(Vista aka Windows 6) in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

64bit Operating System Advice:

Your logs shows signs that this is a 64 bit machine. Most of the tools we use don't run on 64 bit machines, so the help I can offer is limited.

HijackThis was not made to run on a 64 bit system like yours and it's scan results can not be relied upon. I'm going to need you to run a different scan for me.

Next:

Please go to Start >> Control Panel >> Programs and Features and remove the following (if present):

µTorrent <-- This will have to be uninstalled per forum policy (http://forums.spybot.info/showthread.php?t=282).
Hotspot Shield 1.37 <-- This has undesirable characteristics and my advice is to remove it.

To do so click once on each of the above and click on Uninstall/Change and follow the prompts.

Next:

Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) and save it to your Desktop.

Right-click on OTL.exe and select Run as Administrator to start OTL.
Ensure Include 64bit Scans is selected.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

How is you computer performing now, any further symptoms and or problems encountered?
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

Alright, I'm removing the uTorrent because you asked me to remove it during the cleanup process as per the forum policy that states a helper can ask to remove P2P applications during the cleanup process.

I do use hotspot shield for legitimate reasons, I only use it when needed and it is defaulted to not enabled, unless there is something I'm missing? Please tell me if it is operating actively. Or rather, if you know a better program, I require the services it provides on a part time basis.

OTL logfile created on: 4/28/2010 4:30:13 AM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Nate\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s):

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 138.48 Gb Total Space | 39.85 Gb Free Space | 28.78% Space Free | Partition Type: NTFS
Drive D: | 7.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUPERPC
Current User Name: Nate
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Nate\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files (x86)\RivaTuner v2.24\RivaTuner.exe ()
PRC - C:\Program Files\ASUS\Six Engine\SixEngine.exe ()
PRC - C:\Program Files\ASUS\TurboV\TurboV.exe ()
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Nate\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (MSSQLServerADHelper100) -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (MSSQL$SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV:64bit: - (SQLAgent$SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (HotspotShieldService) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework64\v4.0.21006\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.21006_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.21006\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.21006_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe ()
SRV - (jswpsapi) -- C:\Program Files (x86)\Belkin\F5D7000v8\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 14:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (taphss) -- C:\Windows\SysNative\DRIVERS\taphss.sys (AnchorFree Inc)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\DRIVERS\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (RsFx0103) -- C:\Windows\SysNative\DRIVERS\RsFx0103.sys (Microsoft Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (RT73) -- C:\Windows\SysNative\DRIVERS\Dr71WU.sys (Ralink Technology, Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (JSWSCIMD) -- C:\Windows\SysNative\DRIVERS\jswscimdx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys ()
DRV - (JSWSCIMD) -- C:\Windows\SysWOW64\drivers\jswscimdx.sys (Atheros Communications, Inc.)
DRV - (CSC) -- C:\Windows\CSC [2009/06/30 09:40:28 | 000,000,000 | ---D | M]
DRV - (JRAID) -- C:\Windows\jraid.log ()
DRV - (AsIO) -- C:\Windows\SysWOW64\drivers\AsIO.sys ()
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wvw.google.dk/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wvw.google.dk/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2413271681-766711667-1323029604-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/04/22 13:25:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/03 19:41:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/19 13:56:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/03/17 15:13:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2009/11/23 21:51:19 | 000,000,000 | ---D | M]

[2010/03/05 03:34:34 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Mozilla\Extensions
[2010/03/05 03:34:34 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/04/27 20:30:50 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\n3ync0n7.default\extensions
[2010/04/27 20:30:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\n3ync0n7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/18 04:12:15 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\n3ync0n7.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/04/27 20:30:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/19 13:56:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/07/04 03:10:15 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/04/26 21:17:25 | 000,392,729 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13565 more lines...
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RivaTuner] C:\Program Files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EasyMessage] C:\Program Files (x86)\Easy Message\em2.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-2413271681-766711667-1323029604-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - Ave's FolderBg - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/19 22:53:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7929eb93-6551-11de-a8db-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7929eb93-6551-11de-a8db-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\Assetup.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\.\Bin\Assetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/26 22:05:19 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/04/26 22:05:19 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/04/26 22:05:18 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/04/26 22:05:18 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/04/26 22:02:49 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/04/26 22:02:48 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/04/26 22:02:48 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/04/26 22:02:48 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/04/26 22:02:48 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/04/26 22:02:48 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/04/26 22:02:47 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/04/26 22:02:47 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2010/04/26 22:02:47 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010/04/26 22:02:46 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010/04/26 22:02:46 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/04/26 21:56:30 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/04/26 21:56:30 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/04/26 21:56:30 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010/04/26 21:56:30 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010/04/26 21:56:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010/04/26 21:56:30 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010/04/26 21:56:30 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010/04/26 21:56:29 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll
[2010/04/26 21:56:29 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/04/26 21:56:29 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/04/26 21:56:11 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/26 21:56:03 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/04/26 21:56:03 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/04/26 21:56:01 | 000,602,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/04/26 21:56:01 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/04/26 21:56:01 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codecp.acm
[2010/04/26 21:56:01 | 000,181,760 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\l3codecp.acm
[2010/04/26 21:56:01 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/04/26 21:56:01 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/04/26 21:56:01 | 000,072,192 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\l3codeca.acm
[2010/04/26 21:56:01 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codeca.acm
[2010/04/26 19:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/04/26 19:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/04/26 18:38:57 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Nate\Desktop\ATF-Cleaner.exe
[2010/04/23 00:20:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010/04/19 13:56:04 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/04/18 21:21:56 | 000,000,000 | ---D | C] -- C:\Users\Nate\Desktop\Rawr v2.3.14
[2010/04/16 04:19:00 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/04/12 16:27:46 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/04/12 16:27:46 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\app
[2010/04/12 16:27:42 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/04/12 16:27:42 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\Dofus 2
[2010/04/11 04:04:17 | 000,000,000 | ---D | C] -- C:\Users\Nate\Desktop\mediaplayer
[2010/04/11 01:49:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy Message
[2010/04/09 14:10:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dofus 2
[2010/04/09 14:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/04/09 14:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/04/04 12:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/04 12:31:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/04/04 12:30:56 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/04/04 12:30:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/04/04 12:30:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/04/04 12:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

========== Files - Modified Within 30 Days ==========

[2010/04/28 04:29:26 | 010,747,904 | -HS- | M] () -- C:\Users\Nate\NTUSER.DAT
[2010/04/28 03:42:47 | 000,004,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/28 03:42:47 | 000,004,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/27 20:33:47 | 059,302,741 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/04/27 19:49:07 | 000,847,056 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/27 19:49:07 | 000,705,216 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/27 19:49:07 | 000,142,556 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/04/27 19:43:13 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/04/27 19:43:03 | 000,034,800 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/04/27 19:43:03 | 000,034,800 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/04/27 19:42:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/27 19:42:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/27 08:41:25 | 000,524,288 | -HS- | M] () -- C:\Users\Nate\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms
[2010/04/27 08:41:25 | 000,065,536 | -HS- | M] () -- C:\Users\Nate\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2010/04/27 02:19:11 | 004,247,627 | -H-- | M] () -- C:\Users\Nate\AppData\Local\IconCache.db
[2010/04/26 21:17:25 | 000,392,729 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/04/26 18:38:57 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Nate\Desktop\ATF-Cleaner.exe
[2010/04/22 05:15:41 | 004,965,043 | ---- | M] () -- C:\Users\Nate\Desktop\Morum2.xlsm
[2010/04/21 11:15:38 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/04/16 18:12:15 | 000,014,665 | ---- | M] () -- C:\Users\Nate\Desktop\RyanAirApr14.rtf
[2010/04/16 18:11:44 | 000,079,302 | ---- | M] () -- C:\Users\Nate\Desktop\EasyJetApr14.jpg
[2010/04/16 18:10:50 | 000,014,658 | ---- | M] () -- C:\Users\Nate\Desktop\RyanAirMar31.rtf
[2010/04/16 18:07:55 | 000,077,837 | ---- | M] () -- C:\Users\Nate\Desktop\EasyJetMar31.jpg
[2010/04/16 04:44:59 | 000,000,008 | ---- | M] () -- C:\Users\Nate\AppData\Roaming\DofusAppId0_2
[2010/04/16 04:34:59 | 000,000,173 | ---- | M] () -- C:\Users\Nate\AppData\Roaming\D2Info0
[2010/04/16 04:34:01 | 000,000,008 | ---- | M] () -- C:\Users\Nate\AppData\Roaming\DofusAppId0_1
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/04/11 01:49:20 | 000,000,867 | ---- | M] () -- C:\Users\Nate\Desktop\Easy Message.lnk
[2010/04/09 14:10:55 | 000,000,943 | ---- | M] () -- C:\Users\Nate\Desktop\Dofus 2.lnk
[2010/04/04 15:50:55 | 000,009,028 | ---- | M] () -- C:\Users\Nate\Desktop\config.lua
[2010/03/29 15:00:29 | 004,964,615 | ---- | M] () -- C:\Users\Nate\Desktop\MorumBISnonHC.xlsm

========== Files Created - No Company Name ==========

[2010/04/23 00:21:32 | 000,436,716 | ---- | C] () -- C:\Users\Nate\AppData\Local\dd_vcredistMSI248F.txt
[2010/04/23 00:21:32 | 000,011,410 | ---- | C] () -- C:\Users\Nate\AppData\Local\dd_vcredistUI248F.txt
[2010/04/16 18:12:15 | 000,014,665 | ---- | C] () -- C:\Users\Nate\Desktop\RyanAirApr14.rtf
[2010/04/16 18:11:44 | 000,079,302 | ---- | C] () -- C:\Users\Nate\Desktop\EasyJetApr14.jpg
[2010/04/16 18:10:50 | 000,014,658 | ---- | C] () -- C:\Users\Nate\Desktop\RyanAirMar31.rtf
[2010/04/16 18:07:55 | 000,077,837 | ---- | C] () -- C:\Users\Nate\Desktop\EasyJetMar31.jpg
[2010/04/16 04:19:00 | 000,000,008 | ---- | C] () -- C:\Users\Nate\AppData\Roaming\DofusAppId0_1
[2010/04/12 16:27:42 | 000,000,173 | ---- | C] () -- C:\Users\Nate\AppData\Roaming\D2Info0
[2010/04/12 16:27:42 | 000,000,008 | ---- | C] () -- C:\Users\Nate\AppData\Roaming\DofusAppId0_2
[2010/04/11 02:08:24 | 000,009,028 | ---- | C] () -- C:\Users\Nate\Desktop\config.lua
[2010/04/11 01:49:20 | 000,000,867 | ---- | C] () -- C:\Users\Nate\Desktop\Easy Message.lnk
[2010/04/09 14:10:55 | 000,000,943 | ---- | C] () -- C:\Users\Nate\Desktop\Dofus 2.lnk
[2010/03/23 20:06:44 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/01/19 08:03:16 | 000,750,190 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/08 00:12:24 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/06/30 02:30:08 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/06/30 02:30:08 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/06/30 02:30:04 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009/06/30 02:30:04 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009/06/30 02:06:48 | 000,032,936 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/06/30 02:06:18 | 000,032,261 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/06/30 01:49:28 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/06/30 01:49:28 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/06/30 01:49:27 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/06/30 01:49:27 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/06/30 01:49:26 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/06/30 01:49:26 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/06/30 01:49:26 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/04/11 17:24:20 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/11 17:23:28 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2008/01/21 03:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/12/28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
< End of report >

OTL Extras logfile created on: 4/28/2010 4:30:13 AM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Nate\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s):

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 138.48 Gb Total Space | 39.85 Gb Free Space | 28.78% Space Free | Partition Type: NTFS
Drive D: | 7.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUPERPC
Current User Name: Nate
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2413271681-766711667-1323029604-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = 00 AF B5 BE C4 BA C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2413271681-766711667-1323029604-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16E7EEF7-CC9F-4388-BB44-31CAB2ED60FE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{58EE09BB-4538-495F-AAEB-797F76998BC7}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{E6865AF8-60CC-4F42-BBAB-C0B341E89B6A}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{F368ACE3-FA11-4F23-8A46-C9D954874CA8}" = lport=52511 | protocol=6 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{120B352B-BD17-461B-A2DB-1ABD344F2503}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{1AA26A76-FF05-45F9-8C17-6AB9DEDFDFBD}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"{2F501115-CF68-46A2-8244-D126C9A33C27}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{344A36E1-3A0A-43DF-9F8F-A4ECD7A4702E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{50015021-55B1-4357-812E-4260805E3B02}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"{50FCA78A-368F-4D44-94DB-09E70DD4D0F7}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{576624B9-3A6A-4F3C-A8BB-9633476DA6E2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{6B8853FF-498D-4857-919A-F40324CA2F4A}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
"{7021A7D5-DAA1-41B5-AAD7-0F1CEA1FA18E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{72FEB464-C015-4472-951B-708126445706}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7F680025-8D34-4AD3-8DB8-6F654FDBB2DD}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{ABFF5CF8-FBE2-43F3-A610-51815DDB8A22}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{C03A61BA-23E8-443D-B0A5-28BF45DE9130}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C9AF64C5-4BDE-4EB7-ABE2-1CB36835879B}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{DB9EAF9F-6B09-4A88-9D61-6312D246C205}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{EC95B907-73D9-4C98-8420-120C855DD6AC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{0B1E0F99-5D91-4481-8050-3C328222FAB3}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{0B533B5F-D9A3-4C61-A5E1-D1116F0CF5D0}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{10AEACB6-9D67-46FB-97D6-975C1D1712F8}C:\users\nate\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\nate\appdata\roaming\imvuclient\1vivoxvoice.exe |
"TCP Query User{19F9EC48-8AF4-46C6-B251-BCB8B5520A4D}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{3B2B4B06-931E-4A56-A373-46FA10E1B946}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{4AD994D0-7028-4075-92E3-06755176D47A}C:\program files (x86)\steam\steamapps\nate1492\zombie panic! source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\nate1492\zombie panic! source\hl2.exe |
"TCP Query User{6BB94AB1-11CB-416E-8EE2-933647F381A8}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"TCP Query User{6C9030D4-581A-45B7-AF5E-C5718F21C042}C:\users\nate\desktop\msn\msn lite 7.5.exe" = protocol=6 | dir=in | app=c:\users\nate\desktop\msn\msn lite 7.5.exe |
"TCP Query User{8F9E9F19-9EDF-4B16-8F02-42A1FFC337A8}C:\program files (x86)\altitude\altitude.exe" = protocol=6 | dir=in | app=c:\program files (x86)\altitude\altitude.exe |
"TCP Query User{965B311F-EA37-40C9-982B-87BC854D48B4}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{96A462AC-AB04-4165-8296-A0FB79AF9F43}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{9C2967A7-003E-45EE-821E-BD6E33D4643B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{AABE5A4B-2432-4D17-9E75-EC9548BC31FA}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{BC7EFC65-0751-441A-AE11-37395BF3A281}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"TCP Query User{F71552D3-C5B6-4B30-8CA9-52C81D6C143B}C:\users\nate\desktop\msn2\msn lite 7.5.exe" = protocol=6 | dir=in | app=c:\users\nate\desktop\msn2\msn lite 7.5.exe |
"TCP Query User{FAA8F8A9-2D55-422D-871B-3486C3821480}C:\program files (x86)\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
"UDP Query User{046246E2-0FE3-4F03-8C2D-4CEEFE085FD0}C:\program files (x86)\steam\steamapps\nate1492\zombie panic! source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\nate1492\zombie panic! source\hl2.exe |
"UDP Query User{09F78620-2370-4506-AF69-99B81BC955F5}C:\program files (x86)\altitude\altitude.exe" = protocol=17 | dir=in | app=c:\program files (x86)\altitude\altitude.exe |
"UDP Query User{1E1EAA42-A863-4C34-9C26-F4B09B6CF4E0}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{23E26B3C-9538-4D29-AB35-13205604FBB8}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"UDP Query User{32C01075-2BE4-4036-8B13-B5ECCFE3EC5C}C:\users\nate\desktop\msn\msn lite 7.5.exe" = protocol=17 | dir=in | app=c:\users\nate\desktop\msn\msn lite 7.5.exe |
"UDP Query User{33B0A0A4-5EAB-40ED-90DF-3998302C5CCC}C:\users\nate\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\nate\appdata\roaming\imvuclient\1vivoxvoice.exe |
"UDP Query User{6047FB8B-796B-485D-9869-4B24AFBD9D1B}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{7A8F4D92-76B1-462E-A031-5907BD69C621}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{836CD8E7-F4DA-49FB-A8B4-7BC31BC31DDB}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"UDP Query User{8EA623D4-4454-4316-8F63-DC06CBDED187}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{92ACADA0-A6E2-4931-BD21-5E3BCC19BAA6}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{932B7974-8F40-4731-81A7-9A4CC974D829}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{96EA657A-7FFA-425A-999D-A8062101E96F}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{C7F3BE72-8AA9-4385-8C73-8D9EBD34AAF8}C:\users\nate\desktop\msn2\msn lite 7.5.exe" = protocol=17 | dir=in | app=c:\users\nate\desktop\msn2\msn lite 7.5.exe |
"UDP Query User{D0968EC6-40BF-4679-8151-C9A37DE7C9BD}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{D29F1008-50D5-4706-8974-DEBB95D54264}C:\program files (x86)\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0F2D7186-EF54-37FA-AA61-ED6F88E771CE}" = Microsoft .NET Framework 4 Extended Beta 2
"{2A5DCE96-B8CE-4E95-86C6-88E4CFE73086}" = Microsoft Sync Services for ADO.NET v2.0 SP1 Beta (x64)
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{342B4CC9-79F6-3D93-9247-0CD70BD0754C}" = Microsoft Office Development Tools for Visual Studio 2010 (x64)
"{3AAA978C-D950-43B3-97D3-FE579DFF8F2D}" = Microsoft Sync Framework Services v1.0 SP1 Beta (x64)
"{43602F34-1AA3-44FB-AEB2-D08C2C737440}" = Paint.NET v3.36
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{58ED9D53-9A08-4ECD-9D0D-AD46D0ADD150}" = Microsoft Sync Framework Runtime v1.0 SP1 Beta (x64)
"{70C8E693-36D6-3DAD-95AA-685FBB1A3B09}" = Visual Studio 2010 Tools for Office Runtime Beta 2 (x64)
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{84BEA72A-E70B-3420-958C-A22BAA44CBF0}" = Microsoft Visual C++ 2010 Beta 2 x64 Runtime - 10.0.21006
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{920ACB68-9AF3-3E66-A8D8-FEE287CEEE6E}" = Visual Studio 2010 Prerequisites - English
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AC2512D4-ED8A-4015-BF87-92478483C171}" = TortoiseSVN 1.6.6.17493 (64 bit)
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6B2B228-3529-364D-924D-6F8A9B0853E7}" = Microsoft Visual C++ 2010 Beta 2 x64 Designtime - 10.0.21006
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{E69974C9-ECDC-4B02-97EB-FB1CE638CECB}" = Web Deployment Tool
"{E856E900-52DE-3F06-B493-B39442A717F6}" = Microsoft .NET Framework 4 Client Profile Beta 2
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile Beta 2" = Microsoft .NET Framework 4 Client Profile Beta 2
"Microsoft .NET Framework 4 Extended Beta 2" = Microsoft .NET Framework 4 Extended Beta 2
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Visual Studio 2010 Tools for Office Runtime Beta 2 (x64)" = Visual Studio 2010 Tools for Office Runtime Beta 2 (x64)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02D29CDE-779D-3082-85C9-4086A49A9390}" = Microsoft Visual C++ 2010 Beta 2 x86 Runtime - 10.0.21006
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0940CCDF-5BAB-3101-9077-EDD34A25D711}" = Microsoft SharePoint Development Tools
"{0965D484-1777-4BA5-8C3A-095A6B0D2696}_is1" = Driver Sweeper 1.5.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{23CA6343-67A1-4CF2-8E69-D83A8B92D1B2}" = VisualSVN 1.7.7
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 20
"{2A7153F7-38EC-3398-BDB4-2A237E717EE9}" = Microsoft Visual Studio 2010 Professional Beta 2 - ENU
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3038CC3B-F786-4371-8594-6F0FE87A5230}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{40653574-F426-36BB-A1DC-3AD075E1EB3C}" = Microsoft Help 3.0 Beta 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53FA14B9-A754-4568-819E-BE4270FDEE13}" = SQL Server 2008 R2 Management Objects
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{5EFFD8C8-BE42-3A47-A5A6-1B3985FD1EC0}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}" = Data Lifeguard Diagnostic for Windows
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84E00510-8474-3214-BEE8-67B9F344E4FC}" = Microsoft Visual F# Runtime 1.0
"{8670F72E-CEEA-485F-AC2D-ACF546EBF05E}" = Microsoft Sync Framework SDK v1.0 SP1 Beta
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B916626-D225-496A-83ED-EDBE9E907432}" = Dotfuscator Software Services - Community Edition
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90C43C31-862C-46AD-92A5-2D29E1B68179}" = Belkin Wireless G PCI Adapter
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0494B41-EBD7-4C0D-91B7-DC39741B27BB}" = Express Gate
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{A64ECAEE-51FE-4AC7-ABE8-EBBCDA7E3EDC}" = SteelSeries Ikari Laser
"{A737E831-9ECF-456F-81EA-EEEB5B9922A7}" = Microsoft ASP.NET MVC 2
"{AA74ED37-681C-4AE8-8D1D-5485EBB3ED3D}" = SQL Server System CLR Types
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE386AEA-F4BC-4457-BF6B-495992437C82}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B48DCEC2-BE3F-49C5-96F3-AB05E65C4EB4}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{B8E89E40-984E-11D3-A0DC-00004CE35A6C}" = DiskOnKey
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{D1B7B5F9-4FB7-48BE-9425-1C6930D67DD1}" = Visual Studio 2010 Beta 2 Tools for SQL Server Compact ENU
"{D73CBB43-E7F9-48A1-9F68-690F05392537}" = Crystal Reports for Visual Studio
"{D8EA4774-1EB0-45EB-A4F5-E5F2776D328D}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F849775B-F39D-4EDD-A266-1A3E258F0498}" = Microsoft SQL Server Compact 3.5 SP2 Beta English
"{FC2C89A7-76E2-32F1-A2C2-428B480F570E}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Beta 2
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM Lite" = AIM Lite 0.33
"AVG9Uninstall" = AVG Free 9.0
"AVI MPEG RM WMV Joiner_is1" = AVI/MPEG/RM/WMV Joiner 4.82
"BadCopy Pro" = BadCopy Pro
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Dofus 1.28.0" = Dofus 1.28.0
"Easy Message" = Easy Message
"ENTERPRISE" = Microsoft Office Enterprise 2007
"foobar2000" = foobar2000 v0.9.6.8
"Foxit Reader" = Foxit Reader
"Game Booster_is1" = Game Booster
"HotspotShield" = Hotspot Shield 1.37
"InstallShield_{90C43C31-862C-46AD-92A5-2D29E1B68179}" = Belkin Wireless G PCI Adapter
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.4
"Microsoft Help 3.0 Beta 2" = Microsoft Help 3.0 Beta 2
"Microsoft Visual Studio 2010 Professional Beta 2 - ENU" = Microsoft Visual Studio 2010 Professional Beta 2 - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"mIRC" = mIRC
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Mumble" = Mumble and Murmur
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PowerISO" = PowerISO
"PyME" = PyME
"Quick Batch File Compiler_is1" = Quick Batch File Compiler 2.0.7.1
"RivaTuner" = RivaTuner v2.24
"SopCast" = SopCast 3.2.4
"SpeedFan" = SpeedFan (remove only)
"Steam App 17500" = Zombie Panic! Source
"StreamTorrent 1.0" = StreamTorrent 1.0
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.5.2.2
"Veetle TV" = Veetle TV 0.9.16
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.14.1.0b
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2413271681-766711667-1323029604-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/27/2010 5:00:45 PM | Computer Name = SuperPC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.3727, time stamp 0x4b9fb052,
faulting module FOXITR~1.OCX, version 1.0.0.1, time stamp 0x495057f6, exception
code 0xc0000005, fault offset 0x00002c8e, process id 0x134c, application start time
0x01cacdf08d833b0e.

Error - 3/27/2010 6:42:44 PM | Computer Name = SuperPC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.3727, time stamp 0x4b9fb052,
faulting module FOXITR~1.OCX, version 1.0.0.1, time stamp 0x495057f6, exception
code 0xc0000005, fault offset 0x00002c8e, process id 0xa50, application start time
0x01cacdfecdbfe66e.

Error - 3/27/2010 10:35:43 PM | Computer Name = SuperPC | Source = Application Error | ID = 1000
Description = Faulting application TVUPlayer.exe, version 2.4.9.1, time stamp 0x4ad825a3,
faulting module AutoUpgrade.dll, version 2.4.9.1, time stamp 0x4ad82556, exception
code 0xc0000005, fault offset 0x00013cd6, process id 0x6e4, application start time
0x01cace1f5bbae49e.

Error - 3/27/2010 10:35:50 PM | Computer Name = SuperPC | Source = Application Error | ID = 1000
Description = Faulting application TVUPlayer.exe, version 2.4.9.1, time stamp 0x4ad825a3,
faulting module AutoUpgrade.dll, version 2.4.9.1, time stamp 0x4ad82556, exception
code 0xc0000005, fault offset 0x00013cd6, process id 0x1344, application start time
0x01cace1f6111ed8e.

Error - 3/27/2010 10:49:06 PM | Computer Name = SuperPC | Source = Application Error | ID = 1000
Description = Faulting application TVUPlayer.exe, version 2.4.9.1, time stamp 0x4ad825a3,
faulting module AutoUpgrade.dll, version 2.4.9.1, time stamp 0x4ad82556, exception
code 0xc0000005, fault offset 0x00013cd6, process id 0xfc8, application start time
0x01cace213b337dce.

Error - 4/8/2010 2:56:09 PM | Computer Name = SuperPC | Source = Application Error | ID = 1000
Description = Faulting application javaw.exe, version 6.0.190.4, time stamp 0x4b960e0a,
faulting module java.dll, version 6.0.190.4, time stamp 0x4b963ed1, exception code
0xc0000005, fault offset 0x00005875, process id 0x1274, application start time 0x01cad74d25d0be8b.

Error - 4/16/2010 8:15:30 PM | Computer Name = SuperPC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.3743, time stamp 0x4bb4be02,
faulting module FOXITR~1.OCX, version 1.0.0.1, time stamp 0x495057f6, exception
code 0xc0000005, fault offset 0x00002c8e, process id 0x108c, application start time
0x01caddaca332e669.

Error - 4/17/2010 8:47:36 PM | Computer Name = SuperPC | Source = Application Error | ID = 1000
Description = Faulting application TVUPlayer.exe, version 2.5.2.2, time stamp 0x4b8764a5,
faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03824, exception
code 0xc0000374, fault offset 0x000ab0bf, process id 0x1298, application start time
0x01cade90759d8d8f.

Error - 4/22/2010 2:56:13 PM | Computer Name = SuperPC | Source = Application Error | ID = 1000
Description = Faulting application javaw.exe, version 6.0.200.2, time stamp 0x4bc398b3,
faulting module java.dll, version 6.0.200.2, time stamp 0x4bc3c8dc, exception code
0xc0000005, fault offset 0x00005875, process id 0xa10, application start time 0x01cae24d7a15c7aa.

Error - 4/26/2010 10:08:05 AM | Computer Name = SuperPC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.3743, time stamp 0x4bb4be02,
faulting module FOXITR~1.OCX, version 1.0.0.1, time stamp 0x495057f6, exception
code 0xc0000005, fault offset 0x00002c8e, process id 0xf74, application start time
0x01cae53a2411de11.

[ System Events ]
Error - 2/28/2010 8:52:45 PM | Computer Name = SuperPC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2/28/2010 8:52:51 PM | Computer Name = SuperPC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2/28/2010 8:54:41 PM | Computer Name = SuperPC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/1/2010 10:30:28 AM | Computer Name = SuperPC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 3/1/2010 10:30:34 AM | Computer Name = SuperPC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 3/1/2010 10:32:23 AM | Computer Name = SuperPC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/1/2010 10:35:12 AM | Computer Name = SuperPC | Source = JRAID | ID = 262261
Description = The driver for device \Device\Scsi\JRAID1 detected a port timeout
due to prolonged inactivity. All associated busses were reset in an effort to clear
the condition.

Error - 3/1/2010 9:32:37 PM | Computer Name = SuperPC | Source = Service Control Manager | ID = 7031
Description =

Error - 3/2/2010 8:24:58 AM | Computer Name = SuperPC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 3/2/2010 8:25:05 AM | Computer Name = SuperPC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >

Hi. :)


Alright, I'm removing the uTorrent because you asked me to remove it during the cleanup process as per the forum policy that states a helper can ask to remove P2P applications during the cleanup process.Thank you. I do advise you consider not re-installing any other P2P related applications. P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. I strongly advise avoid these types of software applications.

I have noticed you have StreamTorrent 1.0 installed also, please remove this for the duration of the malware removal process also, thank you.


I do use hotspot shield for legitimate reasons, I only use it when needed and it is defaulted to not enabled, unless there is something I'm missing? Please tell me if it is operating actively. Or rather, if you know a better program, I require the services it provides on a part time basis. Fair play and I only advised it be uninstalled because the actual optional tool-bar for the application itself has characteristics that may be conduit for adware. As for is it working correctly, there is noting on the website saying it is 64bit compatible however it does appear to be functioning correctly but bare in mind as far as I can tell it is not fully 64bit compatible.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.


Please go here (http://www.aumha.org/downloads/erunt-setup.exe) and download ERUNT.
ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
Start ERUNT either by right clicking on the desktop icon and select Run as Administrator or choosing to start the program at the end of the setup process.
Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
Make sure that at least the first two check boxes are selected.
Click on OK
Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Reset Vista SP2 Firewall:

Click on Start(Vista Orb) >> Run... and cut/paste in the following and click on OK

firewall.cplOr Start(Vista Orb) >> Control Panel >> Windows Firewall

Click on the Change Settings >> Advanced >> Restore Defaults >> At the prompt click on Yes >> OK

Now click back on Change Settings again >> General >> and select On(recommended) >> Apply >> OK.

Custom OTL Script:

Right-click OTL.exe and select Run as Administrator to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

:Commands
[Purity]
[ResetHosts]
[EmptyTemp]
[Reboot]
Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Next:

Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Right-click mbam-setup.exe and select Run as Administrator then follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
Launch Malwarebytes' Anti-Malware
Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following:

How is you computer performing now, any further symptoms and or problems encountered?
OTL Log.
Malwarebytes Anti-Malware Log.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4046

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

4/28/2010 3:59:22 PM
mbam-log-2010-04-28 (15-59-22).txt

Scan type: Quick scan
Objects scanned: 108199
Time elapsed: 2 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Nate\downloads\MyFunCardsSetup2.3.64.2.ZUfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Nate\downloads\ZwinkySetup2.3.64.2.ZJfox000(2).exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Nate\downloads\ZwinkySetup2.3.64.2.ZJfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

There was two...

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\ deleted successfully.
File {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ deleted successfully.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.3.0 log created on 04282010_154121


All processes killed
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nate
->Temp folder emptied: 32323411 bytes
->Temporary Internet Files folder emptied: 15850219 bytes
->Java cache emptied: 37629766 bytes
->FireFox cache emptied: 92893946 bytes
->Flash cache emptied: 37337877 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26294 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 206.00 mb


OTL by OldTimer - Version 3.2.3.0 log created on 04282010_154743

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Users\Nate\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Also, I re-did the host thing and it successfully moved it/replaced, I noticed it failed.

I do want to note that I had a modified hosts file that was blocking a ton of adaware via a recommended hosts file and the automatic blocking provided by spybot. Should I re-incorporate these? I did enjoy the content they blocked.

Hi. :)


Also, I re-did the host thing and it successfully moved it/replaced, I noticed it failed.OK no harm done but please refrain from any self fixes during the malware removal process and if anything untoward occurs merely inform myself straight away, thank you.

I do want to note that I had a modified hosts file that was blocking a ton of adaware via a recommended hosts file and the automatic blocking provided by spybot. Should I re-incorporate these? I did enjoy the content they blocked.
Aye I was aware of the pseudo Host-File and I wanted it reset as a precaution as it was entirely feasible it was compromised and this was prudent rather than myself physically having to check 13.000 plus entries. Plus it appears this was a distinct possibility judging by the malware removed by Malwarebytes' Anti-Malware.

By all means you may use the Immunisation feature of Spybot when I give the all clear and re-enable its host file feature. I will also be recommending a heuristic based security application to be downloaded/installed. Which via one of its monitoring features will warn if any modifications are made to the aforementioned host file and you will be given the option to decline such.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.


Please go here (http://www.eset.com/onlinescan/) then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following:


How is your computer performing now? Any problems encountered and or any further symptoms?
ESET Log.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=38aff257ee42ef41813c203c929f3bc3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-29 04:30:31
# local_time=2010-04-29 05:30:31 (+0000, GMT Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 4851999 4851999 0 0
# compatibility_mode=8192 67108863 100 0 18018 18018 0 0
# scanned=183610
# found=2
# cleaned=0
# scan_time=5429
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe Win32/Adware.AnchorFree application 00000000000000000000000000000000 I
C:\Users\Nate\Downloads\HSS-1.34-install-anchorfree-76-conduit.exe a variant of Win32/Adware.AnchorFree application 00000000000000000000000000000000 I

I haven't noticed any party poker pop-ups yet, but the frequency was always fairly random and I would need to surf more to figure that out.

Other than that, it is hard to tell if there is any marked improvements.

Hi. :)


I haven't noticed any party poker pop-ups yet, but the frequency was always fairly random and I would need to surf more to figure that out.

Other than that, it is hard to tell if there is any marked improvements.
OK and thanks for the update.

It might be a idea to perform some system maintenance, information about this is below.

Next:

The online scan has flagged Hotspot Shield and as I mentioned in a prior post it does(more so the tool-bar) have some adware characteristics. I can only advise you uninstall this.

If you do there is a similar application you can called KeyScrambler (http://www.qfxsoftware.com/index.html)(it has a freeware version) that is Vista 64 bit compatible you may wish to consider using instead.

Next:

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow! (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html)

Also so is this:

What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)

Clean up with OTL:

Right-click OTL and select Run as Administrator to start the program.
Close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, depress the CleanUp button.
Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Reset the System Restore points:

Create a new, clean System Restore point:-

Right click on Computer and select Properties >> System protection >> Create.
Give this restore point a descriptive name and click Create.
When done, click Apply >> OK.
Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush Old System Restore points:-

Right click on Computer and select Properties >> System protection.
(untick) Vista C system box an click Turn off system restore then Apply >> OK.
Restart your computer.
Navigate back to System protection >> (tick) Vista C system box >> Apply >> OK
Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed security application, AVG Free 9.0 automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:

Click on Start(Vista Orb) >> All Programs >> Windows Update.
In the navigation pane, click Check for updates.
After Windows Update has finished checking for updates, click View available updates.
Click to select the check box for any found, then click Install.
When completed Reboot(restart) your computer if not prompted to do so.
Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge (http://sourceforge.net/) or Pricelessware (http://www.pricelesswarehome.org/).

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript (http://www.symantec.com/avcenter/noscript.exe) by Symantec or Script Defender (http://www.analogx.com/contents/download/system/sdefend.htm) by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advise is avoid these types of software applications.

Hosts File:

Note: Only download/install one of the below if you do not intend you reimunise with Spybot.

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

MVPS Hosts File (http://www.mvps.org/winhelp2002/hosts.htm)
Bluetack's Hosts File (http://www.bluetack.co.uk/forums/index.php?showtopic=8406)
Bluetack's Host Manager (http://www.bluetack.co.uk/forums/index.php?autocom=faq&CODE=02&qid=16)
hpHosts (http://hosts-file.net/?s=Download)
Only use one of the above.

Install WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here (http://www.winpatrol.com/download.html).

You can find information about how WinPatrol works here (http://www.winpatrol.com/features.html).

Next:

Any questions? Feel free to ask, if not stay safe!

So far no party poker popups, so the initial problem is solved I think.

Any other recommendations for tweaking/speeding things up?

Hi. :)


So far no party poker popups, so the initial problem is solved I think.Good to know. :bigthumb:


Any other recommendations for tweaking/speeding things up? Aye by all means I will provide some advice about this.

The below two applications are 64bit compatible and will be a aid with system maintenance and keep your machine operating well:-


CCleaner Slim (http://majorgeeks.com/CCleaner_Slim_d4191.html) <-- Do not use the Scan for Issie's feature however as this is a pseudo registry optimiser and such have a propensity to remove legitimate entries by mistake and actually will not improve anything.
Defraggler (http://www.piriform.com/defraggler/download) <-- A very useful alternative to the in-built Windows defrag' utility.

I actually use both with my Vista 64bit machine and they are of benefit with regard to system maintenance. One other tip is to run a Check-Disk say at least once per month and this will also be aid with regard to Hard-Drive health:-

Vista Check-Disk:

Please visit this webpage (http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html) and scroll down to:

METHOD ONE:
Run Check Disk from within Vista

Then follow the instructions through 1 - 10 and then reboot your computer and let the Check-Disk perform its tasks. This may take some time.

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.