PDA

View Full Version : Want to check my system the right way



jim45682
2010-11-14, 00:22
I just had a bluescreen error shutdown and when my computer restarted it was running very very slow with almost 95% of the physical memory being used, I ran my anti virus (Avast 5.0 free version) and my spyware/malware scanner (Ad-aware free version 8.3.5) and I also have Advanced system optimizer 3 that checks spyware and registry problems so I ran it.

Avast said it found and removed a virus (win32Agent or somthing like that) and adaware found and removed 22 threats, but I want to have you look at it to be sure everything is ok if you can. My system is windows vista 64 bit.

I attached my DDS and Attach files let me know if you need anything else


Thanks
Jim


DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Administrator at 16:57:07.76 on Sat 11/13/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1512 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
C:\Windows\SysWOW64\atashost.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\lxdmcoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\41II9U8N\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://www.msn.com
uSearch Bar =
mStart Page = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant =
uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mURLSearchHooks: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files (x86)\Mininova-Vuze\tbMin1.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Tensons.Application.DownloadAcceleratorManager.BHO: {00000003-1118-11da-8cd6-0800200c9888} - mscoree.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - C:\Users\Administrator\AppData\LocalLow\CyberDefender\cdmyidd.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll
BHO: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files (x86)\Mininova-Vuze\tbMin1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - C:\Users\Administrator\AppData\LocalLow\CyberDefender\cdmyidd.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll
TB: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files (x86)\Mininova-Vuze\tbMin1.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
TB: egreetings.com Toolbar: {1c99b848-84cb-4ce4-8cd8-ed5719484d9f} - mscoree.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: {e0ed0c12-d9b3-0661-a698-93b5198f9bc8} - Search panel
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Video Library] C:\Windows\system32\rundll32.exe C:\Users\ADMINI~1\AppData\Local\Temp\Rpcqt.dll,Sets
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\dlm.exe /windowsstart /startifwork
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [Lexmark 5000 Series] "C:\Program Files (x86)\Lexmark 5000 Series\fm3032.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm186YYUS
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam.atomicmods.com/activex/AMC.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB-X64: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
EB-X64: {E0ED0C12-D9B3-0661-A698-93B5198F9BC8} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
STS-X64: FencesShlExt Class: {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
STS-X64: Deskscapes Class: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\deskscapes.dll
STS-X64: Stardock Vista ControlPanel Extension: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
STS-X64: StardockDreamController: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-6-23 69152]
R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2009-2-13 33792]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2009-10-14 121936]
R2 AGCoreService;AG Core Services;C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe [2010-5-9 20480]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-6-2 27648]
R2 ASKService;ASKService;C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe [2009-9-19 464264]
R2 ASKUpgrade;ASKUpgrade;C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [2009-9-19 234888]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2010-11-7 263480]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2009-10-14 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2009-10-14 61008]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2009-9-27 20376]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-18 40384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-9-23 1375992]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-31 235624]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-18 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-18 40384]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-9-23 17440]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-10-27 131688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-29 135664]
S2 MyWebSearchService;My Web Search Service; [x]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-9 79360]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-2 27648]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-21 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 npggsvc;nProtect GameGuard Service; [x]
S3 P1764;Sound Blaster Audigy;C:\Windows\System32\drivers\P1764.SYS [2006-3-17 1625088]
S3 p17filtx;p17filtx;C:\Windows\System32\drivers\P17FILTX.SYS [2006-3-20 1539584]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-6-2 19968]
S3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision\RTCore64.sys [2010-8-16 14440]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TVICHW64;TVICHW64;C:\Windows\SysWOW64\drivers\TVICHW64.SYS [2008-10-15 21200]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-26 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-11-13 21:34:12 388096 ----a-r- C:\Users\ADMINI~1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-12 06:42:31 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{2D3E0BCF-2D6C-4B19-B873-B3964C38519A}\mpengine.dll
2010-11-11 20:42:27 77824 ----a-w- C:\Program Files (x86)\Windows Media Player\wmp.dll
2010-11-11 20:42:27 -------- d-----w- C:\Program Files (x86)\WMP Tag Plus
2010-11-11 20:39:16 -------- d-----w- C:\Program Files (x86)\Xiph.Org
2010-11-11 08:07:03 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2010-11-11 08:07:03 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2010-11-10 22:07:20 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2010-11-10 22:07:20 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2010-11-10 01:18:17 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2010-11-10 00:39:07 -------- d-----w- C:\Users\ADMINI~1\AppData\Local\Fallout3
2010-11-10 00:29:46 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks
2010-11-10 00:26:48 -------- d-----w- C:\Windows\SysWow64\xlive
2010-11-09 15:09:52 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files
2010-11-09 02:56:20 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-08 01:46:42 2088 ----a-w- C:\Windows\System32\ASOROSet.bin
2010-11-08 01:46:42 17640 ----a-w- C:\Windows\System32\ROBoot64.exe
2010-11-08 00:16:39 -------- d-----w- C:\PROGRA~3\regid.1986-12.com.adobe
2010-11-08 00:13:53 -------- d-----w- C:\PROGRA~3\Systweak
2010-11-08 00:12:02 -------- d-----w- C:\Windows\Repair
2010-11-08 00:12:01 -------- d-----w- C:\Users\ADMINI~1\AppData\Roaming\Systweak
2010-11-08 00:11:49 16896 ----a-w- C:\Windows\System32\sasnative64.exe
2010-11-08 00:11:43 -------- d-----w- C:\Program Files (x86)\Advanced System Optimizer 3
2010-11-07 21:55:29 -------- d-----w- C:\Program Files (x86)\Common Files\Akamai
2010-11-04 04:48:38 -------- d-----w- C:\Program Files (x86)\DeepSilver
2010-11-04 04:42:04 -------- d-----w- C:\Program Files (x86)\Alcohol Soft
2010-11-04 04:35:00 503352 ----a-w- C:\Windows\System32\drivers\sptd.sys
2010-11-03 05:44:51 -------- d-----w- C:\Program Files (x86)\Strategy First
2010-11-03 03:10:21 -------- d-----w- C:\Users\ADMINI~1\AppData\Roaming\Star Ruler
2010-11-03 03:07:50 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2010-11-03 03:07:29 -------- d-----w- C:\Program Files (x86)\Star Ruler
2010-11-01 06:16:54 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2010-11-01 06:16:53 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2010-11-01 06:16:53 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2010-11-01 06:16:53 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2010-11-01 06:16:53 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2010-11-01 06:16:53 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2010-11-01 06:16:53 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2010-10-29 16:30:36 -------- d-----w- C:\Windows\SysWow64\directx
2010-10-29 16:16:02 -------- d-----w- C:\Users\Administrator\Games
2010-10-29 15:51:49 -------- d-----w- C:\Users\ADMINI~1\AppData\Local\Sunbelt Software
2010-10-29 15:50:54 -------- dc-h--w- C:\PROGRA~3\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-10-29 06:54:18 -------- d-----w- C:\Program Files (x86)\Lighthouse Interactive
2010-10-29 05:14:25 -------- d-----w- C:\Program Files (x86)\OpenAL
2010-10-29 05:14:24 -------- d-----w- C:\Program Files (x86)\OsmosDemo
2010-10-28 04:39:54 794624 ----a-w- C:\Windows\Light Driver 2.scr
2010-10-28 04:39:54 149504 ----a-w- C:\Windows\UNWISE.EXE
2010-10-28 04:30:25 359431 ----a-w- C:\Windows\SysWow64\mioengine.exe
2010-10-28 04:30:25 -------- d-----w- C:\Users\ADMINI~1\AppData\Roaming\mioObjects
2010-10-28 04:27:52 61440 ----a-w- C:\Windows\UnDeploy.exe
2010-10-28 04:27:52 474431 ----a-w- C:\Windows\SysWow64\Realtime Weather Screen Saver 4.02.scr
2010-10-28 04:27:52 -------- d-----w- C:\Program Files (x86)\Proactive Information Corporation
2010-10-28 04:25:44 1719808 ----a-w- C:\Windows\Fantastic Ocean 3D Lite.scr
2010-10-28 04:25:44 -------- d-----w- C:\Windows\3D Ocean Lite
2010-10-28 04:23:05 -------- d-----w- C:\Program Files (x86)\3D Butterfly
2010-10-28 04:16:40 792298 ----a-w- C:\Windows\SysWow64\catsplay.scr
2010-10-28 04:15:13 647168 ----a-w- C:\Windows\SysWow64\bearfree.scr
2010-10-28 04:15:13 -------- d-----w- C:\Program Files (x86)\Bear Celebrates Free Screensaver
2010-10-28 04:11:32 -------- d-----w- C:\Program Files (x86)\FullScreensavers.com
2010-10-28 04:10:33 -------- d-----w- C:\Program Files (x86)\SaversPlanet.com
2010-10-28 04:07:22 1057280 ----a-w- C:\Windows\Moon Clock.scr
2010-10-28 04:07:22 -------- d-----w- C:\Program Files (x86)\7art
2010-10-28 03:45:29 -------- d-----w- C:\Users\ADMINI~1\AppData\Roaming\FreeStone Group
2010-10-28 03:45:25 -------- d-----w- C:\Program Files (x86)\Video Card Stability Test
2010-10-27 22:14:15 235344 ----a-w- C:\Windows\SysWow64\d3dx11_42.dll
2010-10-27 22:14:15 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2010-10-27 22:11:40 -------- d-----w- C:\Users\ADMINI~1\AppData\Roaming\NVIDIA
2010-10-27 21:56:23 -------- d-----w- C:\Program Files (x86)\EVGA Precision
2010-10-27 21:07:09 29288 ----a-w- C:\Windows\System32\nvhdap64.dll
2010-10-27 21:07:09 255592 ----a-w- C:\Windows\System32\nvcohda6.dll
2010-10-27 21:07:09 131688 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2010-10-27 21:04:37 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2010-10-27 21:03:49 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
2010-10-27 21:03:38 -------- d-----w- C:\Program Files\NVIDIA Corporation
2010-10-26 23:10:10 1927680 ----a-w- C:\Windows\System32\gameux.dll
2010-10-26 23:10:10 1696256 ----a-w- C:\Windows\SysWow64\gameux.dll
2010-10-26 23:10:08 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2010-10-26 23:10:08 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2010-10-26 23:10:07 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2010-10-26 23:10:06 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2010-10-22 19:03:32 -------- d-----w- C:\Program Files (x86)\Sierra
2010-10-22 16:57:54 -------- d-----w- C:\Windows\SysWow64\Adobe
2010-10-21 13:53:01 -------- d-----w- C:\Windows\en
2010-10-21 13:47:11 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2010-10-21 13:45:45 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2010-10-21 13:45:45 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2010-10-21 13:45:44 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2010-10-21 13:44:39 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1ac67a2d1cb712611\MeshBetaRemover.exe
2010-10-21 13:44:36 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1976a19d1cb712610\DSETUP.dll
2010-10-21 13:44:36 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1976a19d1cb712610\DXSETUP.exe
2010-10-21 13:44:36 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1976a19d1cb712610\dsetup32.dll
2010-10-21 13:44:35 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\17cb629d1cb71260f\DSETUP.dll
2010-10-21 13:44:35 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\17cb629d1cb71260f\DXSETUP.exe
2010-10-21 13:44:35 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\17cb629d1cb71260f\dsetup32.dll
2010-10-21 13:43:46 -------- d-----w- C:\Users\ADMINI~1\AppData\Local\Windows Live
2010-10-21 13:42:58 754688 ----a-w- C:\Windows\SysWow64\webservices.dll
2010-10-21 13:42:58 1103872 ----a-w- C:\Windows\System32\webservices.dll
2010-10-18 21:03:03 38848 ----a-w- C:\Windows\avastSS.scr
2010-10-18 21:02:20 -------- d-----w- C:\PROGRA~3\Alwil Software
2010-10-18 20:01:13 36168 ----a-w- C:\Windows\System32\uxtEA13.tmp
2010-10-18 19:59:49 -------- d-----w- C:\Users\ADMINI~1\AppData\Roaming\TuneUp Software
2010-10-18 19:58:12 -------- d-----w- C:\PROGRA~3\TuneUp Software
2010-10-18 19:57:33 -------- d-sh--w- C:\PROGRA~3\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-10-17 01:00:28 40960 ----a-r- C:\Users\ADMINI~1\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2010-10-17 01:00:28 40960 ----a-r- C:\Users\ADMINI~1\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2010-10-17 01:00:19 -------- d-----w- C:\Program Files (x86)\Project64 1.6
2010-10-17 00:13:24 -------- d-----w- C:\Users\ADMINI~1\AppData\Roaming\Raptr
2010-10-17 00:13:24 -------- d-----w- C:\Program Files (x86)\Raptr
2010-10-17 00:05:58 -------- d-----w- C:\Program Files (x86)\ConduitEngine
2010-10-17 00:05:54 -------- d-----w- C:\Program Files (x86)\Vuze_Remote

==================== Find3M ====================

2010-11-11 21:12:27 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2010-11-11 21:12:27 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2010-11-11 21:12:27 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2010-11-03 16:08:29 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-27 16:35:41 43168 ----a-w- C:\Windows\System32\drivers\lirsgt.sys
2010-09-27 16:35:41 312480 ----a-w- C:\Windows\System32\drivers\atksgt.sys
2010-09-23 07:46:09 69152 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2010-09-23 04:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-23 04:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-22 02:53:16 111928 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2010-09-21 18:18:35 682280 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2010-09-13 14:32:37 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-13 02:46:54 967 ----a-w- C:\Windows\ScUnin.pif
2010-09-13 02:46:54 94208 ----a-w- C:\Windows\ScUnin.exe
2010-09-08 06:41:05 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 06:36:53 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 06:36:38 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-09-08 06:36:24 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-09-08 06:36:23 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-09-08 06:01:28 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-09-08 05:36:07 479232 ----a-w- C:\Windows\System32\html.iec
2010-09-08 05:04:36 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 04:51:18 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-09-08 04:49:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 04:26:46 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-07 14:47:33 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2010-09-06 18:28:38 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2010-09-06 18:28:38 12288 ----a-w- C:\Windows\System32\sscore.dll
2010-09-06 18:27:03 17920 ----a-w- C:\Windows\System32\netevent.dll
2010-09-06 16:20:29 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-09-06 16:19:06 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2010-09-06 15:34:14 451584 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-09-06 15:33:51 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-09-06 15:33:49 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-31 17:27:07 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-31 15:46:37 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-08-31 14:57:39 2753024 ----a-w- C:\Windows\System32\win32k.sys
2010-08-26 17:46:52 189952 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 17:40:08 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2010-08-26 17:40:07 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-08-26 17:40:07 284672 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2010-08-26 16:37:45 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-26 16:33:06 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll
2010-08-20 16:57:50 1090048 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-20 16:05:07 867328 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-17 14:54:20 273920 ----a-w- C:\Windows\System32\spoolsv.exe

============= FINISH: 16:57:36.20 ===============

ken545
2010-11-19, 20:07
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Sorry for the delay but the forums get real busy.

Off hand not looking at anything to bad.

ASKToolbar Read about it and let me know if you want to remove it, it has no uninstall option.

* It promotes its toolbars on sites targeted at kids.
* It promotes its toolbars through ads that appear to be part of other companies' sites.
* It promotes its toolbars through other companies' spyware.
* It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
* It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
* It makes confusing changes to user's browsers - increasing Ask's revenues while taking users to pages they didn't intend to visit.



Lets take a deeper look into your system with a new tool and current log


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

jim45682
2010-11-19, 21:59
Thanks for your time in helping me, as requested here are the OTL scans;

OTL logfile created on: 11/19/2010 2:50:48 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 96.28 Gb Free Space | 32.30% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\Advanced System Optimizer 3\systemprotector.exe (Systweak Inc., (www.systweak.com))
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Vuze\Azureus.exe (Vuze Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe (AG Interactive)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe ()
PRC - C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe ()
PRC - C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (lxdm_device) -- C:\Windows\SysNative\lxdmcoms.exe ( )
SRV:64bit: - (lxdmCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdmserv.exe ()
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_5632d69.dll ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (ASO3DiskOptimizer) -- C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe (Systweak Inc., (www.systweak.com))
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (AGCoreService) -- C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe (AG Interactive)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (ASKUpgrade) -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (ASKService) -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (lxdm_device) -- C:\Windows\SysWow64\lxdmcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (NPPTNT2) -- C:\Windows\SysNative\npptNT2.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (purendis) -- C:\Windows\SysNative\DRIVERS\purendis.sys (Cisco Systems, Inc.)
DRV:64bit: - (pnarp) -- C:\Windows\SysNative\DRIVERS\pnarp.sys (Cisco Systems, Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\DRIVERS\motmodem.sys (Motorola)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (p17filtx) -- C:\Windows\SysNative\drivers\p17filtx.sys (Sensaura)
DRV:64bit: - (P1764) -- C:\Windows\SysNative\drivers\P1764.sys (Creative Technology Ltd.)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (RTCore64) -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys ()
DRV - (TVICHW64) -- C:\Windows\SysWOW64\drivers\TVICHW64.SYS (EnTech Taiwan)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files (x86)\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/29 02:22:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/01 12:26:30 | 000,000,000 | ---D | M]

[2010/02/07 21:02:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2010/02/07 21:02:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/04/17 22:54:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/09/19 09:05:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions
[2009/09/19 09:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/01/30 07:22:48 | 000,678,400 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\components\ec09dff2-76c2-a0ba-debd-a8f37a2e17e0.dll
[2008/12/01 08:42:06 | 000,638,464 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\components\nsadzgalore.dll
[2008/10/14 21:33:30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

O1 HOSTS File: ([2010/05/13 17:53:40 | 000,001,204 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (Tensons.Application.DownloadAcceleratorManager.BHO) - {00000003-1118-11da-8cd6-0800200c9888} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (agihelper.AGUtils) - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Administrator\AppData\LocalLow\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files (x86)\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (egreetings.com Toolbar) - {1c99b848-84cb-4ce4-8cd8-ed5719484d9f} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Administrator\AppData\LocalLow\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dllĀ File not found
O3 - HKLM\..\Toolbar: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files (x86)\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Administrator\AppData\LocalLow\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Lexmark 5000 Series] C:\Program Files (x86)\Lexmark 5000 Series\fm3032.exe ()
O4 - HKLM..\Run: [P17Helper] C:\Windows\SysWow64\P17.DLL ()
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\dlm.exe (IGN Entertainment)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\Windows\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Video Library] C:\Users\Administrator\AppData\Local\Temp\Rpcqt.dll (Lavasoft )
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1216013807322&h=d9ebd5547dc8cdf7a6c1ac80beaae205/&filename=jinstall-6u7-windows-i586-jc.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} http://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab (CanvasX Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://webcam.atomicmods.com/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: CabBuilder http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\Pictures\untitled.bmp
O24 - Desktop BackupWallPaper: C:\Users\Administrator\Pictures\untitled.bmp
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/16 22:33:31 | 000,192,464 | ---- | M] () - C:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2009/04/16 22:33:31 | 000,063,204 | ---- | M] () - C:\AUTO.pst -- [ NTFS ]
O33 - MountPoints2\{40bf6040-e7cd-11df-b939-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{40bf6040-e7cd-11df-b939-806e6f6e6963}\Shell\AutoRun\command - "" = J:\kochstart\kochstart.exe -- File not found
O33 - MountPoints2\{8425e4fb-161e-11df-b4e1-001d600c0762}\Shell - "" = AutoRun
O33 - MountPoints2\{8425e4fb-161e-11df-b4e1-001d600c0762}\Shell\AutoRun\command - "" = N:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (sasnative64) - File not found
O34 - HKLM BootExecute: (ettings...) - File not found
O34 - HKLM BootExecute: (ountPoints2\O\Shell) - File not found
O34 - HKLM BootExecute: (nts2\N\S) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

jim45682
2010-11-19, 22:02
continued;

========== Files/Folders - Created Within 30 Days ==========

[2010/11/19 14:48:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/11/19 14:46:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\HPAppData
[2010/11/16 09:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2010/11/13 16:53:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/13 16:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/11/11 15:42:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WMP Tag Plus
[2010/11/11 15:39:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xiph.Org
[2010/11/11 03:07:03 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010/11/11 03:07:03 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/11/09 20:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010/11/09 19:39:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Fallout3
[2010/11/09 19:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2010/11/09 19:26:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010/11/09 10:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/11/08 22:31:12 | 000,402,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvraiins.dll
[2010/11/08 22:31:12 | 000,402,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvraidco.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoPtb.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoIt.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoFr.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoEsm.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoEs.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoDe.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoSv.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoRu.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoNo.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoNl.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoFi.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoDa.dll
[2010/11/08 22:31:12 | 000,017,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoENU.dll
[2010/11/08 22:31:12 | 000,017,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoEng.dll
[2010/11/08 22:31:12 | 000,016,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoKo.dll
[2010/11/08 22:31:12 | 000,016,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoJa.dll
[2010/11/08 22:31:12 | 000,015,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoZht.dll
[2010/11/08 22:31:12 | 000,015,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoZhc.dll
[2010/11/08 21:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/11/08 21:56:20 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/11/08 21:56:20 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/11/08 21:56:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/11/08 21:56:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/11/07 20:46:42 | 000,017,640 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\ROBoot64.exe
[2010/11/07 19:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/11/07 19:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2010/11/07 19:12:02 | 000,000,000 | ---D | C] -- C:\Windows\Repair
[2010/11/07 19:12:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Systweak
[2010/11/07 19:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Optimizer 3
[2010/11/07 19:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/11/07 19:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/07 19:02:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010/11/07 16:55:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010/11/03 23:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DeepSilver
[2010/11/03 23:42:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2010/11/03 00:44:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Strategy First
[2010/11/02 22:10:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Star Ruler
[2010/11/02 22:07:50 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/11/02 22:07:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Star Ruler
[2010/10/31 15:53:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\EA Games
[2010/10/31 14:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/10/29 11:30:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/10/29 11:16:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Games
[2010/10/29 10:51:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Sunbelt Software
[2010/10/29 10:50:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/10/29 01:54:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lighthouse Interactive
[2010/10/29 00:14:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\OsmosDemo
[2010/10/29 00:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2010/10/29 00:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OsmosDemo
[2010/10/27 23:31:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\New Folder (2)
[2010/10/27 23:30:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\mioObjects
[2010/10/27 23:27:52 | 000,061,440 | ---- | C] (JGsoft - Just Great Software) -- C:\Windows\UnDeploy.exe
[2010/10/27 23:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proactive Information Corporation
[2010/10/27 23:25:44 | 000,000,000 | ---D | C] -- C:\Windows\3D Ocean Lite
[2010/10/27 23:23:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3D Butterfly
[2010/10/27 23:16:40 | 000,792,298 | ---- | C] (Axialis Software) -- C:\Windows\SysWow64\catsplay.scr
[2010/10/27 23:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bear Celebrates Free Screensaver
[2010/10/27 23:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FullScreensavers.com
[2010/10/27 23:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaversPlanet.com
[2010/10/27 23:07:22 | 001,057,280 | ---- | C] (7art-screensavers.com) -- C:\Windows\Moon Clock.scr
[2010/10/27 23:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7art
[2010/10/27 22:45:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\FreeStone Group
[2010/10/27 22:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Video Card Stability Test
[2010/10/27 17:14:15 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/10/27 17:14:15 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010/10/27 17:11:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\NVIDIA
[2010/10/27 16:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVGA Precision
[2010/10/27 16:07:09 | 000,255,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcohda6.dll
[2010/10/27 16:07:09 | 000,131,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2010/10/27 16:07:09 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2010/10/27 16:04:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/10/27 16:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/10/27 16:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/10/26 18:10:10 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/10/26 18:10:10 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/10/26 18:10:08 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/10/26 18:10:08 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/10/26 18:10:07 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/10/26 18:10:06 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/10/22 14:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra
[2010/10/22 11:57:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/10/21 08:53:01 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/21 08:47:11 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2010/10/21 08:45:45 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/10/21 08:45:45 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/10/21 08:45:44 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/10/21 08:43:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Windows Live
[2010/10/21 08:42:58 | 001,103,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webservices.dll
[2010/10/21 08:42:58 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webservices.dll
[2008/11/09 19:36:35 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdminpa.dll
[2008/11/09 19:36:35 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmiesc.dll
[2008/11/09 19:36:34 | 000,950,272 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmusb1.dll
[2008/11/09 19:36:34 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmpmui.dll
[2008/11/09 19:36:33 | 001,200,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmserv.dll
[2008/11/09 19:36:33 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmcomc.dll
[2008/11/09 19:36:33 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmhbn3.dll
[2008/11/09 19:36:33 | 000,565,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmlmpm.dll
[2008/11/09 19:36:33 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmcomm.dll
[2008/11/09 19:36:33 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmprox.dll
[2002/04/11 03:41:06 | 000,065,536 | ---- | C] ( ) -- C:\Windows\SysWow64\A3D.DLL
[4 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/19 14:49:43 | 000,630,272 | ---- | M] () -- C:\Users\Administrator\Desktop\dds.scr
[2010/11/19 14:48:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/11/19 14:44:15 | 000,037,685 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/11/19 14:34:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/19 14:31:23 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2FE5C40A-E355-489E-B912-307BFB235DDC}.job
[2010/11/19 14:22:33 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/19 14:22:33 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/19 10:52:16 | 000,037,685 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/11/19 04:52:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ASO-AntiSpyware.job
[2010/11/19 01:34:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/18 17:54:01 | 000,000,598 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Administrator.job
[2010/11/17 08:51:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ASO-SystemCleaner.job
[2010/11/17 07:44:05 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\ASO-RegistryCleaner.job
[2010/11/17 07:43:39 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\ASO-DiskOptimizer.job
[2010/11/16 09:55:01 | 000,000,769 | ---- | M] () -- C:\Users\Administrator\Desktop\World of Warcraft.lnk
[2010/11/13 17:20:06 | 000,004,035 | ---- | M] () -- C:\Users\Administrator\Documents\Attach.zip
[2010/11/13 17:12:31 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/11/13 16:53:12 | 000,000,943 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/13 16:52:58 | 000,000,744 | ---- | M] () -- C:\Users\Administrator\Desktop\ERUNT.lnk
[2010/11/13 16:34:26 | 000,002,575 | ---- | M] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2010/11/13 16:27:53 | 000,802,674 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/13 16:27:53 | 000,672,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/13 16:27:53 | 000,131,726 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/13 16:20:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/11 16:12:27 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/11/11 16:12:27 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/11/11 16:12:27 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/11/11 16:12:27 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/11/10 08:55:29 | 000,001,085 | ---- | M] () -- C:\Users\Administrator\Desktop\FalloutLauncher - Shortcut.lnk
[2010/11/09 20:16:36 | 000,001,050 | ---- | M] () -- C:\Users\Administrator\Desktop\Fallout3 - Shortcut.lnk
[2010/11/08 21:51:27 | 000,002,111 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Optimizer.lnk
[2010/11/08 21:51:27 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Smart PC Care.lnk
[2010/11/08 21:51:27 | 000,000,877 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced System Optimizer.lnk
[2010/11/07 20:55:00 | 005,378,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/07 20:52:29 | 000,002,088 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2010/11/07 19:17:21 | 000,001,019 | ---- | M] () -- C:\Users\Administrator\Desktop\Adobe Photoshop CS5 (64 Bit).lnk
[2010/11/05 15:34:53 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/11/04 20:56:46 | 000,012,288 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/04 00:00:40 | 000,000,965 | ---- | M] () -- C:\Users\Administrator\Desktop\X3 - Shortcut.lnk
[2010/11/04 00:00:13 | 000,000,124 | ---- | M] () -- C:\Users\Administrator\Documents\ax_files.xml
[2010/11/03 23:42:56 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010/11/03 23:35:00 | 000,503,352 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/11/03 11:08:29 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/11/03 00:45:09 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Space Empires V.lnk
[2010/11/02 22:09:55 | 000,000,859 | ---- | M] () -- C:\Users\Administrator\Desktop\Star Ruler.lnk
[2010/10/29 11:30:40 | 000,000,938 | ---- | M] () -- C:\Users\Administrator\Desktop\2.lnk
[2010/10/29 10:50:53 | 000,001,073 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/29 10:50:53 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/10/29 01:59:55 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\Sword of the Stars CE.lnk
[2010/10/29 01:36:15 | 000,000,298 | ---- | M] () -- C:\Windows\vtmb.ini
[2010/10/29 00:14:26 | 000,000,858 | ---- | M] () -- C:\Users\Administrator\Desktop\OsmosDemo.lnk
[2010/10/27 23:43:36 | 000,000,130 | ---- | M] () -- C:\Windows\waterfalls.ini
[2010/10/27 23:30:24 | 000,359,431 | ---- | M] () -- C:\Windows\SysWow64\mioengine.exe
[2010/10/27 23:16:40 | 000,792,298 | ---- | M] (Axialis Software) -- C:\Windows\SysWow64\catsplay.scr
[2010/10/27 23:12:41 | 000,001,676 | ---- | M] () -- C:\Windows\unins000.dat
[2010/10/27 17:14:17 | 000,002,328 | ---- | M] () -- C:\Users\Administrator\Desktop\Supersonic Sled Configuration.lnk
[2010/10/27 17:14:17 | 000,002,323 | ---- | M] () -- C:\Users\Administrator\Desktop\Supersonic Sled.lnk
[2010/10/27 17:14:17 | 000,001,150 | ---- | M] () -- C:\Users\Administrator\Desktop\Supersonic Sled Replays.lnk
[2010/10/27 16:56:24 | 000,000,913 | ---- | M] () -- C:\Users\Administrator\Desktop\EVGA Precision.lnk
[2010/10/27 15:55:07 | 000,001,460 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2010/10/24 12:11:02 | 000,002,009 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/22 14:20:13 | 000,000,964 | ---- | M] () -- C:\Users\Administrator\Desktop\CaesarIV - Shortcut.lnk
[2010/10/22 14:15:19 | 000,000,190 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2010/10/22 14:04:24 | 000,001,623 | ---- | M] () -- C:\Users\Public\Desktop\Play Caesar IV!.lnk
[4 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/19 14:49:38 | 000,630,272 | ---- | C] () -- C:\Users\Administrator\Desktop\dds.scr
[2010/11/13 17:20:06 | 000,004,035 | ---- | C] () -- C:\Users\Administrator\Documents\Attach.zip
[2010/11/13 16:53:12 | 000,000,943 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/13 16:52:58 | 000,000,744 | ---- | C] () -- C:\Users\Administrator\Desktop\ERUNT.lnk
[2010/11/13 16:34:11 | 000,002,575 | ---- | C] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2010/11/13 12:21:00 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\ASO-SystemCleaner.job
[2010/11/13 12:20:28 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\ASO-RegistryCleaner.job
[2010/11/13 12:19:55 | 000,000,472 | ---- | C] () -- C:\Windows\tasks\ASO-DiskOptimizer.job
[2010/11/13 12:18:44 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\ASO-AntiSpyware.job
[2010/11/11 03:29:32 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/11/10 08:55:29 | 000,001,085 | ---- | C] () -- C:\Users\Administrator\Desktop\FalloutLauncher - Shortcut.lnk
[2010/11/09 20:16:36 | 000,001,050 | ---- | C] () -- C:\Users\Administrator\Desktop\Fallout3 - Shortcut.lnk
[2010/11/09 19:28:16 | 000,028,089 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_depcheckdotnetfx30.txt
[2010/11/09 19:28:10 | 000,033,634 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_dotnetfx3install.txt
[2010/11/09 19:28:10 | 000,000,604 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_dotnetfx3error.txt
[2010/11/07 20:46:42 | 000,002,088 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2010/11/07 19:17:21 | 000,001,019 | ---- | C] () -- C:\Users\Administrator\Desktop\Adobe Photoshop CS5 (64 Bit).lnk
[2010/11/07 19:11:49 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2010/11/07 19:11:46 | 000,002,111 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Optimizer.lnk
[2010/11/07 19:11:46 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Smart PC Care.lnk
[2010/11/07 19:11:46 | 000,000,877 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced System Optimizer.lnk
[2010/11/04 00:00:40 | 000,000,965 | ---- | C] () -- C:\Users\Administrator\Desktop\X3 - Shortcut.lnk
[2010/11/04 00:00:13 | 000,000,124 | ---- | C] () -- C:\Users\Administrator\Documents\ax_files.xml
[2010/11/03 23:42:56 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010/11/03 23:35:00 | 000,503,352 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/11/03 00:45:09 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Space Empires V.lnk
[2010/11/02 22:09:55 | 000,000,859 | ---- | C] () -- C:\Users\Administrator\Desktop\Star Ruler.lnk
[2010/11/02 22:07:58 | 000,417,272 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistMSI079C.txt
[2010/11/02 22:07:54 | 000,014,792 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI079C.txt
[2010/10/29 11:30:40 | 000,000,938 | ---- | C] () -- C:\Users\Administrator\Desktop\2.lnk
[2010/10/29 10:50:53 | 000,001,073 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/29 10:50:53 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/10/29 01:59:55 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\Sword of the Stars CE.lnk
[2010/10/29 01:36:15 | 000,000,298 | ---- | C] () -- C:\Windows\vtmb.ini
[2010/10/29 00:14:26 | 000,000,858 | ---- | C] () -- C:\Users\Administrator\Desktop\OsmosDemo.lnk
[2010/10/27 23:43:24 | 000,000,130 | ---- | C] () -- C:\Windows\waterfalls.ini
[2010/10/27 23:39:54 | 003,446,272 | ---- | C] () -- C:\Windows\Light Driver 2.stg
[2010/10/27 23:39:54 | 000,794,624 | ---- | C] () -- C:\Windows\Light Driver 2.scr
[2010/10/27 23:39:54 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2010/10/27 23:30:25 | 000,359,431 | ---- | C] () -- C:\Windows\SysWow64\mioengine.exe
[2010/10/27 23:27:52 | 000,474,431 | ---- | C] () -- C:\Windows\SysWow64\Realtime Weather Screen Saver 4.02.scr
[2010/10/27 23:25:45 | 000,000,081 | ---- | C] () -- C:\Windows\3d-ocean-homepage.url
[2010/10/27 23:25:44 | 001,719,808 | ---- | C] () -- C:\Windows\Fantastic Ocean 3D Lite.scr
[2010/10/27 23:15:13 | 000,647,168 | ---- | C] () -- C:\Windows\SysWow64\bearfree.scr
[2010/10/27 23:12:41 | 000,001,676 | ---- | C] () -- C:\Windows\unins000.dat
[2010/10/27 17:14:17 | 000,002,328 | ---- | C] () -- C:\Users\Administrator\Desktop\Supersonic Sled Configuration.lnk
[2010/10/27 17:14:17 | 000,002,323 | ---- | C] () -- C:\Users\Administrator\Desktop\Supersonic Sled.lnk
[2010/10/27 17:14:17 | 000,001,150 | ---- | C] () -- C:\Users\Administrator\Desktop\Supersonic Sled Replays.lnk
[2010/10/27 16:56:24 | 000,000,913 | ---- | C] () -- C:\Users\Administrator\Desktop\EVGA Precision.lnk
[2010/10/27 16:29:18 | 000,037,685 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/10/27 16:29:17 | 000,037,685 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/10/27 16:01:23 | 000,010,932 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/10/24 12:11:02 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/10/24 12:11:02 | 000,002,009 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/22 14:20:13 | 000,000,964 | ---- | C] () -- C:\Users\Administrator\Desktop\CaesarIV - Shortcut.lnk
[2010/10/22 14:15:19 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/10/22 14:04:24 | 000,001,623 | ---- | C] () -- C:\Users\Public\Desktop\Play Caesar IV!.lnk
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/10/13 08:26:30 | 000,367,906 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistMSI7843.txt
[2010/10/13 08:26:29 | 000,012,210 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI7843.txt
[2010/06/23 11:10:13 | 000,374,670 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistMSI46AF.txt
[2010/06/23 11:10:13 | 000,011,426 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI46AF.txt
[2010/05/13 23:52:07 | 000,003,072 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\HFO27 Pref
[2010/05/13 23:52:05 | 000,000,035 | -H-- | C] () -- C:\Users\Administrator\AppData\Roaming\hfo26id
[2010/03/03 22:51:33 | 000,001,615 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/09/27 13:48:23 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/08/26 04:58:39 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/26 04:57:31 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/07 23:04:56 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/05/24 22:10:18 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/04/26 21:04:25 | 000,000,009 | ---- | C] () -- C:\Program Files (x86)\install_log.dat
[2009/04/25 23:08:54 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2009/02/13 10:59:25 | 000,000,077 | ---- | C] () -- C:\Windows\st_affiliate.ini
[2008/11/26 20:16:36 | 002,783,026 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_NET_Framework35_x64_MSI3889.txt
[2008/11/26 20:14:36 | 000,199,947 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2008/11/26 20:14:32 | 000,175,458 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_dotnetfx35install.txt
[2008/11/26 20:14:32 | 000,005,902 | ---- | C] () -- C:\Users\Administrator\AppData\Local\uxeventlog.txt
[2008/11/26 20:14:32 | 000,000,002 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_dotnetfx35error.txt
[2008/11/13 06:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2008/11/09 19:36:35 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdmcomx.dll
[2008/11/09 19:36:35 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdminst.dll
[2008/10/25 13:17:57 | 000,786,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/09/19 16:20:55 | 000,000,616 | ---- | C] () -- C:\Windows\SysWow64\Warlords4Editor.ini
[2008/06/02 17:23:12 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/05/07 14:22:05 | 000,012,288 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/23 22:24:57 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2008/04/23 22:24:57 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2008/04/23 22:05:51 | 000,000,078 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2008/04/23 18:28:40 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008/04/23 17:47:24 | 000,003,348 | ---- | C] () -- C:\Windows\SysWow64\Ludap17.ini
[2008/04/23 17:38:28 | 000,001,460 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2007/12/04 05:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007/06/07 15:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2006/03/17 18:11:56 | 000,081,408 | ---- | C] () -- C:\Windows\SysWow64\P17.DLL
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\AMV_DecDLL.dll
[2003/10/02 20:48:18 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\P17CPI.DLL

========== LOP Check ==========

[2010/06/11 01:07:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\2monkeys
[2008/11/09 19:42:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\5000 Series
[2010/09/01 22:07:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Advanced Combat Tracker
[2008/08/14 20:06:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Amaranth Games
[2009/08/05 10:12:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Astro Gemini Software
[2010/11/19 14:54:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Azureus
[2010/07/05 21:20:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Big Fish Games
[2008/12/03 23:03:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BitDownload
[2009/08/15 13:33:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Blitware
[2008/07/04 01:23:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\cerasus.media
[2008/12/25 21:12:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
[2009/07/19 20:22:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Electronic Arts
[2009/05/15 00:34:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EleFun Games
[2010/07/06 10:07:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ERS G-Studio
[2010/08/08 00:38:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ERS Game Studios
[2008/09/17 21:12:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Eyeblaster
[2008/07/28 22:41:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FarmerJane
[2009/02/13 13:24:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Flood Light Games
[2008/08/12 12:34:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ForgottenRiddles2
[2010/10/27 22:45:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FreeStone Group
[2008/07/31 18:40:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Friday's games
[2010/06/11 00:38:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Fugazo
[2008/09/17 21:12:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GameHouse
[2010/02/17 12:29:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GARMIN
[2009/11/25 00:12:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GetRightToGo
[2010/08/22 12:45:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Gogii
[2008/07/04 00:57:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Gogii Games
[2009/08/25 18:34:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
[2010/10/08 00:13:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InfraRecorder
[2009/02/08 03:47:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\iWin
[2010/07/05 22:01:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Lazy Turtle Games
[2010/09/26 17:07:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2008/11/09 19:45:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Lexmark Productivity Studio
[2010/11/07 20:42:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LimeWire
[2010/07/06 22:04:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Merscom
[2010/10/27 23:30:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mioObjects
[2009/07/25 14:14:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\My Games
[2009/09/21 19:24:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MyPublisher
[2009/06/27 12:28:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\NCH Swift Sound
[2009/02/05 14:56:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Oberon Games
[2010/08/22 12:44:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Oberon Media
[2010/10/07 15:54:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2010/09/12 21:13:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PlayFirst
[2008/12/03 03:49:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Pogo Games
[2010/08/18 11:58:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ProfitUI Reborn Updater
[2010/10/26 18:31:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Raptr
[2009/05/10 15:52:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sierra
[2008/06/12 19:29:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Skinux
[2010/07/06 23:11:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Skunk Studios
[2008/10/27 01:14:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SpinTop
[2010/11/03 01:00:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Star Ruler
[2009/08/04 23:24:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Stardock
[2009/10/18 13:50:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\StreamTorrent
[2008/07/31 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sudden Games
[2010/11/07 19:12:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Systweak
[2008/12/08 03:50:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TheScruffs
[2010/10/18 14:59:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2010/02/07 21:05:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Vivox
[2010/11/13 17:12:31 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/11/19 04:52:00 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\ASO-AntiSpyware.job
[2010/11/17 07:43:39 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\ASO-DiskOptimizer.job
[2010/11/17 07:44:05 | 000,000,460 | ---- | M] () -- C:\Windows\Tasks\ASO-RegistryCleaner.job
[2010/11/17 08:51:00 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\ASO-SystemCleaner.job
[2010/11/13 16:16:06 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/19 14:31:23 | 000,000,450 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2FE5C40A-E355-489E-B912-307BFB235DDC}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:BD9F7E4E
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:CB0EB1DE
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:FC4EA67C
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:34B9286E
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:FACB65E7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:7715B65F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:3AD6342E
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:FAFEC4B9
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:9491C9C7
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9B7E8561
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D3A89E47
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:7FD903D7
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:EDED3240
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:68B61847
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:07241935
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:80EA2EA3
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:895A78C5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:814B9485
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7F66BF58
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:2AE459B9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:EA1919C7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C5A503E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2C678471
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:225CD7D5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A724744F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:426796C0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:3F2F06F2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:943E8182
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5D2892D9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CA0CE093
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:AA60673F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:BE40C8A2
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3B5038B1
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:114BD271
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:101708D3
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:CC2686CD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:3C5ABDC7
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8401B6D5
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:F036C20D
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:581B0446
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:957E9765
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:7A0EFE63
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:96CC3FEF
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:AF54CFFD
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:8160BC44
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:24FECE50
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:EA34E08F
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:ED810E46
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B894C266

< End of report >

jim45682
2010-11-19, 22:03
extras.txt

OTL Extras logfile created on: 11/19/2010 2:50:48 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 96.28 Gb Free Space | 32.30% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = BA F7 3C 43 0B FB C8 01 [binary data]
"VistaSp2" = 10 F6 59 A8 D9 3D CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found
"C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteelmeters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- File not found
"C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A1A45A4-8333-46D6-BAB8-968E4D5D8093}" = lport=137 | protocol=17 | dir=in | app=system |
"{0CE1D986-F913-460D-BEEA-5ED62975A864}" = lport=2869 | protocol=6 | dir=in | app=system |
"{10E6A2BC-64CA-40B7-9F54-7AFE27297114}" = rport=138 | protocol=17 | dir=out | app=system |
"{134597AF-3F99-4DA0-B833-A8B7001C479D}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{21FC40D9-A8E1-4705-9307-6ABCC16D1BC7}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
"{296F570F-56DA-465A-B006-B68947C76C92}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{3DDA6060-0579-4DAB-8394-33A7D46A8AE3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3F8B4931-5901-4EE3-A5ED-C67D2DA36BF6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{40F9A2A8-665C-4511-9CAE-F0F639F1F796}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{4977546E-6E46-41B5-9DAF-3D8B3A39F5A7}" = lport=138 | protocol=17 | dir=in | app=system |
"{49E563A3-16CF-41AE-AB70-9A120F9CD2F8}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{4D2C5A77-4933-459D-B38F-6C2435ED50B9}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{8BA6FBA8-F7DA-4958-A993-8AC14AA0AA2A}" = lport=445 | protocol=6 | dir=in | app=system |
"{94F7034A-63C4-47FD-B484-A5754B5FE447}" = rport=139 | protocol=6 | dir=out | app=system |
"{A47D51FC-D798-41D3-B483-07B1C94CF2E9}" = rport=445 | protocol=6 | dir=out | app=system |
"{B996CE69-7826-43F9-A10E-594F9CDA6DFC}" = lport=55298 | protocol=6 | dir=in | name=akamai netsession interface |
"{C0FD1EE7-F779-4FCE-8EEE-378A14EF2F5F}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{C929CAFB-E3B7-45A8-B149-AD4CC4DED043}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{D111B4D5-BB6B-4A2F-9B65-1BCAC5850307}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E75BCAB1-A241-45C3-9CCF-795EBDB4E604}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{F1E930BD-81ED-4243-8CBA-AE04618E5484}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FE24F699-0AC1-44EC-9344-D289C6BF5710}" = rport=137 | protocol=17 | dir=out | app=system |
"{FE25ADDB-15F6-465A-85AA-D3CC7DA75CCA}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C19571-9193-4AD8-8EA8-A51BFA67500C}" = protocol=17 | dir=in | app=c:\users\administrator\games\unreal tournament 3\binaries\ut3.exe |
"{031B5011-65D8-4393-BEA8-D5D9142872DD}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{03412D09-24AE-4D87-BC60-2810FF3FFB36}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{0AE9FD28-76BD-4ECF-AB77-DF3E4A209E40}" = protocol=17 | dir=in | app=c:\users\administrator\games\unreal tournament 3\binaries\unrealconsole.exe |
"{0B84AED2-FBF4-47B8-A89E-1099510DA930}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{0F1E3674-AF92-47EA-A04A-0D4FCB6C312E}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yserver.exe |
"{0F65DA63-F3A6-47D2-A26F-E853D05C9F7B}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdmcoms.exe |
"{0FA0D58D-4547-4A67-A0E0-19AEC708927E}" = protocol=6 | dir=in | app=c:\users\administrator\games\unreal tournament 3\binaries\unrealfrontend.exe |
"{11669063-3DB4-4B5F-BA10-C61E9DB05DB0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{14491340-B645-4865-AEE0-839622A0BA68}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{155C203D-93AC-4EE2-9FC2-30F9C3C36597}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{1BDFACD6-16A7-4242-A118-902145F87BED}" = protocol=6 | dir=in | app=c:\users\administrator\games\unreal tournament 3\binaries\ut3.exe |
"{1BE27BBC-20BB-43FF-9F5F-B2DC6B3CA47B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{1CEF6F6B-8E03-42A5-9CE3-E5DEDB8F444D}" = protocol=6 | dir=in | app=c:\users\administrator\games\unreal tournament 3\binaries\unrealconsole.exe |
"{1DF09C57-2820-46CD-B4FB-39CEBC2A75C7}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{1E73AC06-D429-4C76-B42E-68D7E6360505}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{206D4BE0-BA19-4EAC-AE4B-48550FFD73D5}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5000 series\lxdmtime.exe |
"{23199226-353D-4737-A148-7F1555C78193}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{2616EC1A-78CF-4A71-B27E-09DC50BA584C}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5000 series\lxdmtime.exe |
"{282D573C-F129-407C-91B0-3D02F0A4DD98}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{2A0E555D-E59B-4324-9DFB-B4B7CB6FBC01}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5000 series\frun.exe |
"{2A1AB975-C87D-4AB7-BA48-20B78A22474F}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{2ACEEFF0-FBF8-4F64-BE1E-356455E7431F}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{2E1D8E79-F4B5-4E37-95D5-77533DACA542}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{2FCC60DD-6C80-4E11-B5F5-EB2F6EC280CE}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{3021BBD2-C531-4984-A4CD-6C00573D8A5B}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{3C346723-553B-44FC-8C95-5F6B5375BD59}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{3C8A8161-76D9-4723-B3F2-4BA5FA6BE2F5}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
"{3D1B7769-334B-4F30-B40D-B8915D532161}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{4074762D-D574-4BCE-95EE-770049C0F11B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4207B5F6-B358-4287-AFEF-CD4237BE7E08}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{45FDD68A-5F49-49BE-9BD3-38DED69B987F}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{46B230EA-C216-4620-83D0-A46EC5F468DD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{47BE69FC-8D53-4FCA-AF0E-F2C7DFA4F199}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{4A2CEF7D-0717-4757-A43F-91EB5C1FA7BC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{516AB775-6CD8-4F5B-B227-8224F742B6D6}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{51846924-34F0-4641-AF37-51F49AA2D37D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{54424C78-BCE2-40B9-9FC3-215DCE017422}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{55432904-2EFD-4324-B8E8-6C1ECEE8FAD3}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdmjswx.exe |
"{5A358DAF-BF0D-4CB8-AFA6-21A2BF234A75}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{5DBF1DDD-A181-48B4-AE99-2650A2774F70}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdmjswx.exe |
"{603F8429-09DA-461E-9491-7A01E0DA4679}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{606640F7-DBE8-4EE2-92C6-8D543BDDEA5B}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{612B7EE5-11C4-4747-BC74-C64C13E64C01}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{61C54C82-5525-40F6-BE3A-30C9584336EF}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{64006B76-6E96-4BB9-B147-6355DD7FF584}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{6568709F-3A83-4382-9B23-F4694D5FDCAC}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5000 series\lxdmfax.exe |
"{6A5C5FF4-4597-48C3-ACE4-606C05DADF83}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{6A9AB582-2463-40DE-948B-9EA48A1AFBD5}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5000 series\frun.exe |
"{6BB61751-CF88-4201-8464-F3ABA1E73D98}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6C411C35-A56B-4BC5-AD75-57DB828A6169}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\apps\2.0\hc1dkl1m.tpm\6emx5dpm.tz0\curs..tion_eee711038731a406_0004.0000_1829574f2226d088\curseclient.exe |
"{6EEF5AC0-1274-4E9C-BF9A-8812F69B5FF7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{74081B70-2309-4FCD-8E9A-C7EA1C2718D4}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdmcoms.exe |
"{742D4350-E680-4A32-B74D-C9A0B5071E73}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"{751583D9-F0B3-4C9F-9B2D-E7F4CAF78DA9}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{821D2B57-1C53-437F-B5F0-FD0044DF144E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdmtime.exe |
"{84E0AA99-6615-474A-9886-F06508C9F12A}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{890E5AFD-C2DE-4D2C-8ADE-98A2F68F2B2F}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{89271787-33EE-436F-9BE0-FD5286AF7C72}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{89C9CF33-5799-431B-AED3-8037F787F360}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\rise of nations\thrones.exe |
"{8B048607-DF40-4EE7-B47B-21B66BD4684D}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{8DA13950-03A9-48FF-AFC3-6F68F4B7FE10}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{8F68D21A-72EA-40B1-B133-3B9ACAD77A3D}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5000 series\lxdmamon.exe |
"{93A5CEB4-4A82-4489-B901-B3D41188FA7A}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{94C44FBA-F983-46F7-893D-7379D8218541}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{94D54F8B-9DDC-4150-BA79-C23CD1500569}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{952346C4-838D-46A1-BD86-0A000AC0DA8B}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{9C3F9590-FE3E-4243-86FD-1B7FD0D6332D}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
"{9C9EA08D-52FD-4BB8-A7B1-97D814DB4354}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\rise of nations\thrones.exe |
"{9CF2E135-1289-4261-BA03-A06DF57C0FE4}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\apps\2.0\hc1dkl1m.tpm\6emx5dpm.tz0\curs..tion_eee711038731a406_0004.0000_1829574f2226d088\curseclient.exe |
"{9E1497AC-002A-40E4-9446-161C41BBF019}" = protocol=17 | dir=in | app=c:\windows\system32\lxdmcoms.exe |
"{9F656E0E-DF6D-465B-9617-BB2FB8895E6E}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{A01050AF-B105-41D5-949C-4B08BAC8F197}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe |
"{A1C544EA-5DFD-433D-BA55-5D8EB14206C6}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{A2429B53-ED15-4378-8CC7-130BBF4F1277}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe |
"{A7784779-077D-4F54-9B52-95947152DF42}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{A975BC6D-060D-4BD9-87B3-453277001871}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{AC747E83-EBC8-4F61-A05A-D833AEAD57DF}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdmpswx.exe |
"{B2C9815C-4784-4973-9952-4330EA1400E1}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5000 series\lxdmamon.exe |
"{B59F616D-AC09-4778-B7D4-1E4AB287A671}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{B755663C-4EC7-402D-B90F-76E880EDCF1B}" = protocol=17 | dir=in | app=c:\users\administrator\games\unreal tournament 3\binaries\unrealfrontend.exe |
"{B8A2A742-0711-42F6-94C6-3745928E2AEA}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{BA0D8628-9C96-406F-9688-13EEAC33E9DA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{BA119BBB-8B95-47A9-916B-600EE1E2D61A}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5000 series\lxdmfax.exe |
"{BE701035-15DD-410E-A079-AEDFC4BA6985}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdmpswx.exe |
"{BF5CE889-C80A-492A-8B52-127017B3371A}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{C1DF9C72-76B5-4672-85A5-A08259F1966F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{C6AEA4BA-16D6-4FC6-9321-DF6DAA0966A6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{CDE2DECB-D411-458A-8F4D-899B3A7C348B}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{CEC1E71E-8513-48DF-8BD7-5E5E2E080BB3}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5000 series\lxdmmon.exe |
"{D23CC371-2699-4241-BDF0-C3346FB5D534}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{D2CB9051-00DB-4D82-B91E-26582099B8D9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{D327ECB3-FA54-4FB3-9018-749F5768F040}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{D8929BAC-F3B3-4DD8-B964-837DA33CDCE1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{E4A519D9-0556-4CEA-AAAA-D983C013FD59}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{E6396105-A0AE-446B-970C-FDAB46CB40EF}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdmtime.exe |
"{E81126F0-C2A2-45BD-BD65-6F6877B30669}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{EC506E88-CC4D-4E16-BA52-450D6126E0F9}" = protocol=6 | dir=in | app=c:\windows\system32\lxdmcoms.exe |
"{ECE7A051-8BD7-4FA2-BDA3-469E8114FBA9}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{F1507FCF-6A49-4C9A-A38D-4A8CCC432FAA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{F151E126-821B-4B00-8006-04C4405ECF54}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{F559F6CD-2242-4C1C-BCE5-3A95FDBCF03F}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{F6F4BEDF-D872-4197-8639-3934CC73CE63}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{FA74355A-751B-43EA-80F7-9666D57D4637}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yserver.exe |
"{FA835974-75BB-4F2F-B5AD-1E17B31985BD}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5000 series\lxdmmon.exe |
"{FB0AA830-383E-40AB-89FC-D154F063F1AB}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{FB5967AC-C6E8-4E03-99EB-D714EF54F997}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{FE6E84F8-227D-4F20-80C2-7405E8E41C3C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"TCP Query User{07D211ED-E797-4B0E-9BC0-7DFA02F10087}C:\program files (x86)\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe |
"TCP Query User{0FA4AED0-4CA7-4E8D-8249-0305878F1DE8}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{3B8C2295-3D52-4BF4-A179-5C2F40861460}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{463AAB96-5D94-4D24-AA08-C34AF717DA25}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{58C9C847-DED0-4862-A8FC-55AE388CB744}C:\aeriagames\12sky\twelvesky.exe" = protocol=6 | dir=in | app=c:\aeriagames\12sky\twelvesky.exe |
"TCP Query User{5D924BD3-7421-4D79-A237-5CFA1B0E5288}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{69D90DEE-59B5-4B31-9D92-2129C3F8A576}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{6F7FD8E4-1F4D-46A3-8E84-3A37D20C3FF0}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe |
"TCP Query User{82A4185D-4DB9-4CDA-BEF2-EA667679059D}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{8A85C860-8D80-48D7-8BE0-6FE715C889F8}C:\program files (x86)\lexmark 5000 series\frun.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5000 series\frun.exe |
"TCP Query User{8CF08757-6EC1-4B40-80A4-C8445DA96E11}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{9BDF0A75-5104-4BEF-855C-C72644E05FA6}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{9DA598F3-D962-49C9-98A1-5E3AC6935428}C:\users\administrator\desktop\empire earth--extract&play..flippcomedia\empire earth.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\empire earth--extract&play..flippcomedia\empire earth.exe |
"TCP Query User{B1FA6321-CE49-40B7-8465-5134407867AE}C:\program files (x86)\gog.com\freespace 2\fs2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gog.com\freespace 2\fs2.exe |
"TCP Query User{B793FE2C-52B5-4A2D-8FBA-29B2E5473DF2}C:\program files (x86)\america's army\system\armyops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\america's army\system\armyops.exe |
"TCP Query User{C5A87212-841E-4DD8-9651-022C9482CD84}C:\windows\system32\spool\drivers\x64\3\lxdmpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdmpswx.exe |
"TCP Query User{CD7877F9-E37E-4D11-BF4C-60E7A15FAE4F}C:\program files (x86)\lexmark 5000 series\lxdmmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5000 series\lxdmmon.exe |
"TCP Query User{D1502EBF-2A25-43A8-8975-0E55B91AD18E}C:\program files (x86)\mektek.net\mtx\mtx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mektek.net\mtx\mtx.exe |
"TCP Query User{D2582B8B-9D0E-4CAF-8C6B-0C2B1ADB08D6}C:\program files (x86)\unreal tournament 3\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |
"TCP Query User{DBEABA61-4B03-4809-814E-5F4287050250}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{DEC9ED54-93FB-4969-A9BC-7128D59F4B25}C:\netrek\netrek.exe" = protocol=6 | dir=in | app=c:\netrek\netrek.exe |
"TCP Query User{DF458DFA-591F-4786-BB3F-B9A5AF3E5C56}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{EE73F610-DA47-4C4E-82F4-23B0620406D9}C:\users\administrator\appdata\local\temp\blizzard launcher temporary - 342b6a00\launcher.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\blizzard launcher temporary - 342b6a00\launcher.exe |
"TCP Query User{F79C4BE5-AF21-4C38-9ECA-05E2CF4E22B5}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{FDB97A50-797D-4FEF-8664-EF726403E714}C:\program files (x86)\hfo\hfo296.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hfo\hfo296.exe |
"TCP Query User{FDF3E371-8C46-4CC8-AD63-ACB083D3FC48}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{FEBD0E86-FDCA-4FE0-A7EF-738F8FAD85C7}C:\users\administrator\appdata\local\temp\blizzard launcher temporary - abf8c3d8\launcher.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\blizzard launcher temporary - abf8c3d8\launcher.exe |
"UDP Query User{1A77D4FD-DC50-443F-8618-D6EA333C70A6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{1CFDCF83-7265-437A-A725-8A2BBBAA85EE}C:\users\administrator\appdata\local\temp\blizzard launcher temporary - abf8c3d8\launcher.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\blizzard launcher temporary - abf8c3d8\launcher.exe |
"UDP Query User{31E006C3-9B99-41B1-9777-89B889E6DB34}C:\users\administrator\desktop\empire earth--extract&play..flippcomedia\empire earth.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\empire earth--extract&play..flippcomedia\empire earth.exe |
"UDP Query User{32393CB9-2CBB-4F79-B5DC-F65BD410508F}C:\program files (x86)\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe |
"UDP Query User{3B72535E-9B9F-4D28-85D8-4DC3C6015090}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{434AE3BB-4F35-43EA-AADD-DA0A58A6EB60}C:\users\administrator\appdata\local\temp\blizzard launcher temporary - 342b6a00\launcher.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\blizzard launcher temporary - 342b6a00\launcher.exe |
"UDP Query User{4F252601-6593-4233-95A8-6A19DE685678}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{501AA151-7CB6-479E-9472-B9063EA48C26}C:\program files (x86)\mektek.net\mtx\mtx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mektek.net\mtx\mtx.exe |
"UDP Query User{50E56A7C-FB1F-43E5-A182-C365824DEDDB}C:\program files (x86)\unreal tournament 3\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |
"UDP Query User{64E33CCD-D9E4-49D8-8841-07CBB63FFDC1}C:\program files (x86)\america's army\system\armyops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\america's army\system\armyops.exe |
"UDP Query User{6D255824-FC97-4D2A-9B98-9B6B0EC1197F}C:\program files (x86)\lexmark 5000 series\frun.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5000 series\frun.exe |
"UDP Query User{744CAF6F-0641-4DB6-A954-EA74E46154D0}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe |
"UDP Query User{846574F6-E573-4D82-9535-9C1DA8D13CDC}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{927589BD-8671-4B5E-89AC-01CA731BBCB9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{93B79CE5-DCC0-4027-9E63-2A392BC5C79F}C:\program files (x86)\gog.com\freespace 2\fs2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gog.com\freespace 2\fs2.exe |
"UDP Query User{9781E856-DBE5-4773-9518-F21E23B2A957}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{ADCA9F6C-3670-4025-B793-C95DD6A51686}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{B66ECB50-1DC1-465F-A9E7-A7E3BCC6B745}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{BB09163A-EDA7-456A-A95E-B7C640411485}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{BFA0D120-CA73-44D8-A24C-6E76FD7C5CB6}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{C2859F78-68C9-488F-9C13-EC8A446CA77A}C:\program files (x86)\lexmark 5000 series\lxdmmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5000 series\lxdmmon.exe |
"UDP Query User{D0483813-8ECA-4459-82D7-0159B044BA86}C:\windows\system32\spool\drivers\x64\3\lxdmpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdmpswx.exe |
"UDP Query User{D54D47C2-EB39-462F-A199-6EF9C69FB7AE}C:\netrek\netrek.exe" = protocol=17 | dir=in | app=c:\netrek\netrek.exe |
"UDP Query User{DF580D03-BB61-4F65-A74B-3911CC5D751C}C:\aeriagames\12sky\twelvesky.exe" = protocol=17 | dir=in | app=c:\aeriagames\12sky\twelvesky.exe |
"UDP Query User{F5A70234-9E5D-4F8D-B94E-2DB6E8748C2F}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{F9D090D2-BF10-4E9E-A143-381CE4F5A51D}C:\program files (x86)\hfo\hfo296.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hfo\hfo296.exe |
"UDP Query User{FA884646-F8D3-4CF2-98BD-88A77C220F51}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2C22EA92-CB30-4932-0051-000001000000}" = InfraRecorder 0.51 (x64 edition)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"BurnInTest_is1" = BurnInTest v5.3 Pro
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Lexmark 5000 Series" = Lexmark 5000 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{024A3E1E-C588-4A36-BF0D-C15A1FFFC626}_is1" = Dream Day Wedding Married in Manhattan
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}" = MySQL Connector/ODBC 3.51
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{23170F69-40C1-2701-0464-000001000000}" = 7-Zip 4.64
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A574A21-B448-4B3C-8D48-F389FE07C19C}" = Vista Services Optimizer
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{3AA7FDD6-E358-453D-BC77-22E3CF81DA83}" = Super Glinx!
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{40B739E1-40CC-4F0D-9BA1-B75492FFA732}" = Super Nisqually!
"{40B933F6-5CBF-4C5A-B6BC-3391DDA4DF27}" = KeyGen
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{42AD318E-C3FD-4445-8BCA-BE14368C634A}_is1" = Raptor 1.04b
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44397CF9-315D-4535-8585-DCD2EE47B966}" = Opera 10.62
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{477AB6F3-0907-4E90-ABC2-9525CC6AA356}" = Beowulf TM
"{49668BEE-D721-449C-82D3-C7561945F706}" = Station Launcher
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6583D00E-0924-4950-8BE9-5D09FE70B333}" = MTX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80C3019B-3BA4-4674-AC90-A0B402593BA5}_is1" = WMP Tag Plus 1.2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112722940}" = Boggle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114727850}" = The Count of Monte Cristo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115246907}" = Elf Bowling Hawaiian Vacation
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11562057}" = PICTUREKA! MUSEUM MAYHEM
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119095307}" = Vault Cracker
"{83682B4C-B98C-4BEB-97CC-8EAD2AF9E4C6}" = MyIdentityDefender Toolbar
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8aade841-03c5-486a-b048-bb112cc0cac5}" = egreetings.com Toolbar for Internet Explorer
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = Media Player Utilities 4.24
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9838EAFF-B13B-4A03-AEAE-6D508136545D}" = X3 Reunion
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1E21995-127E-4B7F-8C4D-CB04AA8A58EF}_is1" = Advanced System Optimizer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A301896D-9F55-4492-B518-30EAC4C723E1}" = Super Collapse!
"{A448CFBC-4638-49A3-B0AC-FDA8C0AC7875}" = Space Empires V
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ADD209A3-C05A-4988-B4CD-65B6B582F911}" = PrintMaster Gold 18
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7666229-351B-47D9-AA6F-DF777CF04BBF}" = Caesar IV
"{B9266B12-EC84-4CA3-B80E-6D6B8A2D10DC}_is1" = The Legend of El Dorado Deluxe
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights Platinum Edition
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CA2E86C4-6C99-593F-D307-996197F2F3D0}" = GOG.com Downloader
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA2B455A-B0BE-4C5A-B73A-0615F37C81D5}" = Beowulf TM
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F07DB5C1-34F6-48A7-B23E-682ACBF27338}" = OpenAL 1.1 Core PC SDK (ver 3.03)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0EE958F-33DF-4427-8D9D-2C149BFEDD41}" = Station Launcher
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6318740-3D9E-40AB-B3C9-13576CC66A95}" = ArcSoft Software Suite
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3D Butterfly_is1" = 3D Butterfly v1.3
"7 Wonders II" = 7 Wonders II (remove only)
"7 Wonders Treasures of Seven1.04" = 7 Wonders Treasures of Seven
"7art Moon Clock Screensaver_is1" = 7art Moon Clock © 2009 by 7art-screensavers.com
"8461-7759-5462-8226" = Vuze
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Combat Tracker" = Advanced Combat Tracker (remove only)
"Akamai" = Akamai NetSession Interface
"Animated Waterfalls_is1" = Animated Waterfalls
"Ask Toolbar_is1" = Vuze Toolbar
"Astro Gemini Screensaver Manager_is1" = Astro Gemini Screensaver Manager 2.0
"AudioCS" = Creative Audio Control Panel
"avast5" = avast! Free Antivirus
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"Backup Key Recovery_is1" = Backup Key Recovery 1.0.4
"Bear Celebrates Free Screensaver_is1" = Bear Celebrates Free Screensaver 1.12
"BFG-10 Days Under The Sea" = 10 Days Under The Sea
"BFG-Blood Oath" = Blood Oath
"BFGC" = Big Fish Games: Game Manager
"BFG-Deadtime Stories" = Deadtime Stories
"BFG-Fiction Fixers - Adventures in Wonderland" = Fiction Fixers - Adventures in Wonderland
"BFG-Flux Family Secrets - The Rabbit Hole Collectors Edition" = Flux Family Secrets: The Rabbit Hole Collector's Edition
"BFG-Insaniquarium! Deluxe" = Insaniquarium! Deluxe
"BFG-Mystery Case Files - Dire Grove" = Mystery Case Files &reg;: Dire Grove ™
"BFG-PuppetShow - Souls of the Innocent" = PuppetShow: Souls of the Innocent
"BFG-Redemption Cemetery - Curse of the Raven Collector's Edition" = Redemption Cemetery: Curse of the Raven Collector's Edition
"Bookworm Adventures Deluxe 1.00" = Bookworm Adventures Deluxe 1.00
"Bookworm Deluxe 1.00" = Bookworm Deluxe 1.00
"Build a lot 3 Passport to Europe1.0" = Build a lot 3 Passport to Europe
"Cake Mania 2" = Cake Mania 2
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.3_is1" = Cheat Engine 5.3
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"Chuzzle Deluxe 1.0" = Chuzzle Deluxe 1.0
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"conduitEngine" = Conduit Engine
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DeskScapes (Free)" = DeskScapes (Free)
"Device Control" = Device Control
"Diner Dash 5 Boom Collector's Edition H33T" = Diner Dash 5 Boom Collector's Edition H33T
"Download Accelerator Manager" = Download Accelerator Manager
"Download Manager" = Download Manager 2.3.6
"Dream Day Wedding - Viva Las Vegas 1.00" = Dream Day Wedding - Viva Las Vegas 1.00
"Dream Day Wedding_is1" = Dream Day Wedding
"DriverAgent.exe" = DriverAgent by TouchStone Software
"EADM" = EA Download Manager
"EAX" = Creative EAX Console
"Elf Bowling - Hawaiian Vacation" = Elf Bowling - Hawaiian Vacation (remove only)
"Elf Bowling Hawaiian Vacation_is1" = Elf Bowling Hawaiian Vacation
"ERUNT_is1" = ERUNT 1.1j
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"ExpressBurn" = Express Burn
"Fantastic Ocean 3D Lite_is1" = Fantastic Ocean 3D Lite v1.2
"Farm Frenzy 3" = Farm Frenzy 3 (remove only)
"Fences" = Fences
"Galactic Civilizations II - Ultimate Edition" = Galactic Civilizations II - Ultimate Edition
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"HFO_is1" = HFO 2.9.6
"HijackThis" = HijackThis 2.0.2
"Ice Cream Craze - Tycoon Takeover1.0" = Ice Cream Craze - Tycoon Takeover
"Impulse" = Impulse
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"InstallShield_{F07DB5C1-34F6-48A7-B23E-682ACBF27338}" = OpenAL 1.1 Core PC SDK (ver 3.03)
"Kodak EasyShare Custom Creations Software" = Kodak EasyShare Custom Creations Software
"Lake Clock Screensaver_is1" = Lake Clock Screensaver 1.0
"LimeWire" = LimeWire 5.5.16
"Lunar Solitude Screensaver_is1" = Lunar Solitude Screensaver 1.0
"Luxor 3" = Luxor 3
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mininova-Vuze Toolbar" = Mininova-Vuze Toolbar
"MyPublisher" = MyPublisher
"National Real Time Weather Screensaver" = Proactive Information Corporation National Real Time Weather Screensaver 4.2.2
"Netrek XP 2009 v1.0" = Netrek XP 2009 v1.0
"Network MagicUninstall" = Network Magic
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Open Codecs" = Xiph.Org Open Codecs 0.84.17359
"OpenAL" = OpenAL
"Phantom CD" = Phantom CD
"Posh Shop" = Posh Shop
"Precision" = EVGA Precision 1.9.6
"PunkBusterSvc" = PunkBuster Services
"Raptr" = Raptr
"RiseOfNationsExpansion 1.0" = Rise of Nations
"SPEAKER" = Creative Speaker Settings
"SpeedFan" = SpeedFan (remove only)
"Sprouts Adventure" = Sprouts Adventure (remove only)
"ST5UNST #1" = RedMaximus
"Starcraft" = Starcraft
"StarRuler" = Star Ruler
"StreamTorrent 1.0" = Stream Torrent 1.0
"Super Bounce Out! from GameHouse" = Super Bounce Out! from GameHouse
"Supersonic Sled" = NVIDIA Supersonic Sled demo
"Sword of the Stars" = Sword of the Stars CE
"SystemRequirementsLab" = System Requirements Lab
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Turbo Trio_is1" = Turbo Trio
"Veetle TV" = Veetle TV 0.9.18
"Verizon High Speed Internet_is1" = Verizon High Speed Internet
"Video Card Stability Test" = Video Card Stability Test
"Virtual Families1.0" = Virtual Families
"Virtual Farm" = Virtual Farm
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 0.9.6
"vShare" = vShare Plugin
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"War of Conquest" = War of Conquest
"WavePad" = WavePad Sound Editor
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 3 Free 3.94
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Yummy Drink Factory" = Yummy Drink Factory (remove only)
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
"Zuma's Revenge - Adventure" = Zuma's Revenge - Adventure (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"I-Doser v4" = I-Doser v4
"Move Media Player" = Move Media Player
"ProfitUI Reborn Updater" = ProfitUI Reborn Updater

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 10/14/2010 3:26:25 AM | Computer Name = user-PC | Source = avast! | ID = 33554522
Description =

Error - 10/14/2010 3:26:44 AM | Computer Name = user-PC | Source = avast! | ID = 33554522
Description =

Error - 10/14/2010 3:27:02 AM | Computer Name = user-PC | Source = avast! | ID = 33554522
Description =

Error - 10/16/2010 10:14:29 PM | Computer Name = user-PC | Source = avast! | ID = 33554522
Description =

Error - 10/16/2010 10:14:44 PM | Computer Name = user-PC | Source = avast! | ID = 33554522
Description =

Error - 10/16/2010 10:15:01 PM | Computer Name = user-PC | Source = avast! | ID = 33554522
Description =

Error - 10/16/2010 10:15:18 PM | Computer Name = user-PC | Source = avast! | ID = 33554522
Description =

Error - 10/18/2010 4:22:02 PM | Computer Name = user-PC | Source = avast! | ID = 33554522
Description =

Error - 10/18/2010 4:22:16 PM | Computer Name = user-PC | Source = avast! | ID = 33554522
Description =

Error - 10/18/2010 4:22:23 PM | Computer Name = user-PC | Source = avast! | ID = 33554522
Description =


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

jim45682
2010-11-19, 22:06
current DDS log;


DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Administrator at 15:04:29.94 on Fri 11/19/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1148 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe
C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
C:\Windows\SysWOW64\atashost.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\lxdmcoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Vuze\Azureus.exe
C:\Program Files (x86)\Advanced System Optimizer 3\systemprotector.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://www.msn.com
uSearch Bar =
mStart Page = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant =
uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mURLSearchHooks: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files (x86)\Mininova-Vuze\tbMin1.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Tensons.Application.DownloadAcceleratorManager.BHO: {00000003-1118-11da-8cd6-0800200c9888} - mscoree.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - C:\Users\Administrator\AppData\LocalLow\CyberDefender\cdmyidd.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll
BHO: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files (x86)\Mininova-Vuze\tbMin1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - C:\Users\Administrator\AppData\LocalLow\CyberDefender\cdmyidd.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll
TB: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files (x86)\Mininova-Vuze\tbMin1.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
TB: egreetings.com Toolbar: {1c99b848-84cb-4ce4-8cd8-ed5719484d9f} - mscoree.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: {e0ed0c12-d9b3-0661-a698-93b5198f9bc8} - Search panel
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Video Library] C:\Windows\system32\rundll32.exe C:\Users\ADMINI~1\AppData\Local\Temp\Rpcqt.dll,Sets
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\dlm.exe /windowsstart /startifwork
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [Lexmark 5000 Series] "C:\Program Files (x86)\Lexmark 5000 Series\fm3032.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm186YYUS
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam.atomicmods.com/activex/AMC.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB-X64: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
EB-X64: {E0ED0C12-D9B3-0661-A698-93B5198F9BC8} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
STS-X64: FencesShlExt Class: {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
STS-X64: Deskscapes Class: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\deskscapes.dll
STS-X64: Stardock Vista ControlPanel Extension: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
STS-X64: StardockDreamController: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-6-23 69152]
R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2009-2-13 33792]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2009-10-14 121936]
R2 AGCoreService;AG Core Services;C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe [2010-5-9 20480]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-6-2 27648]
R2 ASKService;ASKService;C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe [2009-9-19 464264]
R2 ASKUpgrade;ASKUpgrade;C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [2009-9-19 234888]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2010-11-7 263480]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2009-10-14 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2009-10-14 61008]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2009-9-27 20376]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-18 40384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-9-23 1375992]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-31 235624]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-18 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-18 40384]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-9-23 17440]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-10-27 131688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-29 135664]
S2 MyWebSearchService;My Web Search Service; [x]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-9 79360]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-2 27648]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-21 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 npggsvc;nProtect GameGuard Service; [x]
S3 P1764;Sound Blaster Audigy;C:\Windows\System32\drivers\P1764.SYS [2006-3-17 1625088]
S3 p17filtx;p17filtx;C:\Windows\System32\drivers\P17FILTX.SYS [2006-3-20 1539584]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-6-2 19968]
S3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision\RTCore64.sys [2010-8-16 14440]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TVICHW64;TVICHW64;C:\Windows\SysWOW64\drivers\TVICHW64.SYS [2008-10-15 21200]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-26 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-11-19 06:55:29 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{D03905CC-CF07-4154-A0A6-DA4040F1DCA5}\mpengine.dll
2010-11-16 14:59:54 -------- d-----w- C:\PROGRA~3\Trymedia
2010-11-13 21:34:12 388096 ----a-r- C:\Users\ADMINI~1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-11 20:42:27 -------- d-----w- C:\Program Files (x86)\WMP Tag Plus
2010-11-11 20:39:16 -------- d-----w- C:\Program Files (x86)\Xiph.Org
2010-11-11 08:07:03 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2010-11-11 08:07:03 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2010-11-10 22:07:20 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2010-11-10 22:07:20 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2010-11-10 01:18:17 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2010-11-10 00:39:07 -------- d-----w- C:\Users\ADMINI~1\AppData\Local\Fallout3
2010-11-10 00:29:46 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks
2010-11-10 00:26:48 -------- d-----w- C:\Windows\SysWow64\xlive
2010-11-09 15:09:52 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files
2010-11-09 02:56:20 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-08 01:46:42 2088 ----a-w- C:\Windows\System32\ASOROSet.bin
2010-11-08 01:46:42 17640 ----a-w- C:\Windows\System32\ROBoot64.exe
2010-11-08 00:16:39 -------- d-----w- C:\PROGRA~3\regid.1986-12.com.adobe
2010-11-08 00:13:53 -------- d-----w- C:\PROGRA~3\Systweak
2010-11-08 00:12:02 -------- d-----w- C:\Windows\Repair
2010-11-08 00:12:01 -------- d-----w- C:\Users\ADMINI~1\AppData\Roaming\Systweak
2010-11-08 00:11:49 16896 ----a-w- C:\Windows\System32\sasnative64.exe
2010-11-08 00:11:43 -------- d-----w- C:\Program Files (x86)\Advanced System Optimizer 3
2010-11-07 21:55:29 -------- d-----w- C:\Program Files (x86)\Common Files\Akamai
2010-11-04 04:48:38 -------- d-----w- C:\Program Files (x86)\DeepSilver
2010-11-04 04:42:04 -------- d-----w- C:\Program Files (x86)\Alcohol Soft
2010-11-04 04:35:00 503352 ----a-w- C:\Windows\System32\drivers\sptd.sys
2010-11-03 05:44:51 -------- d-----w- C:\Program Files (x86)\Strategy First
2010-11-03 03:10:21 -------- d-----w- C:\Users\ADMINI~1\AppData\Roaming\Star Ruler
2010-11-03 03:07:50 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2010-11-03 03:07:29 -------- d-----w- C:\Program Files (x86)\Star Ruler
2010-11-01 06:16:54 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2010-11-01 06:16:53 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2010-11-01 06:16:53 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2010-11-01 06:16:53 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2010-11-01 06:16:53 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2010-11-01 06:16:53 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2010-11-01 06:16:53 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2010-10-29 16:30:36 -------- d-----w- C:\Windows\SysWow64\directx
2010-10-29 16:16:02 -------- d-----w- C:\Users\Administrator\Games
2010-10-29 15:51:49 -------- d-----w- C:\Users\ADMINI~1\AppData\Local\Sunbelt Software
2010-10-29 15:50:54 -------- dc-h--w- C:\PROGRA~3\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-10-29 06:54:18 -------- d-----w- C:\Program Files (x86)\Lighthouse Interactive
2010-10-29 05:14:25 -------- d-----w- C:\Program Files (x86)\OpenAL
2010-10-29 05:14:24 -------- d-----w- C:\Program Files (x86)\OsmosDemo
2010-10-28 04:39:54 794624 ----a-w- C:\Windows\Light Driver 2.scr
2010-10-28 04:39:54 149504 ----a-w- C:\Windows\UNWISE.EXE
2010-10-28 04:30:25 359431 ----a-w- C:\Windows\SysWow64\mioengine.exe
2010-10-28 04:30:25 -------- d-----w- C:\Users\ADMINI~1\AppData\Roaming\mioObjects
2010-10-28 04:27:52 61440 ----a-w- C:\Windows\UnDeploy.exe
2010-10-28 04:27:52 474431 ----a-w- C:\Windows\SysWow64\Realtime Weather Screen Saver 4.02.scr
2010-10-28 04:27:52 -------- d-----w- C:\Program Files (x86)\Proactive Information Corporation
2010-10-28 04:25:44 1719808 ----a-w- C:\Windows\Fantastic Ocean 3D Lite.scr
2010-10-28 04:25:44 -------- d-----w- C:\Windows\3D Ocean Lite
2010-10-28 04:23:05 -------- d-----w- C:\Program Files (x86)\3D Butterfly
2010-10-28 04:16:40 792298 ----a-w- C:\Windows\SysWow64\catsplay.scr
2010-10-28 04:15:13 647168 ----a-w- C:\Windows\SysWow64\bearfree.scr
2010-10-28 04:15:13 -------- d-----w- C:\Program Files (x86)\Bear Celebrates Free Screensaver
2010-10-28 04:11:32 -------- d-----w- C:\Program Files (x86)\FullScreensavers.com
2010-10-28 04:10:33 -------- d-----w- C:\Program Files (x86)\SaversPlanet.com
2010-10-28 04:07:22 1057280 ----a-w- C:\Windows\Moon Clock.scr
2010-10-28 04:07:22 -------- d-----w- C:\Program Files (x86)\7art
2010-10-28 03:45:29 -------- d-----w- C:\Users\ADMINI~1\AppData\Roaming\FreeStone Group
2010-10-28 03:45:25 -------- d-----w- C:\Program Files (x86)\Video Card Stability Test
2010-10-27 22:14:15 235344 ----a-w- C:\Windows\SysWow64\d3dx11_42.dll
2010-10-27 22:14:15 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2010-10-27 22:11:40 -------- d-----w- C:\Users\ADMINI~1\AppData\Roaming\NVIDIA
2010-10-27 21:56:23 -------- d-----w- C:\Program Files (x86)\EVGA Precision
2010-10-27 21:07:09 29288 ----a-w- C:\Windows\System32\nvhdap64.dll
2010-10-27 21:07:09 255592 ----a-w- C:\Windows\System32\nvcohda6.dll
2010-10-27 21:07:09 131688 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2010-10-27 21:04:37 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2010-10-27 21:03:49 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
2010-10-27 21:03:38 -------- d-----w- C:\Program Files\NVIDIA Corporation
2010-10-26 23:10:10 1927680 ----a-w- C:\Windows\System32\gameux.dll
2010-10-26 23:10:10 1696256 ----a-w- C:\Windows\SysWow64\gameux.dll
2010-10-26 23:10:08 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2010-10-26 23:10:08 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2010-10-26 23:10:07 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2010-10-26 23:10:06 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2010-10-22 19:03:32 -------- d-----w- C:\Program Files (x86)\Sierra
2010-10-22 16:57:54 -------- d-----w- C:\Windows\SysWow64\Adobe
2010-10-21 13:53:01 -------- d-----w- C:\Windows\en
2010-10-21 13:47:11 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2010-10-21 13:45:45 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2010-10-21 13:45:45 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2010-10-21 13:45:44 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2010-10-21 13:44:39 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1ac67a2d1cb712611\MeshBetaRemover.exe
2010-10-21 13:44:36 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1976a19d1cb712610\DSETUP.dll
2010-10-21 13:44:36 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1976a19d1cb712610\DXSETUP.exe
2010-10-21 13:44:36 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1976a19d1cb712610\dsetup32.dll
2010-10-21 13:44:35 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\17cb629d1cb71260f\DSETUP.dll
2010-10-21 13:44:35 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\17cb629d1cb71260f\DXSETUP.exe
2010-10-21 13:44:35 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\17cb629d1cb71260f\dsetup32.dll
2010-10-21 13:43:46 -------- d-----w- C:\Users\ADMINI~1\AppData\Local\Windows Live
2010-10-21 13:42:58 754688 ----a-w- C:\Windows\SysWow64\webservices.dll
2010-10-21 13:42:58 1103872 ----a-w- C:\Windows\System32\webservices.dll

==================== Find3M ====================

2010-11-11 21:12:27 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2010-11-11 21:12:27 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2010-11-11 21:12:27 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2010-11-03 16:08:29 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-14 06:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll
2010-10-14 06:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2010-09-27 16:35:41 43168 ----a-w- C:\Windows\System32\drivers\lirsgt.sys
2010-09-27 16:35:41 312480 ----a-w- C:\Windows\System32\drivers\atksgt.sys
2010-09-23 07:46:09 69152 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2010-09-23 04:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-23 04:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-22 02:53:16 111928 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2010-09-21 18:18:35 682280 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2010-09-13 14:32:37 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-13 02:46:54 967 ----a-w- C:\Windows\ScUnin.pif
2010-09-13 02:46:54 94208 ----a-w- C:\Windows\ScUnin.exe
2010-09-08 06:41:05 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 06:36:53 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 06:36:38 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-09-08 06:36:24 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-09-08 06:36:23 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-09-08 06:01:28 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-09-08 05:36:07 479232 ----a-w- C:\Windows\System32\html.iec
2010-09-08 05:04:36 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 04:51:18 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-09-08 04:49:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 04:26:46 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-07 15:12:17 38848 ----a-w- C:\Windows\avastSS.scr
2010-09-07 14:47:33 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2010-09-06 18:28:38 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2010-09-06 18:28:38 12288 ----a-w- C:\Windows\System32\sscore.dll
2010-09-06 18:27:03 17920 ----a-w- C:\Windows\System32\netevent.dll
2010-09-06 16:20:29 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-09-06 16:19:06 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2010-09-06 15:34:14 451584 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-09-06 15:33:51 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-09-06 15:33:49 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-31 17:27:07 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-31 15:46:37 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-08-31 14:57:39 2753024 ----a-w- C:\Windows\System32\win32k.sys
2010-08-26 17:46:52 189952 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 17:40:08 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2010-08-26 17:40:07 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-08-26 17:40:07 284672 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2010-08-26 16:37:45 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-26 16:33:06 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll

============= FINISH: 15:05:19.43 ===============

jim45682
2010-11-19, 22:08
If you would walk me through removing that toolbar thing, its not somthing i need or want and sounds like a security risk to me, thanks again for your time in helping me out.

Jim

ken545
2010-11-19, 23:35
Hello Jim,

Before we remove Ask, I want to give you a heads up on these

MyIdentityDefender
CyberDefender <-- This program is not malware but has a dubious past, if you use it thats fine but we can add it to the fix to remove, but before we do that you can uninstall it via Programs and Features in the Control Panel. Let me know what you want to do, if you want to remove it than go ahead and then post a new OTL log, no need for the extras this time

jim45682
2010-11-20, 00:30
removed myid-defender, new otl log;

OTL logfile created on: 11/19/2010 5:20:30 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 96.26 Gb Free Space | 32.29% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\Advanced System Optimizer 3\systemprotector.exe (Systweak Inc., (www.systweak.com))
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Vuze\Azureus.exe (Vuze Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe (AG Interactive)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe ()
PRC - C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe ()
PRC - C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (lxdm_device) -- C:\Windows\SysNative\lxdmcoms.exe ( )
SRV:64bit: - (lxdmCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdmserv.exe ()
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_5632d69.dll ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (ASO3DiskOptimizer) -- C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe (Systweak Inc., (www.systweak.com))
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (AGCoreService) -- C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe (AG Interactive)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (ASKUpgrade) -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (ASKService) -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (lxdm_device) -- C:\Windows\SysWow64\lxdmcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (NPPTNT2) -- C:\Windows\SysNative\npptNT2.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (purendis) -- C:\Windows\SysNative\DRIVERS\purendis.sys (Cisco Systems, Inc.)
DRV:64bit: - (pnarp) -- C:\Windows\SysNative\DRIVERS\pnarp.sys (Cisco Systems, Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\DRIVERS\motmodem.sys (Motorola)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (p17filtx) -- C:\Windows\SysNative\drivers\p17filtx.sys (Sensaura)
DRV:64bit: - (P1764) -- C:\Windows\SysNative\drivers\P1764.sys (Creative Technology Ltd.)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (RTCore64) -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys ()
DRV - (TVICHW64) -- C:\Windows\SysWOW64\drivers\TVICHW64.SYS (EnTech Taiwan)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files (x86)\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/29 02:22:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/01 12:26:30 | 000,000,000 | ---D | M]

[2010/02/07 21:02:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2010/02/07 21:02:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/04/17 22:54:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/09/19 09:05:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions
[2009/09/19 09:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/01/30 07:22:48 | 000,678,400 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\components\ec09dff2-76c2-a0ba-debd-a8f37a2e17e0.dll
[2008/12/01 08:42:06 | 000,638,464 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\components\nsadzgalore.dll
[2008/10/14 21:33:30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

O1 HOSTS File: ([2010/05/13 17:53:40 | 000,001,204 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (Tensons.Application.DownloadAcceleratorManager.BHO) - {00000003-1118-11da-8cd6-0800200c9888} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (agihelper.AGUtils) - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Administrator\AppData\LocalLow\CyberDefender\cdmyidd.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files (x86)\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (egreetings.com Toolbar) - {1c99b848-84cb-4ce4-8cd8-ed5719484d9f} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Administrator\AppData\LocalLow\CyberDefender\cdmyidd.dll File not found
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dllĀ File not found
O3 - HKLM\..\Toolbar: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files (x86)\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Administrator\AppData\LocalLow\CyberDefender\cdmyidd.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dllĀ File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Lexmark 5000 Series] C:\Program Files (x86)\Lexmark 5000 Series\fm3032.exe ()
O4 - HKLM..\Run: [P17Helper] C:\Windows\SysWow64\P17.DLL ()
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\dlm.exe (IGN Entertainment)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\Windows\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Video Library] C:\Users\Administrator\AppData\Local\Temp\Rpcqt.dll (Lavasoft )
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1216013807322&h=d9ebd5547dc8cdf7a6c1ac80beaae205/&filename=jinstall-6u7-windows-i586-jc.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} http://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab (CanvasX Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://webcam.atomicmods.com/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: CabBuilder http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\Pictures\untitled.bmp
O24 - Desktop BackupWallPaper: C:\Users\Administrator\Pictures\untitled.bmp
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/16 22:33:31 | 000,192,464 | ---- | M] () - C:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2009/04/16 22:33:31 | 000,063,204 | ---- | M] () - C:\AUTO.pst -- [ NTFS ]
O33 - MountPoints2\{40bf6040-e7cd-11df-b939-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{40bf6040-e7cd-11df-b939-806e6f6e6963}\Shell\AutoRun\command - "" = J:\kochstart\kochstart.exe -- File not found
O33 - MountPoints2\{8425e4fb-161e-11df-b4e1-001d600c0762}\Shell - "" = AutoRun
O33 - MountPoints2\{8425e4fb-161e-11df-b4e1-001d600c0762}\Shell\AutoRun\command - "" = N:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (sasnative64) - File not found
O34 - HKLM BootExecute: (ettings...) - File not found
O34 - HKLM BootExecute: (ountPoints2\O\Shell) - File not found
O34 - HKLM BootExecute: (nts2\N\S) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

jim45682
2010-11-20, 00:31
========== Files/Folders - Created Within 30 Days ==========

[2010/11/19 17:11:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\HPAppData
[2010/11/19 14:48:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/11/16 09:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2010/11/13 16:53:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/13 16:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/11/11 15:42:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WMP Tag Plus
[2010/11/11 15:39:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xiph.Org
[2010/11/11 03:07:03 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010/11/11 03:07:03 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/11/09 20:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010/11/09 19:39:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Fallout3
[2010/11/09 19:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2010/11/09 19:26:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010/11/09 10:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/11/08 22:31:12 | 000,402,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvraiins.dll
[2010/11/08 22:31:12 | 000,402,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvraidco.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoPtb.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoIt.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoFr.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoEsm.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoEs.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoDe.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoSv.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoRu.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoNo.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoNl.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoFi.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoDa.dll
[2010/11/08 22:31:12 | 000,017,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoENU.dll
[2010/11/08 22:31:12 | 000,017,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoEng.dll
[2010/11/08 22:31:12 | 000,016,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoKo.dll
[2010/11/08 22:31:12 | 000,016,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoJa.dll
[2010/11/08 22:31:12 | 000,015,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoZht.dll
[2010/11/08 22:31:12 | 000,015,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoZhc.dll
[2010/11/08 21:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/11/08 21:56:20 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/11/08 21:56:20 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/11/08 21:56:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/11/08 21:56:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/11/07 20:46:42 | 000,017,640 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\ROBoot64.exe
[2010/11/07 19:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/11/07 19:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2010/11/07 19:12:02 | 000,000,000 | ---D | C] -- C:\Windows\Repair
[2010/11/07 19:12:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Systweak
[2010/11/07 19:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Optimizer 3
[2010/11/07 19:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/11/07 19:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/07 19:02:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010/11/07 16:55:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010/11/03 23:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DeepSilver
[2010/11/03 23:42:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2010/11/03 00:44:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Strategy First
[2010/11/02 22:10:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Star Ruler
[2010/11/02 22:07:50 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/11/02 22:07:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Star Ruler
[2010/10/31 15:53:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\EA Games
[2010/10/31 14:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/10/29 11:30:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/10/29 11:16:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Games
[2010/10/29 10:51:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Sunbelt Software
[2010/10/29 10:50:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/10/29 01:54:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lighthouse Interactive
[2010/10/29 00:14:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\OsmosDemo
[2010/10/29 00:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2010/10/29 00:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OsmosDemo
[2010/10/27 23:31:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\New Folder (2)
[2010/10/27 23:30:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\mioObjects
[2010/10/27 23:27:52 | 000,061,440 | ---- | C] (JGsoft - Just Great Software) -- C:\Windows\UnDeploy.exe
[2010/10/27 23:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proactive Information Corporation
[2010/10/27 23:25:44 | 000,000,000 | ---D | C] -- C:\Windows\3D Ocean Lite
[2010/10/27 23:23:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3D Butterfly
[2010/10/27 23:16:40 | 000,792,298 | ---- | C] (Axialis Software) -- C:\Windows\SysWow64\catsplay.scr
[2010/10/27 23:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bear Celebrates Free Screensaver
[2010/10/27 23:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FullScreensavers.com
[2010/10/27 23:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaversPlanet.com
[2010/10/27 23:07:22 | 001,057,280 | ---- | C] (7art-screensavers.com) -- C:\Windows\Moon Clock.scr
[2010/10/27 23:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7art
[2010/10/27 22:45:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\FreeStone Group
[2010/10/27 22:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Video Card Stability Test
[2010/10/27 17:14:15 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/10/27 17:14:15 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010/10/27 17:11:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\NVIDIA
[2010/10/27 16:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVGA Precision
[2010/10/27 16:07:09 | 000,255,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcohda6.dll
[2010/10/27 16:07:09 | 000,131,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2010/10/27 16:07:09 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2010/10/27 16:04:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/10/27 16:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/10/27 16:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/10/26 18:10:10 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/10/26 18:10:10 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/10/26 18:10:08 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/10/26 18:10:08 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/10/26 18:10:07 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/10/26 18:10:06 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/10/22 14:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra
[2010/10/22 11:57:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/10/21 08:53:01 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/21 08:47:11 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2010/10/21 08:45:45 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/10/21 08:45:45 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/10/21 08:45:44 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/10/21 08:43:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Windows Live
[2010/10/21 08:42:58 | 001,103,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webservices.dll
[2010/10/21 08:42:58 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webservices.dll
[2008/11/09 19:36:35 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdminpa.dll
[2008/11/09 19:36:35 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmiesc.dll
[2008/11/09 19:36:34 | 000,950,272 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmusb1.dll
[2008/11/09 19:36:34 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmpmui.dll
[2008/11/09 19:36:33 | 001,200,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmserv.dll
[2008/11/09 19:36:33 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmcomc.dll
[2008/11/09 19:36:33 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmhbn3.dll
[2008/11/09 19:36:33 | 000,565,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmlmpm.dll
[2008/11/09 19:36:33 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmcomm.dll
[2008/11/09 19:36:33 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmprox.dll
[2002/04/11 03:41:06 | 000,065,536 | ---- | C] ( ) -- C:\Windows\SysWow64\A3D.DLL
[4 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/19 16:37:38 | 000,037,685 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/11/19 16:37:38 | 000,037,685 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/11/19 16:34:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/19 16:22:34 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/19 16:22:34 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/19 14:49:43 | 000,630,272 | ---- | M] () -- C:\Users\Administrator\Desktop\dds.scr
[2010/11/19 14:48:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/11/19 14:31:23 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2FE5C40A-E355-489E-B912-307BFB235DDC}.job
[2010/11/19 04:52:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ASO-AntiSpyware.job
[2010/11/19 01:34:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/18 17:54:01 | 000,000,598 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Administrator.job
[2010/11/17 08:51:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ASO-SystemCleaner.job
[2010/11/17 07:44:05 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\ASO-RegistryCleaner.job
[2010/11/17 07:43:39 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\ASO-DiskOptimizer.job
[2010/11/16 09:55:01 | 000,000,769 | ---- | M] () -- C:\Users\Administrator\Desktop\World of Warcraft.lnk
[2010/11/13 17:20:06 | 000,004,035 | ---- | M] () -- C:\Users\Administrator\Documents\Attach.zip
[2010/11/13 17:12:31 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/11/13 16:53:12 | 000,000,943 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/13 16:52:58 | 000,000,744 | ---- | M] () -- C:\Users\Administrator\Desktop\ERUNT.lnk
[2010/11/13 16:34:26 | 000,002,575 | ---- | M] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2010/11/13 16:27:53 | 000,802,674 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/13 16:27:53 | 000,672,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/13 16:27:53 | 000,131,726 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/13 16:20:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/11 16:12:27 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/11/11 16:12:27 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/11/11 16:12:27 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/11/11 16:12:27 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/11/10 08:55:29 | 000,001,085 | ---- | M] () -- C:\Users\Administrator\Desktop\FalloutLauncher - Shortcut.lnk
[2010/11/09 20:16:36 | 000,001,050 | ---- | M] () -- C:\Users\Administrator\Desktop\Fallout3 - Shortcut.lnk
[2010/11/08 21:51:27 | 000,002,111 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Optimizer.lnk
[2010/11/08 21:51:27 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Smart PC Care.lnk
[2010/11/08 21:51:27 | 000,000,877 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced System Optimizer.lnk
[2010/11/07 20:55:00 | 005,378,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/07 20:52:29 | 000,002,088 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2010/11/07 19:17:21 | 000,001,019 | ---- | M] () -- C:\Users\Administrator\Desktop\Adobe Photoshop CS5 (64 Bit).lnk
[2010/11/05 15:34:53 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/11/04 20:56:46 | 000,012,288 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/04 00:00:40 | 000,000,965 | ---- | M] () -- C:\Users\Administrator\Desktop\X3 - Shortcut.lnk
[2010/11/04 00:00:13 | 000,000,124 | ---- | M] () -- C:\Users\Administrator\Documents\ax_files.xml
[2010/11/03 23:42:56 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010/11/03 23:35:00 | 000,503,352 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/11/03 11:08:29 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/11/03 00:45:09 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Space Empires V.lnk
[2010/11/02 22:09:55 | 000,000,859 | ---- | M] () -- C:\Users\Administrator\Desktop\Star Ruler.lnk
[2010/10/29 11:30:40 | 000,000,938 | ---- | M] () -- C:\Users\Administrator\Desktop\2.lnk
[2010/10/29 10:50:53 | 000,001,073 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/29 10:50:53 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/10/29 01:59:55 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\Sword of the Stars CE.lnk
[2010/10/29 01:36:15 | 000,000,298 | ---- | M] () -- C:\Windows\vtmb.ini
[2010/10/29 00:14:26 | 000,000,858 | ---- | M] () -- C:\Users\Administrator\Desktop\OsmosDemo.lnk
[2010/10/27 23:43:36 | 000,000,130 | ---- | M] () -- C:\Windows\waterfalls.ini
[2010/10/27 23:30:24 | 000,359,431 | ---- | M] () -- C:\Windows\SysWow64\mioengine.exe
[2010/10/27 23:16:40 | 000,792,298 | ---- | M] (Axialis Software) -- C:\Windows\SysWow64\catsplay.scr
[2010/10/27 23:12:41 | 000,001,676 | ---- | M] () -- C:\Windows\unins000.dat
[2010/10/27 17:14:17 | 000,002,328 | ---- | M] () -- C:\Users\Administrator\Desktop\Supersonic Sled Configuration.lnk
[2010/10/27 17:14:17 | 000,002,323 | ---- | M] () -- C:\Users\Administrator\Desktop\Supersonic Sled.lnk
[2010/10/27 17:14:17 | 000,001,150 | ---- | M] () -- C:\Users\Administrator\Desktop\Supersonic Sled Replays.lnk
[2010/10/27 16:56:24 | 000,000,913 | ---- | M] () -- C:\Users\Administrator\Desktop\EVGA Precision.lnk
[2010/10/27 15:55:07 | 000,001,460 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2010/10/24 12:11:02 | 000,002,009 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/22 14:20:13 | 000,000,964 | ---- | M] () -- C:\Users\Administrator\Desktop\CaesarIV - Shortcut.lnk
[2010/10/22 14:15:19 | 000,000,190 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2010/10/22 14:04:24 | 000,001,623 | ---- | M] () -- C:\Users\Public\Desktop\Play Caesar IV!.lnk
[4 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/19 14:49:38 | 000,630,272 | ---- | C] () -- C:\Users\Administrator\Desktop\dds.scr
[2010/11/13 17:20:06 | 000,004,035 | ---- | C] () -- C:\Users\Administrator\Documents\Attach.zip
[2010/11/13 16:53:12 | 000,000,943 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/13 16:52:58 | 000,000,744 | ---- | C] () -- C:\Users\Administrator\Desktop\ERUNT.lnk
[2010/11/13 16:34:11 | 000,002,575 | ---- | C] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2010/11/13 12:21:00 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\ASO-SystemCleaner.job
[2010/11/13 12:20:28 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\ASO-RegistryCleaner.job
[2010/11/13 12:19:55 | 000,000,472 | ---- | C] () -- C:\Windows\tasks\ASO-DiskOptimizer.job
[2010/11/13 12:18:44 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\ASO-AntiSpyware.job
[2010/11/11 03:29:32 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/11/10 08:55:29 | 000,001,085 | ---- | C] () -- C:\Users\Administrator\Desktop\FalloutLauncher - Shortcut.lnk
[2010/11/09 20:16:36 | 000,001,050 | ---- | C] () -- C:\Users\Administrator\Desktop\Fallout3 - Shortcut.lnk
[2010/11/09 19:28:16 | 000,028,089 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_depcheckdotnetfx30.txt
[2010/11/09 19:28:10 | 000,033,634 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_dotnetfx3install.txt
[2010/11/09 19:28:10 | 000,000,604 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_dotnetfx3error.txt
[2010/11/07 20:46:42 | 000,002,088 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2010/11/07 19:17:21 | 000,001,019 | ---- | C] () -- C:\Users\Administrator\Desktop\Adobe Photoshop CS5 (64 Bit).lnk
[2010/11/07 19:11:49 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2010/11/07 19:11:46 | 000,002,111 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Optimizer.lnk
[2010/11/07 19:11:46 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Smart PC Care.lnk
[2010/11/07 19:11:46 | 000,000,877 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced System Optimizer.lnk
[2010/11/04 00:00:40 | 000,000,965 | ---- | C] () -- C:\Users\Administrator\Desktop\X3 - Shortcut.lnk
[2010/11/04 00:00:13 | 000,000,124 | ---- | C] () -- C:\Users\Administrator\Documents\ax_files.xml
[2010/11/03 23:42:56 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010/11/03 23:35:00 | 000,503,352 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/11/03 00:45:09 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Space Empires V.lnk
[2010/11/02 22:09:55 | 000,000,859 | ---- | C] () -- C:\Users\Administrator\Desktop\Star Ruler.lnk
[2010/11/02 22:07:58 | 000,417,272 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistMSI079C.txt
[2010/11/02 22:07:54 | 000,014,792 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI079C.txt
[2010/10/29 11:30:40 | 000,000,938 | ---- | C] () -- C:\Users\Administrator\Desktop\2.lnk
[2010/10/29 10:50:53 | 000,001,073 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/29 10:50:53 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/10/29 01:59:55 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\Sword of the Stars CE.lnk
[2010/10/29 01:36:15 | 000,000,298 | ---- | C] () -- C:\Windows\vtmb.ini
[2010/10/29 00:14:26 | 000,000,858 | ---- | C] () -- C:\Users\Administrator\Desktop\OsmosDemo.lnk
[2010/10/27 23:43:24 | 000,000,130 | ---- | C] () -- C:\Windows\waterfalls.ini
[2010/10/27 23:39:54 | 003,446,272 | ---- | C] () -- C:\Windows\Light Driver 2.stg
[2010/10/27 23:39:54 | 000,794,624 | ---- | C] () -- C:\Windows\Light Driver 2.scr
[2010/10/27 23:39:54 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2010/10/27 23:30:25 | 000,359,431 | ---- | C] () -- C:\Windows\SysWow64\mioengine.exe
[2010/10/27 23:27:52 | 000,474,431 | ---- | C] () -- C:\Windows\SysWow64\Realtime Weather Screen Saver 4.02.scr
[2010/10/27 23:25:45 | 000,000,081 | ---- | C] () -- C:\Windows\3d-ocean-homepage.url
[2010/10/27 23:25:44 | 001,719,808 | ---- | C] () -- C:\Windows\Fantastic Ocean 3D Lite.scr
[2010/10/27 23:15:13 | 000,647,168 | ---- | C] () -- C:\Windows\SysWow64\bearfree.scr
[2010/10/27 23:12:41 | 000,001,676 | ---- | C] () -- C:\Windows\unins000.dat
[2010/10/27 17:14:17 | 000,002,328 | ---- | C] () -- C:\Users\Administrator\Desktop\Supersonic Sled Configuration.lnk
[2010/10/27 17:14:17 | 000,002,323 | ---- | C] () -- C:\Users\Administrator\Desktop\Supersonic Sled.lnk
[2010/10/27 17:14:17 | 000,001,150 | ---- | C] () -- C:\Users\Administrator\Desktop\Supersonic Sled Replays.lnk
[2010/10/27 16:56:24 | 000,000,913 | ---- | C] () -- C:\Users\Administrator\Desktop\EVGA Precision.lnk
[2010/10/27 16:29:18 | 000,037,685 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/10/27 16:29:17 | 000,037,685 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/10/27 16:01:23 | 000,010,932 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/10/24 12:11:02 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/10/24 12:11:02 | 000,002,009 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/22 14:20:13 | 000,000,964 | ---- | C] () -- C:\Users\Administrator\Desktop\CaesarIV - Shortcut.lnk
[2010/10/22 14:15:19 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/10/22 14:04:24 | 000,001,623 | ---- | C] () -- C:\Users\Public\Desktop\Play Caesar IV!.lnk
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/10/13 08:26:30 | 000,367,906 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistMSI7843.txt
[2010/10/13 08:26:29 | 000,012,210 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI7843.txt
[2010/06/23 11:10:13 | 000,374,670 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistMSI46AF.txt
[2010/06/23 11:10:13 | 000,011,426 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI46AF.txt
[2010/05/13 23:52:07 | 000,003,072 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\HFO27 Pref
[2010/05/13 23:52:05 | 000,000,035 | -H-- | C] () -- C:\Users\Administrator\AppData\Roaming\hfo26id
[2010/03/03 22:51:33 | 000,001,615 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/09/27 13:48:23 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/08/26 04:58:39 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/26 04:57:31 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/07 23:04:56 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/05/24 22:10:18 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/04/26 21:04:25 | 000,000,009 | ---- | C] () -- C:\Program Files (x86)\install_log.dat
[2009/04/25 23:08:54 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2009/02/13 10:59:25 | 000,000,077 | ---- | C] () -- C:\Windows\st_affiliate.ini
[2008/11/26 20:16:36 | 002,783,026 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_NET_Framework35_x64_MSI3889.txt
[2008/11/26 20:14:36 | 000,199,947 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2008/11/26 20:14:32 | 000,175,458 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_dotnetfx35install.txt
[2008/11/26 20:14:32 | 000,005,902 | ---- | C] () -- C:\Users\Administrator\AppData\Local\uxeventlog.txt
[2008/11/26 20:14:32 | 000,000,002 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_dotnetfx35error.txt
[2008/11/13 06:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2008/11/09 19:36:35 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdmcomx.dll
[2008/11/09 19:36:35 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdminst.dll
[2008/10/25 13:17:57 | 000,786,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/09/19 16:20:55 | 000,000,616 | ---- | C] () -- C:\Windows\SysWow64\Warlords4Editor.ini
[2008/06/02 17:23:12 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/05/07 14:22:05 | 000,012,288 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/23 22:24:57 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2008/04/23 22:24:57 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2008/04/23 22:05:51 | 000,000,078 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2008/04/23 18:28:40 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008/04/23 17:47:24 | 000,003,348 | ---- | C] () -- C:\Windows\SysWow64\Ludap17.ini
[2008/04/23 17:38:28 | 000,001,460 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2007/12/04 05:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007/06/07 15:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2006/03/17 18:11:56 | 000,081,408 | ---- | C] () -- C:\Windows\SysWow64\P17.DLL
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\AMV_DecDLL.dll
[2003/10/02 20:48:18 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\P17CPI.DLL

========== LOP Check ==========

[2010/06/11 01:07:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\2monkeys
[2008/11/09 19:42:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\5000 Series
[2010/09/01 22:07:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Advanced Combat Tracker
[2008/08/14 20:06:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Amaranth Games
[2009/08/05 10:12:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Astro Gemini Software
[2010/11/19 17:20:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Azureus
[2010/07/05 21:20:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Big Fish Games
[2008/12/03 23:03:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BitDownload
[2009/08/15 13:33:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Blitware
[2008/07/04 01:23:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\cerasus.media
[2008/12/25 21:12:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
[2009/07/19 20:22:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Electronic Arts
[2009/05/15 00:34:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EleFun Games
[2010/07/06 10:07:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ERS G-Studio
[2010/08/08 00:38:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ERS Game Studios
[2008/09/17 21:12:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Eyeblaster
[2008/07/28 22:41:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FarmerJane
[2009/02/13 13:24:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Flood Light Games
[2008/08/12 12:34:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ForgottenRiddles2
[2010/10/27 22:45:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FreeStone Group
[2008/07/31 18:40:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Friday's games
[2010/06/11 00:38:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Fugazo
[2008/09/17 21:12:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GameHouse
[2010/02/17 12:29:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GARMIN
[2009/11/25 00:12:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GetRightToGo
[2010/08/22 12:45:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Gogii
[2008/07/04 00:57:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Gogii Games
[2009/08/25 18:34:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
[2010/10/08 00:13:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InfraRecorder
[2009/02/08 03:47:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\iWin
[2010/07/05 22:01:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Lazy Turtle Games
[2010/09/26 17:07:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2008/11/09 19:45:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Lexmark Productivity Studio
[2010/11/07 20:42:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LimeWire
[2010/07/06 22:04:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Merscom
[2010/10/27 23:30:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mioObjects
[2009/07/25 14:14:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\My Games
[2009/09/21 19:24:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MyPublisher
[2009/06/27 12:28:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\NCH Swift Sound
[2009/02/05 14:56:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Oberon Games
[2010/08/22 12:44:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Oberon Media
[2010/10/07 15:54:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2010/09/12 21:13:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PlayFirst
[2008/12/03 03:49:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Pogo Games
[2010/08/18 11:58:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ProfitUI Reborn Updater
[2010/10/26 18:31:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Raptr
[2009/05/10 15:52:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sierra
[2008/06/12 19:29:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Skinux
[2010/07/06 23:11:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Skunk Studios
[2008/10/27 01:14:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SpinTop
[2010/11/03 01:00:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Star Ruler
[2009/08/04 23:24:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Stardock
[2009/10/18 13:50:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\StreamTorrent
[2008/07/31 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sudden Games
[2010/11/07 19:12:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Systweak
[2008/12/08 03:50:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TheScruffs
[2010/10/18 14:59:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2010/02/07 21:05:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Vivox
[2010/11/13 17:12:31 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/11/19 04:52:00 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\ASO-AntiSpyware.job
[2010/11/17 07:43:39 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\ASO-DiskOptimizer.job
[2010/11/17 07:44:05 | 000,000,460 | ---- | M] () -- C:\Windows\Tasks\ASO-RegistryCleaner.job
[2010/11/17 08:51:00 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\ASO-SystemCleaner.job
[2010/11/13 16:16:06 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/19 14:31:23 | 000,000,450 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2FE5C40A-E355-489E-B912-307BFB235DDC}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:BD9F7E4E
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:CB0EB1DE
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:FC4EA67C
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:34B9286E
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:FACB65E7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:7715B65F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:3AD6342E
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:FAFEC4B9
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:9491C9C7
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9B7E8561
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D3A89E47
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:7FD903D7
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:EDED3240
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:68B61847
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:07241935
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:80EA2EA3
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:895A78C5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:814B9485
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7F66BF58
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:2AE459B9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:EA1919C7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C5A503E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2C678471
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:225CD7D5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A724744F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:426796C0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:3F2F06F2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:943E8182
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5D2892D9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CA0CE093
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:AA60673F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:BE40C8A2
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3B5038B1
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:114BD271
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:101708D3
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:CC2686CD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:3C5ABDC7
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8401B6D5
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:F036C20D
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:581B0446
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:957E9765
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:7A0EFE63
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:96CC3FEF
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:AF54CFFD
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:8160BC44
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:24FECE50
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:EA34E08F
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:ED810E46
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B894C266

< End of report >

ken545
2010-11-20, 01:08
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe







Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe ()
PRC - C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe ()
SRV - (ASKUpgrade) -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (ASKService) -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe ()
O2 - BHO: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Administrator\AppData\LocalLow\CyberDefender\cdmyidd.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Administrator\AppData\LocalLow\CyberDefender
[2010/11/16 09:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia

:Services

:Reg

:Files
C:\Program Files (x86)\AskBarDis
C:\ProgramData\Trymedia


:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

jim45682
2010-11-20, 03:27
fix log;

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named Program Files was found!
No active process named Program Files was found!
Service ASKUpgrade stopped successfully!
Service ASKUpgrade deleted successfully!
C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe moved successfully.
Service ASKService stopped successfully!
Service ASKService deleted successfully!
C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}\ not found.
C:\Users\Administrator\AppData\LocalLow\CyberDefender folder moved successfully.
C:\ProgramData\Trymedia\licenses folder moved successfully.
C:\ProgramData\Trymedia\data folder moved successfully.
C:\ProgramData\Trymedia folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files (x86)\AskBarDis\bar\Settings folder moved successfully.
C:\Program Files (x86)\AskBarDis\bar\bin folder moved successfully.
C:\Program Files (x86)\AskBarDis\bar folder moved successfully.
C:\Program Files (x86)\AskBarDis folder moved successfully.
File\Folder C:\ProgramData\Trymedia not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 32064393 bytes
->Temporary Internet Files folder emptied: 54930630 bytes
->Java cache emptied: 517140580 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 76494 bytes

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: user
->Temp folder emptied: 33042 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 36168 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34746 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 375294694 bytes

Total Files Cleaned = 934.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.3 log created on 11192010_200923

Files\Folders moved on Reboot...
C:\Users\Administrator\AppData\Local\Temp\Rpcqt.dll moved successfully.
File move failed. C:\Windows\SysNative\uxtEA13.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\temp\_avast5_\Webshlock.txt not found!
C:\Windows\temp\WebEx\Log\1113\atashost.log moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

jim45682
2010-11-20, 03:43
new OTL scan log

OTL logfile created on: 11/19/2010 8:28:20 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 96.60 Gb Free Space | 32.41% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (Lavasoft )
PRC - C:\Program Files (x86)\Advanced System Optimizer 3\ASO3.exe (Systweak Inc., (www.systweak.com))
PRC - C:\Program Files (x86)\Advanced System Optimizer 3\systemprotector.exe (Systweak Inc., (www.systweak.com))
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe (AG Interactive)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe (Hewlett-Packard Co.)
PRC - C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (lxdm_device) -- C:\Windows\SysNative\lxdmcoms.exe ( )
SRV:64bit: - (lxdmCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdmserv.exe ()
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_5632d69.dll ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (ASO3DiskOptimizer) -- C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe (Systweak Inc., (www.systweak.com))
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (AGCoreService) -- C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe (AG Interactive)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (lxdm_device) -- C:\Windows\SysWow64\lxdmcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (NPPTNT2) -- C:\Windows\SysNative\npptNT2.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (purendis) -- C:\Windows\SysNative\DRIVERS\purendis.sys (Cisco Systems, Inc.)
DRV:64bit: - (pnarp) -- C:\Windows\SysNative\DRIVERS\pnarp.sys (Cisco Systems, Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\DRIVERS\motmodem.sys (Motorola)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (p17filtx) -- C:\Windows\SysNative\drivers\p17filtx.sys (Sensaura)
DRV:64bit: - (P1764) -- C:\Windows\SysNative\drivers\P1764.sys (Creative Technology Ltd.)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (RTCore64) -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys ()
DRV - (TVICHW64) -- C:\Windows\SysWOW64\drivers\TVICHW64.SYS (EnTech Taiwan)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files (x86)\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/29 02:22:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/01 12:26:30 | 000,000,000 | ---D | M]

[2010/02/07 21:02:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2010/02/07 21:02:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/04/17 22:54:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/09/19 09:05:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions
[2009/09/19 09:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/01/30 07:22:48 | 000,678,400 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\components\ec09dff2-76c2-a0ba-debd-a8f37a2e17e0.dll
[2008/12/01 08:42:06 | 000,638,464 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\components\nsadzgalore.dll
[2008/10/14 21:33:30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

O1 HOSTS File: ([2010/11/19 20:17:14 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (Tensons.Application.DownloadAcceleratorManager.BHO) - {00000003-1118-11da-8cd6-0800200c9888} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (agihelper.AGUtils) - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files (x86)\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (egreetings.com Toolbar) - {1c99b848-84cb-4ce4-8cd8-ed5719484d9f} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files (x86)\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Lexmark 5000 Series] C:\Program Files (x86)\Lexmark 5000 Series\fm3032.exe ()
O4 - HKLM..\Run: [P17Helper] C:\Windows\SysWow64\P17.DLL ()
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\dlm.exe (IGN Entertainment)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\Windows\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Video Library] C:\Users\ADMINI~1\AppData\Local\Temp\Rpcqt.DLL File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1216013807322&h=d9ebd5547dc8cdf7a6c1ac80beaae205/&filename=jinstall-6u7-windows-i586-jc.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} http://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab (CanvasX Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://webcam.atomicmods.com/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: CabBuilder http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\Pictures\untitled.bmp
O24 - Desktop BackupWallPaper: C:\Users\Administrator\Pictures\untitled.bmp
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/16 22:33:31 | 000,192,464 | ---- | M] () - C:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2009/04/16 22:33:31 | 000,063,204 | ---- | M] () - C:\AUTO.pst -- [ NTFS ]
O33 - MountPoints2\{40bf6040-e7cd-11df-b939-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{40bf6040-e7cd-11df-b939-806e6f6e6963}\Shell\AutoRun\command - "" = J:\kochstart\kochstart.exe -- File not found
O33 - MountPoints2\{8425e4fb-161e-11df-b4e1-001d600c0762}\Shell - "" = AutoRun
O33 - MountPoints2\{8425e4fb-161e-11df-b4e1-001d600c0762}\Shell\AutoRun\command - "" = N:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (sasnative64) - File not found
O34 - HKLM BootExecute: (ettings...) - File not found
O34 - HKLM BootExecute: (ountPoints2\O\Shell) - File not found
O34 - HKLM BootExecute: (nts2\N\S) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/19 20:09:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/19 20:07:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\erunt
[2010/11/19 14:48:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/11/13 16:53:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/13 16:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/11/11 15:42:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WMP Tag Plus
[2010/11/11 15:39:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xiph.Org
[2010/11/11 03:07:03 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010/11/11 03:07:03 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/11/09 20:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010/11/09 19:39:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Fallout3
[2010/11/09 19:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2010/11/09 19:26:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010/11/09 10:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/11/08 22:31:12 | 000,402,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvraiins.dll
[2010/11/08 22:31:12 | 000,402,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvraidco.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoPtb.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoIt.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoFr.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoEsm.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoEs.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoDe.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoSv.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoRu.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoNo.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoNl.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoFi.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoDa.dll
[2010/11/08 22:31:12 | 000,017,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoENU.dll
[2010/11/08 22:31:12 | 000,017,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoEng.dll
[2010/11/08 22:31:12 | 000,016,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoKo.dll
[2010/11/08 22:31:12 | 000,016,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoJa.dll
[2010/11/08 22:31:12 | 000,015,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoZht.dll
[2010/11/08 22:31:12 | 000,015,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoZhc.dll
[2010/11/08 21:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/11/08 21:56:20 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/11/08 21:56:20 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/11/08 21:56:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/11/08 21:56:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/11/07 20:46:42 | 000,017,640 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\ROBoot64.exe
[2010/11/07 19:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/11/07 19:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2010/11/07 19:12:02 | 000,000,000 | ---D | C] -- C:\Windows\Repair
[2010/11/07 19:12:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Systweak
[2010/11/07 19:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Optimizer 3
[2010/11/07 19:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/11/07 19:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/07 19:02:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010/11/07 16:55:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010/11/03 23:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DeepSilver
[2010/11/03 23:42:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2010/11/03 00:44:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Strategy First
[2010/11/02 22:10:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Star Ruler
[2010/11/02 22:07:50 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/11/02 22:07:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Star Ruler
[2010/10/31 15:53:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\EA Games
[2010/10/31 14:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/10/29 11:30:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/10/29 11:16:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Games
[2010/10/29 10:51:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Sunbelt Software
[2010/10/29 10:50:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/10/29 01:54:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lighthouse Interactive
[2010/10/29 00:14:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\OsmosDemo
[2010/10/29 00:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2010/10/29 00:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OsmosDemo
[2010/10/27 23:31:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\New Folder (2)
[2010/10/27 23:30:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\mioObjects
[2010/10/27 23:27:52 | 000,061,440 | ---- | C] (JGsoft - Just Great Software) -- C:\Windows\UnDeploy.exe
[2010/10/27 23:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proactive Information Corporation
[2010/10/27 23:25:44 | 000,000,000 | ---D | C] -- C:\Windows\3D Ocean Lite
[2010/10/27 23:23:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3D Butterfly
[2010/10/27 23:16:40 | 000,792,298 | ---- | C] (Axialis Software) -- C:\Windows\SysWow64\catsplay.scr
[2010/10/27 23:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bear Celebrates Free Screensaver
[2010/10/27 23:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FullScreensavers.com
[2010/10/27 23:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaversPlanet.com
[2010/10/27 23:07:22 | 001,057,280 | ---- | C] (7art-screensavers.com) -- C:\Windows\Moon Clock.scr
[2010/10/27 23:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7art
[2010/10/27 22:45:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\FreeStone Group
[2010/10/27 22:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Video Card Stability Test
[2010/10/27 17:14:15 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/10/27 17:14:15 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010/10/27 17:11:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\NVIDIA
[2010/10/27 16:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVGA Precision
[2010/10/27 16:07:09 | 000,255,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcohda6.dll
[2010/10/27 16:07:09 | 000,131,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2010/10/27 16:07:09 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2010/10/27 16:04:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/10/27 16:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/10/27 16:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/10/26 18:10:10 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/10/26 18:10:10 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/10/26 18:10:08 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/10/26 18:10:08 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/10/26 18:10:07 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/10/26 18:10:06 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/10/22 14:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra
[2010/10/22 11:57:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/10/21 08:53:01 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/21 08:47:11 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2010/10/21 08:45:45 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/10/21 08:45:45 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/10/21 08:45:44 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/10/21 08:43:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Windows Live
[2010/10/21 08:42:58 | 001,103,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webservices.dll
[2010/10/21 08:42:58 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webservices.dll
[2008/11/09 19:36:35 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdminpa.dll
[2008/11/09 19:36:35 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmiesc.dll
[2008/11/09 19:36:34 | 000,950,272 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmusb1.dll
[2008/11/09 19:36:34 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmpmui.dll
[2008/11/09 19:36:33 | 001,200,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmserv.dll
[2008/11/09 19:36:33 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmcomc.dll
[2008/11/09 19:36:33 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmhbn3.dll
[2008/11/09 19:36:33 | 000,565,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmlmpm.dll
[2008/11/09 19:36:33 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmcomm.dll
[2008/11/09 19:36:33 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmprox.dll
[2002/04/11 03:41:06 | 000,065,536 | ---- | C] ( ) -- C:\Windows\SysWow64\A3D.DLL
[4 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

jim45682
2010-11-20, 03:44
========== Files - Modified Within 30 Days ==========

[2010/11/19 20:26:22 | 000,802,674 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/19 20:26:22 | 000,672,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/19 20:26:22 | 000,131,726 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/19 20:20:00 | 000,037,685 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/11/19 20:19:59 | 000,037,685 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/11/19 20:19:38 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/19 20:19:37 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/11/19 20:19:36 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/19 20:19:35 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/19 20:19:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/19 20:09:27 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ASO-AntiSpyware.job
[2010/11/19 20:06:39 | 000,513,320 | ---- | M] () -- C:\Users\Administrator\Desktop\erunt.zip
[2010/11/19 19:34:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/19 17:54:03 | 000,000,598 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Administrator.job
[2010/11/19 14:49:43 | 000,630,272 | ---- | M] () -- C:\Users\Administrator\Desktop\dds.scr
[2010/11/19 14:48:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/11/19 14:31:23 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2FE5C40A-E355-489E-B912-307BFB235DDC}.job
[2010/11/17 08:51:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ASO-SystemCleaner.job
[2010/11/17 07:44:05 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\ASO-RegistryCleaner.job
[2010/11/17 07:43:39 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\ASO-DiskOptimizer.job
[2010/11/16 09:55:01 | 000,000,769 | ---- | M] () -- C:\Users\Administrator\Desktop\World of Warcraft.lnk
[2010/11/13 17:20:06 | 000,004,035 | ---- | M] () -- C:\Users\Administrator\Documents\Attach.zip
[2010/11/13 16:53:12 | 000,000,943 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/13 16:52:58 | 000,000,744 | ---- | M] () -- C:\Users\Administrator\Desktop\ERUNT.lnk
[2010/11/13 16:34:26 | 000,002,575 | ---- | M] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2010/11/11 16:12:27 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/11/11 16:12:27 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/11/11 16:12:27 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/11/11 16:12:27 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/11/10 08:55:29 | 000,001,085 | ---- | M] () -- C:\Users\Administrator\Desktop\FalloutLauncher - Shortcut.lnk
[2010/11/09 20:16:36 | 000,001,050 | ---- | M] () -- C:\Users\Administrator\Desktop\Fallout3 - Shortcut.lnk
[2010/11/08 21:51:27 | 000,002,111 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Optimizer.lnk
[2010/11/08 21:51:27 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Smart PC Care.lnk
[2010/11/08 21:51:27 | 000,000,877 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced System Optimizer.lnk
[2010/11/07 20:55:00 | 005,378,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/07 20:52:29 | 000,002,088 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2010/11/07 19:17:21 | 000,001,019 | ---- | M] () -- C:\Users\Administrator\Desktop\Adobe Photoshop CS5 (64 Bit).lnk
[2010/11/05 15:34:53 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/11/04 20:56:46 | 000,012,288 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/04 00:00:40 | 000,000,965 | ---- | M] () -- C:\Users\Administrator\Desktop\X3 - Shortcut.lnk
[2010/11/04 00:00:13 | 000,000,124 | ---- | M] () -- C:\Users\Administrator\Documents\ax_files.xml
[2010/11/03 23:42:56 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010/11/03 23:35:00 | 000,503,352 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/11/03 11:08:29 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/11/03 00:45:09 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Space Empires V.lnk
[2010/11/02 22:09:55 | 000,000,859 | ---- | M] () -- C:\Users\Administrator\Desktop\Star Ruler.lnk
[2010/10/29 11:30:40 | 000,000,938 | ---- | M] () -- C:\Users\Administrator\Desktop\2.lnk
[2010/10/29 10:50:53 | 000,001,073 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/29 10:50:53 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/10/29 01:59:55 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\Sword of the Stars CE.lnk
[2010/10/29 01:36:15 | 000,000,298 | ---- | M] () -- C:\Windows\vtmb.ini
[2010/10/29 00:14:26 | 000,000,858 | ---- | M] () -- C:\Users\Administrator\Desktop\OsmosDemo.lnk
[2010/10/27 23:43:36 | 000,000,130 | ---- | M] () -- C:\Windows\waterfalls.ini
[2010/10/27 23:30:24 | 000,359,431 | ---- | M] () -- C:\Windows\SysWow64\mioengine.exe
[2010/10/27 23:16:40 | 000,792,298 | ---- | M] (Axialis Software) -- C:\Windows\SysWow64\catsplay.scr
[2010/10/27 23:12:41 | 000,001,676 | ---- | M] () -- C:\Windows\unins000.dat
[2010/10/27 17:14:17 | 000,002,328 | ---- | M] () -- C:\Users\Administrator\Desktop\Supersonic Sled Configuration.lnk
[2010/10/27 17:14:17 | 000,002,323 | ---- | M] () -- C:\Users\Administrator\Desktop\Supersonic Sled.lnk
[2010/10/27 17:14:17 | 000,001,150 | ---- | M] () -- C:\Users\Administrator\Desktop\Supersonic Sled Replays.lnk
[2010/10/27 16:56:24 | 000,000,913 | ---- | M] () -- C:\Users\Administrator\Desktop\EVGA Precision.lnk
[2010/10/27 15:55:07 | 000,001,460 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2010/10/24 12:11:02 | 000,002,009 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/22 14:20:13 | 000,000,964 | ---- | M] () -- C:\Users\Administrator\Desktop\CaesarIV - Shortcut.lnk
[2010/10/22 14:15:19 | 000,000,190 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2010/10/22 14:04:24 | 000,001,623 | ---- | M] () -- C:\Users\Public\Desktop\Play Caesar IV!.lnk
[4 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/19 20:06:38 | 000,513,320 | ---- | C] () -- C:\Users\Administrator\Desktop\erunt.zip
[2010/11/19 14:49:38 | 000,630,272 | ---- | C] () -- C:\Users\Administrator\Desktop\dds.scr
[2010/11/13 17:20:06 | 000,004,035 | ---- | C] () -- C:\Users\Administrator\Documents\Attach.zip
[2010/11/13 16:53:12 | 000,000,943 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/13 16:52:58 | 000,000,744 | ---- | C] () -- C:\Users\Administrator\Desktop\ERUNT.lnk
[2010/11/13 16:34:11 | 000,002,575 | ---- | C] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2010/11/13 12:21:00 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\ASO-SystemCleaner.job
[2010/11/13 12:20:28 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\ASO-RegistryCleaner.job
[2010/11/13 12:19:55 | 000,000,472 | ---- | C] () -- C:\Windows\tasks\ASO-DiskOptimizer.job
[2010/11/13 12:18:44 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\ASO-AntiSpyware.job
[2010/11/11 03:29:32 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/11/10 08:55:29 | 000,001,085 | ---- | C] () -- C:\Users\Administrator\Desktop\FalloutLauncher - Shortcut.lnk
[2010/11/09 20:16:36 | 000,001,050 | ---- | C] () -- C:\Users\Administrator\Desktop\Fallout3 - Shortcut.lnk
[2010/11/09 19:28:16 | 000,028,089 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_depcheckdotnetfx30.txt
[2010/11/09 19:28:10 | 000,033,634 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_dotnetfx3install.txt
[2010/11/09 19:28:10 | 000,000,604 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_dotnetfx3error.txt
[2010/11/07 20:46:42 | 000,002,088 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2010/11/07 19:17:21 | 000,001,019 | ---- | C] () -- C:\Users\Administrator\Desktop\Adobe Photoshop CS5 (64 Bit).lnk
[2010/11/07 19:11:49 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2010/11/07 19:11:46 | 000,002,111 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Optimizer.lnk
[2010/11/07 19:11:46 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Smart PC Care.lnk
[2010/11/07 19:11:46 | 000,000,877 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced System Optimizer.lnk
[2010/11/04 00:00:40 | 000,000,965 | ---- | C] () -- C:\Users\Administrator\Desktop\X3 - Shortcut.lnk
[2010/11/04 00:00:13 | 000,000,124 | ---- | C] () -- C:\Users\Administrator\Documents\ax_files.xml
[2010/11/03 23:42:56 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010/11/03 23:35:00 | 000,503,352 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/11/03 00:45:09 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Space Empires V.lnk
[2010/11/02 22:09:55 | 000,000,859 | ---- | C] () -- C:\Users\Administrator\Desktop\Star Ruler.lnk
[2010/11/02 22:07:58 | 000,417,272 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistMSI079C.txt
[2010/11/02 22:07:54 | 000,014,792 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI079C.txt
[2010/10/29 11:30:40 | 000,000,938 | ---- | C] () -- C:\Users\Administrator\Desktop\2.lnk
[2010/10/29 10:50:53 | 000,001,073 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/29 10:50:53 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/10/29 01:59:55 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\Sword of the Stars CE.lnk
[2010/10/29 01:36:15 | 000,000,298 | ---- | C] () -- C:\Windows\vtmb.ini
[2010/10/29 00:14:26 | 000,000,858 | ---- | C] () -- C:\Users\Administrator\Desktop\OsmosDemo.lnk
[2010/10/27 23:43:24 | 000,000,130 | ---- | C] () -- C:\Windows\waterfalls.ini
[2010/10/27 23:39:54 | 003,446,272 | ---- | C] () -- C:\Windows\Light Driver 2.stg
[2010/10/27 23:39:54 | 000,794,624 | ---- | C] () -- C:\Windows\Light Driver 2.scr
[2010/10/27 23:39:54 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2010/10/27 23:30:25 | 000,359,431 | ---- | C] () -- C:\Windows\SysWow64\mioengine.exe
[2010/10/27 23:27:52 | 000,474,431 | ---- | C] () -- C:\Windows\SysWow64\Realtime Weather Screen Saver 4.02.scr
[2010/10/27 23:25:45 | 000,000,081 | ---- | C] () -- C:\Windows\3d-ocean-homepage.url
[2010/10/27 23:25:44 | 001,719,808 | ---- | C] () -- C:\Windows\Fantastic Ocean 3D Lite.scr
[2010/10/27 23:15:13 | 000,647,168 | ---- | C] () -- C:\Windows\SysWow64\bearfree.scr
[2010/10/27 23:12:41 | 000,001,676 | ---- | C] () -- C:\Windows\unins000.dat
[2010/10/27 17:14:17 | 000,002,328 | ---- | C] () -- C:\Users\Administrator\Desktop\Supersonic Sled Configuration.lnk
[2010/10/27 17:14:17 | 000,002,323 | ---- | C] () -- C:\Users\Administrator\Desktop\Supersonic Sled.lnk
[2010/10/27 17:14:17 | 000,001,150 | ---- | C] () -- C:\Users\Administrator\Desktop\Supersonic Sled Replays.lnk
[2010/10/27 16:56:24 | 000,000,913 | ---- | C] () -- C:\Users\Administrator\Desktop\EVGA Precision.lnk
[2010/10/27 16:29:18 | 000,037,685 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/10/27 16:29:17 | 000,037,685 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/10/27 16:01:23 | 000,010,932 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/10/24 12:11:02 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/10/24 12:11:02 | 000,002,009 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/22 14:20:13 | 000,000,964 | ---- | C] () -- C:\Users\Administrator\Desktop\CaesarIV - Shortcut.lnk
[2010/10/22 14:15:19 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/10/22 14:04:24 | 000,001,623 | ---- | C] () -- C:\Users\Public\Desktop\Play Caesar IV!.lnk
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/10/13 08:26:30 | 000,367,906 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistMSI7843.txt
[2010/10/13 08:26:29 | 000,012,210 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI7843.txt
[2010/06/23 11:10:13 | 000,374,670 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistMSI46AF.txt
[2010/06/23 11:10:13 | 000,011,426 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI46AF.txt
[2010/05/13 23:52:07 | 000,003,072 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\HFO27 Pref
[2010/05/13 23:52:05 | 000,000,035 | -H-- | C] () -- C:\Users\Administrator\AppData\Roaming\hfo26id
[2010/03/03 22:51:33 | 000,001,615 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/09/27 13:48:23 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/08/26 04:58:39 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/26 04:57:31 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/07 23:04:56 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/05/24 22:10:18 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/04/26 21:04:25 | 000,000,009 | ---- | C] () -- C:\Program Files (x86)\install_log.dat
[2009/04/25 23:08:54 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2009/02/13 10:59:25 | 000,000,077 | ---- | C] () -- C:\Windows\st_affiliate.ini
[2008/11/26 20:16:36 | 002,783,026 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_NET_Framework35_x64_MSI3889.txt
[2008/11/26 20:14:36 | 000,199,947 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2008/11/26 20:14:32 | 000,175,458 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_dotnetfx35install.txt
[2008/11/26 20:14:32 | 000,005,902 | ---- | C] () -- C:\Users\Administrator\AppData\Local\uxeventlog.txt
[2008/11/26 20:14:32 | 000,000,002 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_dotnetfx35error.txt
[2008/11/13 06:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2008/11/09 19:36:35 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdmcomx.dll
[2008/11/09 19:36:35 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdminst.dll
[2008/10/25 13:17:57 | 000,786,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/09/19 16:20:55 | 000,000,616 | ---- | C] () -- C:\Windows\SysWow64\Warlords4Editor.ini
[2008/06/02 17:23:12 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/05/07 14:22:05 | 000,012,288 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/23 22:24:57 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2008/04/23 22:24:57 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2008/04/23 22:05:51 | 000,000,078 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2008/04/23 18:28:40 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008/04/23 17:47:24 | 000,003,348 | ---- | C] () -- C:\Windows\SysWow64\Ludap17.ini
[2008/04/23 17:38:28 | 000,001,460 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2007/12/04 05:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007/06/07 15:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2006/03/17 18:11:56 | 000,081,408 | ---- | C] () -- C:\Windows\SysWow64\P17.DLL
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\AMV_DecDLL.dll
[2003/10/02 20:48:18 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\P17CPI.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:BD9F7E4E
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:CB0EB1DE
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:FC4EA67C
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:34B9286E
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:FACB65E7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:7715B65F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:3AD6342E
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:FAFEC4B9
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:9491C9C7
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9B7E8561
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D3A89E47
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:7FD903D7
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:EDED3240
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:68B61847
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:07241935
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:80EA2EA3
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:895A78C5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:814B9485
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7F66BF58
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:2AE459B9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:EA1919C7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C5A503E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2C678471
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:225CD7D5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A724744F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:426796C0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:3F2F06F2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:943E8182
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5D2892D9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CA0CE093
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:AA60673F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:BE40C8A2
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3B5038B1
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:114BD271
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:101708D3
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:CC2686CD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:3C5ABDC7
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8401B6D5
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:F036C20D
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:581B0446
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:957E9765
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:7A0EFE63
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:96CC3FEF
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:AF54CFFD
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:8160BC44
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:24FECE50
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:EA34E08F
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:ED810E46
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B894C266

< End of report >

jim45682
2010-11-20, 03:52
After the run fix reboot 2 error windows opened, one says Error loading C:\Users\ADMINI~1\AppData\Local\Temp\Rpcqt.dll The specified module could not be found

second one was One of the core components of WMP Tag Plus is missing or failed to load properly Try reinstalling WMP Tag Plus and contact the author if the problem persists.

flash updated and also ad-aware updated

jim45682
2010-11-20, 03:55
also internet explorer is running really really slow loading pages after the fix and my startup seems slow if you could look into my startup and make sure there isnt anything starting thats not needed would be great, thanks.

Jim

ken545
2010-11-20, 11:42
Hi,

WMP Tag Plus is a plug in for windows media player and I don't see it removed during the fix. If the error does not go away we just need to reinstall it.

We removed a lot of temp files, sometimes it takes a reboot or two to get you back up to speed

This should fix the Rpcqt.DLL error
Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Video Library] C:\Users\ADMINI~1\AppData\Local\Temp\Rpcqt.DLL File not found

:Services

:Reg

:Files


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the results of the log.






Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

jim45682
2010-11-20, 20:05
OTL fix log;

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Video Library not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 3694140 bytes
->Temporary Internet Files folder emptied: 39279750 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2008 bytes

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 36168 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5150 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 309545 bytes

Total Files Cleaned = 41.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11202010_125133

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\uxtEA13.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\temp\_avast5_\Webshlock.txt not found!
C:\Windows\temp\WebEx\Log\1119\atashost.log moved successfully.

Registry entries deleted on Reboot...

jim45682
2010-11-20, 20:06
mbam log;

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5157

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

11/20/2010 12:49:45 PM
mbam-log-2010-11-20 (12-49-45).txt

Scan type: Quick scan
Objects scanned: 160383
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\video library (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\vxgl17515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\components\ec09dff2-76c2-a0ba-debd-a8f37a2e17e0.dll (Adware.Yoog) -> Quarantined and deleted successfully.

ken545
2010-11-21, 00:40
Go ahead and post a new OTL log, no need for the extras log this tiime

jim45682
2010-11-21, 01:25
new OTL scan log

OTL logfile created on: 11/20/2010 6:15:51 PM - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 101.87 Gb Free Space | 34.17% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Advanced System Optimizer 3\ASO3.exe (Systweak Inc., (www.systweak.com))
PRC - C:\Program Files (x86)\Advanced System Optimizer 3\systemprotector.exe (Systweak Inc., (www.systweak.com))
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe (Hewlett-Packard Co.)
PRC - C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (lxdm_device) -- C:\Windows\SysNative\lxdmcoms.exe ( )
SRV:64bit: - (lxdmCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdmserv.exe ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_5632d69.dll ()
SRV - (ASO3DiskOptimizer) -- C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe (Systweak Inc., (www.systweak.com))
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (lxdm_device) -- C:\Windows\SysWow64\lxdmcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (NPPTNT2) -- C:\Windows\SysNative\npptNT2.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (purendis) -- C:\Windows\SysNative\DRIVERS\purendis.sys (Cisco Systems, Inc.)
DRV:64bit: - (pnarp) -- C:\Windows\SysNative\DRIVERS\pnarp.sys (Cisco Systems, Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\DRIVERS\motmodem.sys (Motorola)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (p17filtx) -- C:\Windows\SysNative\drivers\p17filtx.sys (Sensaura)
DRV:64bit: - (P1764) -- C:\Windows\SysNative\drivers\P1764.sys (Creative Technology Ltd.)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (RTCore64) -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys ()
DRV - (TVICHW64) -- C:\Windows\SysWOW64\drivers\TVICHW64.SYS (EnTech Taiwan)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files (x86)\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/29 02:22:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/01 12:26:30 | 000,000,000 | ---D | M]

[2010/02/07 21:02:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2010/02/07 21:02:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/04/17 22:54:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/09/19 09:05:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions
[2009/09/19 09:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008/12/01 08:42:06 | 000,638,464 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\components\nsadzgalore.dll
[2008/10/14 21:33:30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

O1 HOSTS File: ([2010/11/19 20:17:14 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (Tensons.Application.DownloadAcceleratorManager.BHO) - {00000003-1118-11da-8cd6-0800200c9888} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files (x86)\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files (x86)\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Lexmark 5000 Series] C:\Program Files (x86)\Lexmark 5000 Series\fm3032.exe ()
O4 - HKLM..\Run: [P17Helper] C:\Windows\SysWow64\P17.DLL ()
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\dlm.exe (IGN Entertainment)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\Windows\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1216013807322&h=d9ebd5547dc8cdf7a6c1ac80beaae205/&filename=jinstall-6u7-windows-i586-jc.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} http://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab (CanvasX Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://webcam.atomicmods.com/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: CabBuilder http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\Pictures\untitled.bmp
O24 - Desktop BackupWallPaper: C:\Users\Administrator\Pictures\untitled.bmp
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1

jim45682
2010-11-21, 01:26
/04/16 22:33:31 | 000,192,464 | ---- | M] () - C:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2009/04/16 22:33:31 | 000,063,204 | ---- | M] () - C:\AUTO.pst -- [ NTFS ]
O33 - MountPoints2\{40bf6040-e7cd-11df-b939-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{40bf6040-e7cd-11df-b939-806e6f6e6963}\Shell\AutoRun\command - "" = J:\kochstart\kochstart.exe -- File not found
O33 - MountPoints2\{8425e4fb-161e-11df-b4e1-001d600c0762}\Shell - "" = AutoRun
O33 - MountPoints2\{8425e4fb-161e-11df-b4e1-001d600c0762}\Shell\AutoRun\command - "" = N:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (sasnative64) - File not found
O34 - HKLM BootExecute: (ettings...) - File not found
O34 - HKLM BootExecute: (ountPoints2\O\Shell) - File not found
O34 - HKLM BootExecute: (nts2\N\S) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/20 14:19:42 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Users\Administrator\Desktop\spywareblastersetup44.exe
[2010/11/20 12:42:48 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/19 20:09:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/19 20:07:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\erunt
[2010/11/19 14:48:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/11/13 16:53:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/13 16:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/11/11 15:42:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WMP Tag Plus
[2010/11/11 15:39:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xiph.Org
[2010/11/11 03:07:03 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010/11/11 03:07:03 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/11/09 20:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010/11/09 19:39:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Fallout3
[2010/11/09 19:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2010/11/09 19:26:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010/11/09 10:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/11/08 22:31:12 | 000,402,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvraiins.dll
[2010/11/08 22:31:12 | 000,402,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvraidco.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoPtb.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoIt.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoFr.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoEsm.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoEs.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoDe.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoSv.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoRu.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoNo.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoNl.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoFi.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoDa.dll
[2010/11/08 22:31:12 | 000,017,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoENU.dll
[2010/11/08 22:31:12 | 000,017,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoEng.dll
[2010/11/08 22:31:12 | 000,016,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoKo.dll
[2010/11/08 22:31:12 | 000,016,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoJa.dll
[2010/11/08 22:31:12 | 000,015,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoZht.dll
[2010/11/08 22:31:12 | 000,015,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoZhc.dll
[2010/11/08 21:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/11/08 21:56:20 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/11/08 21:56:20 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/11/08 21:56:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/11/08 21:56:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/11/07 20:46:42 | 000,017,640 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\ROBoot64.exe
[2010/11/07 19:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/11/07 19:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2010/11/07 19:12:02 | 000,000,000 | ---D | C] -- C:\Windows\Repair
[2010/11/07 19:12:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Systweak
[2010/11/07 19:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Optimizer 3
[2010/11/07 19:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/11/07 19:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/07 19:02:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010/11/07 16:55:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010/11/03 23:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DeepSilver
[2010/11/03 23:42:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2010/11/03 00:44:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Strategy First
[2010/11/02 22:10:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Star Ruler
[2010/11/02 22:07:50 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/11/02 22:07:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Star Ruler
[2010/10/31 15:53:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\EA Games
[2010/10/31 14:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/10/29 11:30:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/10/29 11:16:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Games
[2010/10/29 10:51:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Sunbelt Software
[2010/10/29 10:50:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/10/29 01:54:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lighthouse Interactive
[2010/10/29 00:14:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\OsmosDemo
[2010/10/29 00:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2010/10/29 00:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OsmosDemo
[2010/10/27 23:31:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\wallpapers and junk
[2010/10/27 23:30:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\mioObjects
[2010/10/27 23:27:52 | 000,061,440 | ---- | C] (JGsoft - Just Great Software) -- C:\Windows\UnDeploy.exe
[2010/10/27 23:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proactive Information Corporation
[2010/10/27 23:25:44 | 000,000,000 | ---D | C] -- C:\Windows\3D Ocean Lite
[2010/10/27 23:23:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3D Butterfly
[2010/10/27 23:16:40 | 000,792,298 | ---- | C] (Axialis Software) -- C:\Windows\SysWow64\catsplay.scr
[2010/10/27 23:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bear Celebrates Free Screensaver
[2010/10/27 23:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FullScreensavers.com
[2010/10/27 23:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaversPlanet.com
[2010/10/27 23:07:22 | 001,057,280 | ---- | C] (7art-screensavers.com) -- C:\Windows\Moon Clock.scr
[2010/10/27 23:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7art
[2010/10/27 22:45:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\FreeStone Group
[2010/10/27 22:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Video Card Stability Test
[2010/10/27 17:14:15 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/10/27 17:14:15 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010/10/27 17:11:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\NVIDIA
[2010/10/27 16:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVGA Precision
[2010/10/27 16:07:09 | 000,255,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcohda6.dll
[2010/10/27 16:07:09 | 000,131,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2010/10/27 16:07:09 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2010/10/27 16:04:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/10/27 16:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/10/27 16:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/10/26 18:10:10 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/10/26 18:10:10 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/10/26 18:10:08 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/10/26 18:10:08 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/10/26 18:10:07 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/10/26 18:10:06 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/10/22 14:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra
[2010/10/22 11:57:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2008/11/09 19:36:35 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdminpa.dll
[2008/11/09 19:36:35 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmiesc.dll
[2008/11/09 19:36:34 | 000,950,272 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmusb1.dll
[2008/11/09 19:36:34 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmpmui.dll
[2008/11/09 19:36:33 | 001,200,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmserv.dll
[2008/11/09 19:36:33 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmcomc.dll
[2008/11/09 19:36:33 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmhbn3.dll
[2008/11/09 19:36:33 | 000,565,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmlmpm.dll
[2008/11/09 19:36:33 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmcomm.dll
[2008/11/09 19:36:33 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmprox.dll
[2002/04/11 03:41:06 | 000,065,536 | ---- | C] ( ) -- C:\Windows\SysWow64\A3D.DLL
[4 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/20 18:16:35 | 000,672,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/20 18:16:35 | 000,131,726 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/20 18:16:34 | 000,802,674 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/20 18:13:59 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/11/20 18:13:06 | 000,037,685 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/11/20 18:13:05 | 000,037,685 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/11/20 18:09:45 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/20 18:09:12 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/20 18:09:11 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/20 18:08:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/20 18:01:43 | 000,000,328 | ---- | M] () -- C:\Windows\SysWow64\UnifiedToolbarCleanup.bat
[2010/11/20 17:54:00 | 000,000,598 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Administrator.job
[2010/11/20 17:48:43 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2FE5C40A-E355-489E-B912-307BFB235DDC}.job
[2010/11/20 17:34:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/20 14:19:52 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Users\Administrator\Desktop\spywareblastersetup44.exe
[2010/11/20 04:52:03 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ASO-AntiSpyware.job
[2010/11/19 14:49:43 | 000,630,272 | ---- | M] () -- C:\Users\Administrator\Desktop\dds.scr
[2010/11/19 14:48:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/11/17 08:51:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ASO-SystemCleaner.job
[2010/11/17 07:44:05 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\ASO-RegistryCleaner.job
[2010/11/17 07:43:39 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\ASO-DiskOptimizer.job
[2010/11/16 09:55:01 | 000,000,769 | ---- | M] () -- C:\Users\Administrator\Desktop\World of Warcraft.lnk
[2010/11/13 17:20:06 | 000,004,035 | ---- | M] () -- C:\Users\Administrator\Documents\Attach.zip
[2010/11/13 16:53:12 | 000,000,943 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/11 16:12:27 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/11/11 16:12:27 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/11/11 16:12:27 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/11/11 16:12:27 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/11/08 21:51:27 | 000,000,877 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced System Optimizer.lnk
[2010/11/07 20:55:00 | 005,378,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/07 20:52:29 | 000,002,088 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2010/11/07 19:17:21 | 000,001,019 | ---- | M] () -- C:\Users\Administrator\Desktop\Adobe Photoshop CS5 (64 Bit).lnk
[2010/11/05 15:34:53 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/11/04 20:56:46 | 000,012,288 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/04 00:00:13 | 000,000,124 | ---- | M] () -- C:\Users\Administrator\Documents\ax_files.xml
[2010/11/03 23:42:56 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010/11/03 23:35:00 | 000,503,352 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/11/03 11:08:29 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/10/29 10:50:53 | 000,001,073 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/29 01:36:15 | 000,000,298 | ---- | M] () -- C:\Windows\vtmb.ini
[2010/10/27 23:43:36 | 000,000,130 | ---- | M] () -- C:\Windows\waterfalls.ini
[2010/10/27 23:30:24 | 000,359,431 | ---- | M] () -- C:\Windows\SysWow64\mioengine.exe
[2010/10/27 23:16:40 | 000,792,298 | ---- | M] (Axialis Software) -- C:\Windows\SysWow64\catsplay.scr
[2010/10/27 23:12:41 | 000,001,676 | ---- | M] () -- C:\Windows\unins000.dat
[2010/10/27 15:55:07 | 000,001,460 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2010/10/24 12:11:02 | 000,002,009 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/22 14:15:19 | 000,000,190 | ---- | M] () -- C:\Windows\ODBCINST.INI
[4 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/20 18:13:52 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/11/20 18:01:43 | 000,000,328 | ---- | C] () -- C:\Windows\SysWow64\UnifiedToolbarCleanup.bat
[2010/11/19 14:49:38 | 000,630,272 | ---- | C] () -- C:\Users\Administrator\Desktop\dds.scr
[2010/11/13 17:20:06 | 000,004,035 | ---- | C] () -- C:\Users\Administrator\Documents\Attach.zip
[2010/11/13 16:53:12 | 000,000,943 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/13 12:21:00 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\ASO-SystemCleaner.job
[2010/11/13 12:20:28 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\ASO-RegistryCleaner.job
[2010/11/13 12:19:55 | 000,000,472 | ---- | C] () -- C:\Windows\tasks\ASO-DiskOptimizer.job
[2010/11/13 12:18:44 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\ASO-AntiSpyware.job
[2010/11/09 19:28:16 | 000,028,089 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_depcheckdotnetfx30.txt
[2010/11/09 19:28:10 | 000,033,634 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_dotnetfx3install.txt
[2010/11/09 19:28:10 | 000,000,604 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_dotnetfx3error.txt
[2010/11/07 20:46:42 | 000,002,088 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2010/11/07 19:17:21 | 000,001,019 | ---- | C] () -- C:\Users\Administrator\Desktop\Adobe Photoshop CS5 (64 Bit).lnk
[2010/11/07 19:11:49 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2010/11/07 19:11:46 | 000,000,877 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced System Optimizer.lnk
[2010/11/04 00:00:13 | 000,000,124 | ---- | C] () -- C:\Users\Administrator\Documents\ax_files.xml
[2010/11/03 23:42:56 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010/11/03 23:35:00 | 000,503,352 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/11/02 22:07:58 | 000,417,272 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistMSI079C.txt
[2010/11/02 22:07:54 | 000,014,792 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI079C.txt
[2010/10/29 10:50:53 | 000,001,073 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/29 01:36:15 | 000,000,298 | ---- | C] () -- C:\Windows\vtmb.ini
[2010/10/27 23:43:24 | 000,000,130 | ---- | C] () -- C:\Windows\waterfalls.ini
[2010/10/27 23:39:54 | 003,446,272 | ---- | C] () -- C:\Windows\Light Driver 2.stg
[2010/10/27 23:39:54 | 000,794,624 | ---- | C] () -- C:\Windows\Light Driver 2.scr
[2010/10/27 23:39:54 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2010/10/27 23:30:25 | 000,359,431 | ---- | C] () -- C:\Windows\SysWow64\mioengine.exe
[2010/10/27 23:27:52 | 000,474,431 | ---- | C] () -- C:\Windows\SysWow64\Realtime Weather Screen Saver 4.02.scr
[2010/10/27 23:25:45 | 000,000,081 | ---- | C] () -- C:\Windows\3d-ocean-homepage.url
[2010/10/27 23:25:44 | 001,719,808 | ---- | C] () -- C:\Windows\Fantastic Ocean 3D Lite.scr
[2010/10/27 23:15:13 | 000,647,168 | ---- | C] () -- C:\Windows\SysWow64\bearfree.scr
[2010/10/27 23:12:41 | 000,001,676 | ---- | C] () -- C:\Windows\unins000.dat
[2010/10/27 16:29:18 | 000,037,685 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/10/27 16:29:17 | 000,037,685 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/10/27 16:01:23 | 000,010,932 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/10/24 12:11:02 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/10/24 12:11:02 | 000,002,009 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/22 14:15:19 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/10/13 08:26:30 | 000,367,906 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistMSI7843.txt
[2010/10/13 08:26:29 | 000,012,210 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI7843.txt
[2010/06/23 11:10:13 | 000,374,670 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistMSI46AF.txt
[2010/06/23 11:10:13 | 000,011,426 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI46AF.txt
[2010/05/13 23:52:07 | 000,003,072 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\HFO27 Pref
[2010/05/13 23:52:05 | 000,000,035 | -H-- | C] () -- C:\Users\Administrator\AppData\Roaming\hfo26id
[2010/03/03 22:51:33 | 000,001,615 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/09/27 13:48:23 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/08/26 04:58:39 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/26 04:57:31 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/07 23:04:56 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/05/24 22:10:18 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/04/26 21:04:25 | 000,000,009 | ---- | C] () -- C:\Program Files (x86)\install_log.dat
[2009/02/13 10:59:25 | 000,000,077 | ---- | C] () -- C:\Windows\st_affiliate.ini
[2008/11/26 20:16:36 | 002,783,026 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_NET_Framework35_x64_MSI3889.txt
[2008/11/26 20:14:36 | 000,199,947 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2008/11/26 20:14:32 | 000,175,458 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_dotnetfx35install.txt
[2008/11/26 20:14:32 | 000,005,902 | ---- | C] () -- C:\Users\Administrator\AppData\Local\uxeventlog.txt
[2008/11/26 20:14:32 | 000,000,002 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_dotnetfx35error.txt
[2008/11/13 06:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2008/11/09 19:36:35 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdmcomx.dll
[2008/11/09 19:36:35 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdminst.dll
[2008/10/25 13:17:57 | 000,786,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/09/19 16:20:55 | 000,000,616 | ---- | C] () -- C:\Windows\SysWow64\Warlords4Editor.ini
[2008/06/02 17:23:12 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/05/07 14:22:05 | 000,012,288 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/23 22:24:57 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2008/04/23 22:24:57 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2008/04/23 22:05:51 | 000,000,078 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2008/04/23 18:28:40 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008/04/23 17:47:24 | 000,003,348 | ---- | C] () -- C:\Windows\SysWow64\Ludap17.ini
[2008/04/23 17:38:28 | 000,001,460 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2007/12/04 05:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007/06/07 15:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2006/03/17 18:11:56 | 000,081,408 | ---- | C] () -- C:\Windows\SysWow64\P17.DLL
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\AMV_DecDLL.dll
[2003/10/02 20:48:18 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\P17CPI.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:BD9F7E4E
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:CB0EB1DE
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:FC4EA67C
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:34B9286E
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:FACB65E7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:7715B65F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:3AD6342E
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:FAFEC4B9
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:9491C9C7
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9B7E8561
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D3A89E47
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:7FD903D7
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:EDED3240
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:68B61847
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:07241935
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:80EA2EA3
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:895A78C5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:814B9485
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7F66BF58
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:2AE459B9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:EA1919C7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C5A503E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2C678471
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:225CD7D5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A724744F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:426796C0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:3F2F06F2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:943E8182
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5D2892D9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CA0CE093
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:AA60673F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:BE40C8A2
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3B5038B1
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:114BD271
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:101708D3
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:CC2686CD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:3C5ABDC7
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8401B6D5
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:F036C20D
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:581B0446
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:957E9765
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:7A0EFE63
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:96CC3FEF
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:AF54CFFD
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:8160BC44
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:24FECE50
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:EA34E08F
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:ED810E46
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B894C266

< End of report >

ken545
2010-11-21, 02:26
:bigthumb:

How are things running now ?

jim45682
2010-11-21, 03:07
seems to be running smoothly, think the system is clear and safe?

ken545
2010-11-21, 12:39
Yep, looks good. OTL didn't find the item to remove because Malwarebytes did and removed it.


You can open OTL and click on the cleanup feature and it will remove a lot of the not needed tools we used to clean your system along with there backups.

Malwarebytes is the free version and yours to keep.


How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)





Safe Surfn
Ken

jim45682
2010-11-21, 20:28
Ok thanks for your help Ken

ken545
2010-11-21, 21:22
Your very welcome

Ken :)

ken545
2010-11-26, 15:16
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.