Unable to launch any exe

[shankar]

Hi ,

I feel that my computer has been infected. I am not sure how it entered and I guess it might be through some of the torrent downloads which I made. I have removed the P2P application now. Whenever i try to launch any exe (even taskmanager) i get a error message saying that "The exe is infected. Do you want to launch antivirus software now. Yes ? No? " Also I get a System tray balloon which says that my computer is at risk and I need to run antivirus scan. This is not the usual windows security alert (from Microsoft) but it has been designed to look as similar to windows security alert. The only way I could run DDS was to kill this process jfksvaushdw.exe. I launch Taskmanager immediately after logging in my system and I kill this process. Then I dont get that alert. I have posted the DDS.txt log here but this was run only after killing the jfksvaushdw.exe process thru taskmanager. Please advise.
___________________________________________________________

DDS (Ver_10-03-17.01) - NTFSX64
Run by Owner at 4:44:46.96 on Tue 08/24/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4057.2396 [GMT 5.5:30]

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d14bcbef\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d14bcbef\AESTSr64.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~2\AVG\AVG8\avgrsa.exe
C:\PROGRA~2\AVG\AVG8\avgnsa.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\PROGRA~2\AVG\AVG8\avgemc.exe
C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\Owner\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uWindow Title = Internet Explorer by Shankar
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4090115
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4090115
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: Search USA Toolbar: {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - c:\program files (x86)\search_usa\tbSear.dll
mURLSearchHooks: Search USA Toolbar: {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - c:\program files (x86)\search_usa\tbSear.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg8\toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: MRI_DISABLED - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files (x86)\flashget\jccatch.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg8\avgssie.dll
BHO: Search USA Toolbar: {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - c:\program files (x86)\search_usa\tbSear.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files (x86)\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files (x86)\flashget\getflash.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files (x86)\avg\avg8\toolbar\IEToolbar.dll
TB: Search USA Toolbar: {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - c:\program files (x86)\search_usa\tbSear.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [googletalk] c:\users\owner\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [newreleaseversion70700.exe] c:\users\owner\appdata\roaming\ab7b4b82bb5928e695df8135fc0dfbc0\newreleaseversion70700.exe
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
uRun: [oyqvdjwe] c:\users\owner\appdata\roaming\jweokhpct\jfksvaushdw.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [AVG8_TRAY] c:\progra~2\avg\avg8\avgtray.exe
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\antima~1.lnk - c:\users\owner\appdata\roaming\ab7b4b82bb5928e695df8135fc0dfbc0\newreleaseversion70700.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files (x86)\magicdisc\MagicDisc.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\mri_di~1\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files (x86)\mcafee security scan\1.0.150\SSScheduler.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - c:\program files (x86)\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files (x86)\flashget\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files (x86)\fiddler2\Fiddler.exe"
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files (x86)\flashget\FlashGet.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
Trusted Zone: tcs.com\inchnm02
Trusted Zone: ultimatix.net\icalms
Trusted Zone: ultimatix.net\knowmax
Trusted Zone: ultimatix.net\www
Trusted Zone: ultimatix.net\www.ultimatix.net
Trusted Zone: ultimatix.org\apps
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://inchnm02.tcs.com/dwa8W.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files (x86)\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg8\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg64.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {48405D3D-2674-4CD8-B1EF-9A719443BD3F} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [Apoint] c:\program files\delltpad\Apoint.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"
mRun-x64: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
AppInit_DLLs-X64: avgrssta.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\vgwb14vb.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\owner\appdata\local\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-1-15 55856]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2009-4-15 427016]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2009-4-15 33416]
R1 AvgTdiA;AVG Free8 Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2009-4-15 133640]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2010-1-5 270272]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [2010-1-5 80320]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2008-10-3 192528]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_d14bcbef\AESTSr64.exe [2009-1-15 86016]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~2\avg\avg8\avgemc.exe [2009-6-25 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~2\avg\avg8\avgwdsvc.exe [2009-6-25 297752]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-8-7 1153368]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-10-3 42000]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2008-10-3 277008]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-1-15 168864]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-1-15 307456]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2009-1-15 392192]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]
S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2009-9-15 587696]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-9-15 854280]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-7-9 48640]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-12-5 89920]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-08-22 22:19:52 0 d-----w- c:\users\owner\appdata\roaming\jweokhpct
2010-08-22 20:54:54 0 d-----w- c:\windows\syswow64\Adobe
2010-08-10 21:31:53 0 d-sh--w- c:\windows\syswow64\%APPDATA%
2010-08-10 21:17:08 1426816 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-10 21:17:04 453120 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-10 21:17:02 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-07 08:34:54 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-07 08:34:53 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-08-04 18:58:27 0 d-----w- c:\users\owner\appdata\roaming\AB7B4B82BB5928E695DF8135FC0DFBC0
2010-08-02 18:46:33 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-08-01 09:53:52 0 d-----w- c:\program files\DivX
2010-08-01 09:52:56 0 d-----w- c:\program files (x86)\common files\DivX Shared
2010-08-01 09:48:11 0 d-----w- c:\program files (x86)\DivX
2010-08-01 09:47:14 0 d-----w- c:\programdata\DivX
2010-07-31 18:16:10 294912 ----a-w- c:\windows\system32\browserchoice.exe

==================== Find3M ====================

2010-06-26 06:30:12 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:25:54 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:25:54 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:05:49 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-26 06:05:41 1210368 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-26 06:04:40 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-06-26 06:03:22 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-26 06:03:04 5951488 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-26 06:03:02 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-06-26 06:03:02 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-26 06:02:31 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-06-26 06:02:15 1986560 ----a-w- c:\windows\syswow64\iertutil.dll
2010-06-26 06:02:15 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-06-26 06:02:14 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-06-26 06:02:14 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-26 06:02:14 11077120 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-26 06:02:09 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-26 04:47:47 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-26 04:25:02 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-06-26 04:24:51 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-06-26 04:24:17 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-21 14:05:22 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:48:21 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 17:31:29 36864 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-15 12:57:00 382256 ----a-w- c:\windows\system32\HMIPCore64.dll
2010-06-15 12:57:00 282928 ----a-w- c:\windows\syswow64\HMIPCore.dll
2010-06-11 16:39:28 343040 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:38:10 1869824 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 16:16:20 274944 ----a-w- c:\windows\syswow64\schannel.dll
2010-06-11 16:15:06 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2010-06-08 18:00:36 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\syswow64\GPhotos.scr
2010-05-27 20:08:17 81920 ----a-w- c:\windows\syswow64\iccvid.dll
2010-05-26 17:23:46 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-26 15:10:41 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2010-04-01 02:45:21 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-01 02:45:21 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-01 02:45:20 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-01 02:45:20 143360 ----a-w- c:\windows\inf\infstrng.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-01-15 04:43:00 75 --sh--r- c:\windows\CT4CET.bin
2009-10-26 02:21:38 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-17 14:51:11 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-10-17 14:51:11 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-10-17 14:51:11 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-01-15 05:33:15 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 4:48:24.47 ===============

[Blade81]

Hi,

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Copy-paste following contents into custom scan -area:
  netsvcs
  drivers32
  %SYSTEMDRIVE%\*.*
  %systemroot%\Fonts\*.com
  %systemroot%\Fonts\*.dll
  %systemroot%\Fonts\*.ini
  %systemroot%\Fonts\*.ini2
  %systemroot%\Fonts\*.exe
  %systemroot%\system32\spool\prtprocs\w32x86\*.*
  %systemroot%\REPAIR\*.bak1
  %systemroot%\REPAIR\*.ini
  %systemroot%\system32\*.jpg
  %systemroot%\*.jpg
  %systemroot%\*.png
  %systemroot%\*.scr
  %systemroot%\*._sy
  %APPDATA%\Adobe\Update\*.*
  %ALLUSERSPROFILE%\Favorites\*.*
  %APPDATA%\Microsoft\*.*
  %PROGRAMFILES%\*.*
  %APPDATA%\Update\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\System32\config\*.sav
  %PROGRAMFILES%\bak. /s
  %systemroot%\system32\bak. /s
  %ALLUSERSPROFILE%\Start Menu\*.lnk /x
  %systemroot%\system32\config\systemprofile\*.dat /x
  %systemroot%\*.config
  %systemroot%\system32\*.db
  %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
  %USERPROFILE%\Desktop\*.exe
  %PROGRAMFILES%\Common Files\*.*
  %systemroot%\*.src
  %systemroot%\install\*.*
  %systemroot%\system32\DLL\*.*
  %systemroot%\system32\HelpFiles\*.*
  %systemroot%\system32\rundll\*.*
  %systemroot%\winn32\*.*
  %systemroot%\Java\*.*
  %systemroot%\system32\test\*.*
  %systemroot%\system32\Rundll32\*.*
  %systemroot%\AppPatch\Custom\*.*
  %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
  %PROGRAMFILES%\PC-Doctor\Downloads\*.*
  %PROGRAMFILES%\Internet Explorer\*.tmp
  %PROGRAMFILES%\Internet Explorer\*.dat
  %USERPROFILE%\My Documents\*.exe
  %USERPROFILE%\*.exe
  %systemroot%\ADDINS\*.*
  %systemroot%\assembly\*.bak2
  %systemroot%\Config\*.*
  %systemroot%\REPAIR\*.bak2
  %systemroot%\SECURITY\Database\*.sdb /x
  %systemroot%\SYSTEM\*.bak2
  %systemroot%\Web\*.bak2
  %systemroot%\Driver Cache\*.*
  %PROGRAMFILES%\Mozilla Firefox\0*.exe
  %ProgramFiles%\Microsoft Common\*.*
  %ProgramFiles%\TinyProxy.
  %USERPROFILE%\Favorites\*.url /x
  %systemroot%\System32\Wbem\*.*
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log in your reply.

[shankar]

Below is the OTL.txt file. Just to keep you informed: I have Unchecked the startup program 'Antimalware doctor' and I dont get the 'exe is infected' message. I havent removed it , but just unchecked it from startup.
-----------------------------
OTL logfile created on: 8/29/2010 1:45:29 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop\malware removal
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.29 Gb Total Space | 179.16 Gb Free Space | 62.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 9.77 Gb Total Space | 3.10 Gb Free Space | 31.78% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 946.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\malware removal\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Owner\Desktop\malware removal\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_d14bcbef\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_d14bcbef\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (yksvc) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (avg8emc) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys (Trend Micro Inc.)
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\DRIVERS\tmwfp.sys (Trend Micro Inc.)
DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\DRIVERS\tmlwf.sys (Trend Micro Inc.)
DRV:64bit: - (Ext2fs) -- C:\Windows\SysNative\DRIVERS\ext2fs.sys (Stephan Schreiber)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (OA009Vid) -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (OA009Ufd) -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (IfsMount) -- C:\Windows\SysNative\DRIVERS\ifsmount.sys (Stephan Schreiber)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4090115
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4090115
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4090115
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.4
FF - prefs.js..extensions.enabledItems: TFToolbarX@torrent-finder:1.2.5
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: firecookie@janodvarko.cz:1.0.2
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2010/06/13 22:24:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/01 21:03:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/22 18:41:21 | 000,000,000 | ---D | M]

[2009/08/26 06:48:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2009/04/23 11:19:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\eclipse\extensions
[2010/07/08 21:29:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\srkqybg8.Addon-Dev\extensions
[2010/04/20 23:35:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\srkqybg8.Addon-Dev\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/28 03:04:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions
[2009/08/26 07:07:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/30 21:06:32 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/11/29 22:03:00 | 000,000,000 | ---D | M] (ShowIP) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2010/01/23 22:57:38 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/06/13 22:35:46 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010/06/13 21:49:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\firebug@software.joehewitt.com
[2010/06/13 22:14:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\firecookie@janodvarko.cz
[2009/12/05 22:06:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\personas@christopher.beard
[2009/11/21 21:42:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\TFToolbarX@torrent-finder
[2010/04/20 07:59:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/08/07 14:25:24 | 000,415,906 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14358 more lines...
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search USA Toolbar) - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Search USA Toolbar) - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search USA Toolbar) - {48405D3D-2674-4CD8-B1EF-9A719443BD3F} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [googletalk] C:\Users\Owner\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2009/02/09 03:51:31 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: tcs.com ([inchnm02] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([icalms] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([knowmax] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([www.ultimatix.net] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.org ([apps] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://inchnm02.tcs.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/28 11:14:05 | 000,000,175 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell - "" = AutoRun
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell\AutoRun\command - "" = H:\setup.exe -- [2006/10/28 12:00:48 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell\configure\command - "" = H:\setup.exe -- [2006/10/28 12:00:48 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell\install\command - "" = H:\setup.exe -- [2006/10/28 12:00:48 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{b2611ab1-d674-11de-80ca-0023ae13f647}\Shell - "" = AutoRun
O33 - MountPoints2\{b2611ab1-d674-11de-80ca-0023ae13f647}\Shell\AutoRun\command - "" = D:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[shankar]

**Continuation of the OTL.txt file**

========== Files/Folders - Created Within 30 Days ==========

[2010/08/29 01:31:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\malware removal
[2010/08/24 07:07:36 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/08/24 04:50:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Log files
[2010/08/24 04:37:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/24 04:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/08/23 03:49:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\jweokhpct
[2010/08/23 03:49:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\jweokhpct
[2010/08/23 02:24:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/08/11 03:01:53 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/08/11 02:46:56 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/11 02:46:39 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 02:46:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 02:46:36 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/11 02:46:18 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/11 02:46:14 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/08/11 02:46:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/08/11 02:46:13 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 02:46:13 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/08/11 02:46:13 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/11 02:46:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/08/11 02:46:13 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/08/11 02:46:12 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/11 02:46:12 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/08/11 02:46:12 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/08/11 02:46:12 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/11 02:46:12 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/11 02:46:12 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/08/11 02:46:12 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/08/11 02:46:11 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/11 02:46:11 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/08/11 02:46:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/08/11 02:46:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/08/11 02:46:11 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/11 02:46:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/08/11 02:46:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/11 02:46:11 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/07 14:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/08/07 14:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/08/05 00:28:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AB7B4B82BB5928E695DF8135FC0DFBC0
[2010/08/01 15:24:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DivX
[2010/08/01 15:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/08/01 15:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010/08/01 15:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010/08/01 15:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/07/31 23:46:10 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/29 01:45:32 | 009,175,040 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT
[2010/08/29 01:34:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4275679545-3703437013-2739024288-1000UA.job
[2010/08/29 00:14:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/29 00:14:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/29 00:14:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/29 00:14:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/29 00:14:01 | 4255,502,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/28 19:33:52 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/08/28 19:33:52 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/08/28 18:22:41 | 064,032,736 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/08/27 06:12:22 | 003,764,518 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/08/24 06:20:05 | 000,000,756 | ---- | M] () -- C:\Windows\tasks\Install.job
[2010/08/24 04:26:26 | 000,000,746 | ---- | M] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/08/23 10:34:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4275679545-3703437013-2739024288-1000Core.job
[2010/08/23 02:25:40 | 000,001,848 | ---- | M] () -- C:\Users\Owner\Desktop\Install.lnk
[2010/08/22 18:41:21 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/20 23:44:30 | 000,036,352 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/12 01:41:48 | 000,387,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/09 02:19:59 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/08/07 14:25:24 | 000,415,906 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/08/07 14:05:08 | 000,001,123 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/07 14:05:08 | 000,001,099 | ---- | M] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/08/06 00:58:14 | 000,000,957 | ---- | M] () -- C:\Users\Owner\Desktop\mailto.html
[2010/08/05 00:29:29 | 000,001,141 | ---- | M] () -- C:\Users\Owner\Desktop\Antimalware Doctor.lnk
[2010/08/05 00:29:29 | 000,001,121 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/08/02 04:04:02 | 000,000,831 | ---- | M] () -- C:\Users\Owner\Desktop\1mailto.html
[2010/08/02 03:33:24 | 000,000,970 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/08/01 15:25:32 | 000,001,420 | ---- | M] () -- C:\Users\Owner\Desktop\DivX Movies.lnk
[2010/08/01 15:24:37 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/08/01 15:23:37 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/07/31 22:31:39 | 000,788,990 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/31 22:31:39 | 000,665,138 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/31 22:31:39 | 000,127,696 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/24 04:26:26 | 000,000,746 | ---- | C] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/08/24 03:14:26 | 4255,502,336 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/23 02:25:40 | 000,001,848 | ---- | C] () -- C:\Users\Owner\Desktop\Install.lnk
[2010/08/23 02:25:40 | 000,000,756 | ---- | C] () -- C:\Windows\tasks\Install.job
[2010/08/07 14:05:08 | 000,001,123 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/07 14:05:08 | 000,001,099 | ---- | C] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/08/05 00:29:29 | 000,001,141 | ---- | C] () -- C:\Users\Owner\Desktop\Antimalware Doctor.lnk
[2010/08/05 00:29:29 | 000,001,121 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/08/02 04:04:01 | 000,000,831 | ---- | C] () -- C:\Users\Owner\Desktop\1mailto.html
[2010/08/02 03:42:43 | 000,000,957 | ---- | C] () -- C:\Users\Owner\Desktop\mailto.html
[2010/08/02 03:33:24 | 000,000,970 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/08/01 15:25:32 | 000,001,420 | ---- | C] () -- C:\Users\Owner\Desktop\DivX Movies.lnk
[2010/08/01 15:24:37 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/08/01 15:23:37 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/01/05 22:20:16 | 000,285,936 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_RefInt_x64_MSI50DD.txt
[2010/01/05 22:20:03 | 000,547,432 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI50B3.txt
[2010/01/05 22:19:53 | 000,442,486 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI5092.txt
[2010/01/05 22:19:23 | 005,361,572 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_Build_x64_MSI5030.txt
[2010/01/05 22:19:14 | 000,654,946 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_Tools_x64_MSI5012.txt
[2010/01/05 22:18:34 | 002,507,814 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_CrystalReports2007_x64_MSI4F90.txt
[2010/01/05 22:17:04 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/05 22:15:56 | 004,641,116 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_CrystalReports2007_MSI4D8C.txt
[2010/01/05 22:15:49 | 000,407,610 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_RDBG_AMD64_MSI4D75.txt
[2010/01/05 22:15:42 | 000,300,512 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_64bitEmulator_MSI4D5E.txt
[2010/01/05 22:15:07 | 005,158,754 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WMSP_5_0_MSI4CEC.txt
[2010/01/05 22:14:16 | 007,065,284 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WMPPC_5_0_MSI4C45.txt
[2010/01/05 22:14:02 | 000,733,202 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SSCEDeviceRuntime_MSI4C18.txt
[2010/01/05 22:13:57 | 000,331,134 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SQLCEToolsForVS2007_MSI4C07.txt
[2010/01/05 22:13:47 | 000,358,526 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SSCERuntime_MSI4BE7.txt
[2010/01/05 22:12:50 | 000,876,402 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_VSTOR_MSI4B2D.txt
[2010/01/05 22:12:27 | 001,050,246 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_NETCFSetupv35_MSI4AE1.txt
[2010/01/05 22:12:13 | 001,015,892 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_NETCFSetupv2_MSI4AB4.txt
[2010/01/05 21:55:20 | 052,625,164 | ---- | C] () -- C:\Users\Owner\AppData\Local\VSMsiLog3DC8.txt
[2010/01/05 21:54:21 | 002,729,938 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_Dexplorer90_retMSI3D07.txt
[2010/01/05 21:54:13 | 000,355,634 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_PreReq_AMD64_MSI3CED.txt
[2010/01/05 21:54:00 | 000,866,344 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_VC_MinRed_MSI3CC2.txt
[2010/01/05 21:52:10 | 000,190,057 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2010/01/05 21:51:57 | 000,555,296 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_install_vs_procore_90.txt
[2010/01/05 21:51:57 | 000,000,002 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_error_vs_procore_90.txt
[2009/12/05 14:04:20 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/05 14:02:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/12/01 17:06:46 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2009/10/20 23:49:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/09/15 07:57:57 | 000,798,338 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/15 07:14:30 | 000,337,390 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SharedManagementObjects_MSI6CB9.txt
[2009/09/15 07:14:26 | 000,172,150 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SQLSysClrTypes_msi6CAC.txt
[2009/09/15 07:08:32 | 012,106,176 | ---- | C] () -- C:\Users\Owner\AppData\Local\VSMsiLog6828.txt
[2009/09/15 07:06:00 | 000,149,402 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_VWDTools_x64_MSI6634.txt
[2009/09/15 07:05:41 | 001,200,834 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_ExpRemoteDbg_x64_MSI65F9.txt
[2009/09/15 07:05:08 | 000,421,060 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_VC_Red_MSI658E.txt
[2009/09/12 21:22:32 | 000,222,380 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheck_VNS_EXP_90.txt
[2009/09/12 21:22:23 | 000,628,456 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_install_vns_xcor_90.txt
[2009/09/12 21:22:23 | 000,023,878 | ---- | C] () -- C:\Users\Owner\AppData\Local\uxeventlog.txt
[2009/09/12 21:22:23 | 000,000,002 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_error_vns_xcor_90.txt
[2009/08/20 06:05:48 | 000,024,226 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2009/08/05 09:32:30 | 000,008,248 | ---- | C] () -- C:\Users\Owner\AppData\Local\en.ini
[2009/08/05 09:32:29 | 000,476,672 | ---- | C] () -- C:\Users\Owner\AppData\Local\7za.exe
[2009/08/05 09:32:29 | 000,006,747 | ---- | C] () -- C:\Users\Owner\AppData\Local\doc_viewer_HTML_EN.zip
[2009/07/08 09:33:19 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/04/23 18:14:07 | 000,000,438 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/04/19 07:47:54 | 000,036,352 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/15 10:24:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/10/04 04:37:10 | 003,754,896 | ---- | C] () -- C:\Windows\SysWow64\erdmpg-6.dll
[2008/09/28 23:03:01 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\Manipulate.dll
[2008/08/28 16:50:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\comLyricGetter.dll
[2008/08/28 16:47:22 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\Uncommon.dll
[2008/08/28 16:47:20 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\NormalizeDSP.dll
[2008/01/21 08:20:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/07 01:00:38 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 12:06:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/06/24 15:52:20 | 000,546,872 | ---- | M] (Microsoft Corporation) -- C:\bootmgr.efi
[2009/01/15 11:37:16 | 000,003,295 | RH-- | M] () -- C:\dell.sdr
[2010/08/29 00:14:01 | 4255,502,336 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 11:07:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/08/29 00:13:59 | 274,145,279 | -HS- | M] () -- C:\pagefile.sys
[2009/02/09 03:51:49 | 000,000,000 | ---- | M] () -- C:\Updates.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 20:36:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 20:36:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 20:36:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/03/30 06:57:51 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/19 03:05:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/10/02 09:38:17 | 000,225,280 | ---- | M] (TODO: <Company name>) -- C:\Users\Owner\AppData\Roaming\Microsoft\AdjMmsVista.dll

< %PROGRAMFILES%\*.* >
[2008/01/21 08:51:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/04/23 21:20:44 | 000,000,286 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2009/05/22 10:26:20 | 001,297,713 | ---- | M] (BSE India Ltd. ) -- C:\Users\Owner\Desktop\bsemktwatch.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/03/30 07:25:11 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/03/30 07:24:41 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/03/30 07:24:41 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/03/30 07:24:41 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/03/30 07:24:41 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2010/03/30 07:24:41 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/02/09 03:25:08 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini
[2010/05/09 20:54:59 | 000,000,232 | ---- | M] () -- C:\Users\Owner\Favorites\NCH Audio and Telephony Software.lnk

< %systemroot%\System32\Wbem\*.* >
[2006/09/19 02:56:19 | 000,001,097 | ---- | M] () -- C:\Windows\SysWOW64\wbem\aaclient.mof
[2008/01/21 08:20:36 | 000,004,352 | ---- | M] () -- C:\Windows\SysWOW64\wbem\audiocore.mof
[2006/09/19 03:05:02 | 000,001,092 | ---- | M] () -- C:\Windows\SysWOW64\wbem\authfwcfg.mof
[2008/01/21 08:19:33 | 000,003,007 | ---- | M] () -- C:\Windows\SysWOW64\wbem\auxiliarydisplayapi.mof
[2006/11/02 20:34:41 | 000,002,995 | ---- | M] () -- C:\Windows\SysWOW64\wbem\auxiliarydisplaycpl.mof
[2006/11/02 11:57:38 | 000,029,290 | ---- | M] () -- C:\Windows\SysWOW64\wbem\cli.mof
[2006/11/02 11:57:38 | 002,815,350 | ---- | M] () -- C:\Windows\SysWOW64\wbem\cliegaliases.mof
[2006/09/19 03:12:48 | 000,001,239 | ---- | M] () -- C:\Windows\SysWOW64\wbem\dimsjob.mof
[2006/09/19 03:12:50 | 000,001,284 | ---- | M] () -- C:\Windows\SysWOW64\wbem\dimsroam.mof
[2008/01/21 08:19:19 | 000,006,072 | ---- | M] () -- C:\Windows\SysWOW64\wbem\dot3.mof
[2006/09/19 03:15:56 | 000,003,685 | ---- | M] () -- C:\Windows\SysWOW64\wbem\drvinst.mof
[2006/09/19 03:10:27 | 000,001,300 | ---- | M] () -- C:\Windows\SysWOW64\wbem\eaimeapi.mof
[2009/04/11 11:58:19 | 000,265,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\esscli.dll
[2009/04/11 11:58:19 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\fastprox.dll
[2006/09/19 03:16:01 | 000,000,656 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fdSSDP.mof
[2008/01/21 08:17:52 | 000,000,705 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fdwcn.mof
[2006/09/19 03:08:53 | 000,000,716 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fdWNet.mof
[2006/09/19 03:16:02 | 000,000,656 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fdWSD.mof
[2006/09/19 03:05:44 | 000,001,100 | ---- | M] () -- C:\Windows\SysWOW64\wbem\Firewall.mof
[2006/09/19 03:06:01 | 000,001,913 | ---- | M] () -- C:\Windows\SysWOW64\wbem\firewallapi.mof
[2006/09/19 03:08:51 | 000,000,702 | ---- | M] () -- C:\Windows\SysWOW64\wbem\FunDisc.mof
[2006/09/19 03:05:54 | 000,001,081 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fwcfg.mof
[2008/01/21 08:19:19 | 000,240,536 | ---- | M] () -- C:\Windows\SysWOW64\wbem\hbaapi.mof
[2009/02/19 00:08:41 | 000,032,198 | ---- | M] () -- C:\Windows\SysWOW64\wbem\IMAPIv2-Base.mof
[2006/09/19 03:01:55 | 000,002,073 | ---- | M] () -- C:\Windows\SysWOW64\wbem\IMAPIv2-FileSystemSupport.mof
[2006/09/19 03:01:55 | 000,000,759 | ---- | M] () -- C:\Windows\SysWOW64\wbem\IMAPIv2-LegacyShim.mof
[2006/11/02 20:32:34 | 000,002,263 | ---- | M] () -- C:\Windows\SysWOW64\wbem\InkObj.mof
[2006/09/19 03:05:37 | 000,001,278 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ipsecsvc.mof
[2006/11/02 12:05:19 | 000,019,872 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsidsc.mof
[2006/11/02 12:05:18 | 000,111,599 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsihba.mof
[2006/11/02 12:05:20 | 000,046,042 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsiprf.mof
[2006/11/02 12:05:21 | 000,004,503 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsirem.mof
[2006/11/02 20:32:33 | 000,002,287 | ---- | M] () -- C:\Windows\SysWOW64\wbem\journal.mof
[2006/09/19 03:09:25 | 000,008,758 | ---- | M] () -- C:\Windows\SysWOW64\wbem\kerberos.mof
[2006/09/19 03:02:48 | 000,001,367 | ---- | M] () -- C:\Windows\SysWOW64\wbem\l2gpstore.mof
[2008/01/21 08:19:35 | 000,002,334 | ---- | M] () -- C:\Windows\SysWOW64\wbem\L2SecHC.mof
[2008/01/21 08:19:02 | 000,013,780 | ---- | M] () -- C:\Windows\SysWOW64\wbem\lsasrv.mof
[2006/09/19 02:56:23 | 000,000,698 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mmc.mof
[2008/01/21 08:18:12 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\mofcomp.exe
[2009/04/11 11:58:20 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\mofd.dll
[2006/09/19 03:05:23 | 000,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof
[2006/09/19 03:05:54 | 000,001,900 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpssvc.mof
[2006/09/19 03:08:01 | 000,001,876 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msfeeds.mof
[2006/09/19 03:08:01 | 000,001,938 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msfeedsbs.mof
[2006/09/19 03:01:59 | 000,004,599 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msiscsi.mof
[2006/09/19 02:58:06 | 000,001,110 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mstsc.mof
[2006/09/19 02:57:27 | 000,001,967 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mstscax.mof
[2006/09/19 03:09:39 | 000,007,721 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msv1_0.mof
[2006/11/02 20:34:30 | 000,001,710 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mswmdm.mof
[2006/09/19 03:06:02 | 000,001,259 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nci.mof
[2006/09/19 02:58:21 | 000,001,131 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ncsi.mof
[2006/09/19 03:06:03 | 000,001,306 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ndishc.mof
[2006/09/19 03:08:14 | 000,001,117 | ---- | M] () -- C:\Windows\SysWOW64\wbem\netprofm.mof
[2006/09/19 02:59:57 | 000,000,683 | ---- | M] () -- C:\Windows\SysWOW64\wbem\networkitemfactory.mof
[2006/09/19 03:00:03 | 000,000,631 | ---- | M] () -- C:\Windows\SysWOW64\wbem\networkmap.mof
[2006/09/19 03:15:56 | 000,003,681 | ---- | M] () -- C:\Windows\SysWOW64\wbem\newdev.mof
[2006/09/19 03:08:28 | 000,003,914 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nlasvc.mof
[2008/01/21 08:18:28 | 000,002,873 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nlsvc.mof
[2006/09/19 03:05:29 | 000,001,266 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nshipsec.mof
[2008/01/21 08:18:10 | 000,002,952 | ---- | M] () -- C:\Windows\SysWOW64\wbem\onex.mof
[2006/11/02 20:33:53 | 000,001,836 | ---- | M] () -- C:\Windows\SysWOW64\wbem\p2p-collab.mof
[2006/11/02 20:33:54 | 000,002,380 | ---- | M] () -- C:\Windows\SysWOW64\wbem\p2p-mesh.mof
[2006/11/02 20:33:54 | 000,002,297 | ---- | M] () -- C:\Windows\SysWOW64\wbem\p2p-pnrp.mof
[2006/09/19 03:15:56 | 000,001,060 | ---- | M] () -- C:\Windows\SysWOW64\wbem\pnpsetup.mof
[2006/09/19 03:05:35 | 000,001,275 | ---- | M] () -- C:\Windows\SysWOW64\wbem\polstore.mof
[2009/06/09 01:52:20 | 000,005,105 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledeviceapi.mof
[2009/06/09 01:52:20 | 000,003,202 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledeviceclassextension.mof
[2009/06/09 01:52:20 | 000,001,777 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledeviceconnectapi.mof
[2009/06/09 01:52:21 | 000,003,490 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledevicetypes.mof
[2006/11/02 20:34:31 | 000,001,760 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledevicewiacompat.mof
[2006/11/02 20:34:31 | 000,003,092 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledevicewmdrm.mof
[2006/09/19 03:04:46 | 000,002,302 | ---- | M] () -- C:\Windows\SysWOW64\wbem\qmgr.mof
[2006/09/19 03:09:30 | 000,000,623 | ---- | M] () -- C:\Windows\SysWOW64\wbem\rawxml.xsl
[2006/09/19 03:00:56 | 000,001,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\rdpencom.mof
[2006/11/02 12:45:20 | 000,111,686 | ---- | M] () -- C:\Windows\SysWOW64\wbem\regevent.mof
[2006/09/19 03:16:10 | 000,001,688 | ---- | M] () -- C:\Windows\SysWOW64\wbem\RestartManager.mof
[2006/09/19 03:16:10 | 000,000,090 | ---- | M] () -- C:\Windows\SysWOW64\wbem\RestartManagerUninstall.mof
[2008/01/21 08:19:48 | 000,061,288 | ---- | M] () -- C:\Windows\SysWOW64\wbem\samsrv.mof
[2006/09/19 03:11:58 | 000,001,241 | ---- | M] () -- C:\Windows\SysWOW64\wbem\sapi.mof
[2006/09/19 03:11:24 | 000,004,357 | ---- | M] () -- C:\Windows\SysWOW64\wbem\scersop.mof
[2006/09/19 03:09:53 | 000,001,064 | ---- | M] () -- C:\Windows\SysWOW64\wbem\schannel.mof
[2006/09/19 03:07:09 | 000,002,250 | ---- | M] () -- C:\Windows\SysWOW64\wbem\SchedSvc.mof
[2010/06/12 18:09:44 | 000,084,985 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ServiceModel.mof
[2006/11/02 20:36:41 | 000,000,896 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ServiceModel.mof.uninstall
[2006/09/19 03:16:11 | 000,002,866 | ---- | M] () -- C:\Windows\SysWOW64\wbem\services.mof
[2006/09/19 03:15:57 | 000,003,689 | ---- | M] () -- C:\Windows\SysWOW64\wbem\setupapi.mof
[2006/11/02 20:31:40 | 000,016,973 | ---- | M] () -- C:\Windows\SysWOW64\wbem\speechux.mof
[2006/11/02 20:31:40 | 000,001,229 | ---- | M] () -- C:\Windows\SysWOW64\wbem\sptip.mof
[2006/09/19 03:12:35 | 000,002,583 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ssdpsrv.mof
[2008/01/21 08:20:29 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\stdprov.dll
[2006/09/19 03:07:10 | 000,002,254 | ---- | M] () -- C:\Windows\SysWOW64\wbem\TaskEng.mof
[2006/09/19 03:06:40 | 000,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof
[2006/09/19 03:09:30 | 000,006,000 | ---- | M] () -- C:\Windows\SysWOW64\wbem\texttable.xsl
[2006/09/19 03:09:30 | 000,002,766 | ---- | M] () -- C:\Windows\SysWOW64\wbem\textvaluelist.xsl
[2006/09/19 03:09:20 | 000,000,964 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tspkg.mof
[2006/09/19 03:16:00 | 000,003,692 | ---- | M] () -- C:\Windows\SysWOW64\wbem\umpnpmgr.mof
[2006/11/02 12:05:15 | 000,060,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof
[2008/01/21 08:18:08 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\vdswmi.dll
[2008/01/21 08:19:23 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\viewprov.dll
[2006/11/02 12:05:15 | 000,055,846 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof
[2008/01/21 08:18:57 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\vsswmi.dll
[2008/01/21 08:20:05 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemcntl.dll
[2008/01/21 08:21:04 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemdisp.dll
[2006/11/02 12:44:20 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemdisp.tlb
[2009/04/11 11:58:25 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemprox.dll
[2009/04/11 11:58:25 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemsvc.dll
[2006/11/02 20:31:42 | 000,003,980 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wcncsvc.mof
[2006/11/02 20:31:39 | 000,001,007 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wcnwiz.mof
[2009/02/19 00:08:37 | 000,001,009 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wcnwiz2.mof
[2006/09/19 03:09:24 | 000,001,103 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wdigest.mof
[2006/09/19 03:06:01 | 000,001,083 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WFAPIGP.mof
[2008/01/21 08:18:18 | 000,000,814 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WFP.MOF
[2006/11/02 20:32:27 | 000,004,388 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WgxInstalledGame.mof
[2006/11/02 12:33:34 | 000,004,120 | ---- | M] () -- C:\Windows\SysWOW64\wbem\whqlprov.mof
[2006/09/19 03:16:36 | 000,004,003 | ---- | M] () -- C:\Windows\SysWOW64\wbem\Win32_OsBaseline.mof
[2008/01/21 08:20:08 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\Win32_Tpm.dll
[2006/09/19 03:11:56 | 000,001,333 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wininit.mof
[2006/09/19 03:05:37 | 000,001,270 | ---- | M] () -- C:\Windows\SysWOW64\wbem\winipsec.mof
[2006/09/19 03:11:56 | 000,002,794 | ---- | M] () -- C:\Windows\SysWOW64\wbem\winlogon.mof
[2008/01/21 08:20:54 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WinMgmt.exe
[2006/11/02 20:31:42 | 000,001,545 | ---- | M] () -- C:\Windows\SysWOW64\wbem\Winsat.mof
[2006/11/02 20:31:42 | 000,000,487 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WinsatUninstall.mof
[2008/01/21 08:18:00 | 000,012,880 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wlan.mof
[2006/11/02 20:31:42 | 000,001,311 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WLanHC.mof
[2009/04/11 11:58:15 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WMIADAP.exe
[2009/04/11 11:58:25 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiApRpl.dll
[2008/01/21 08:20:34 | 000,625,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WMIC.exe
[2009/04/11 11:58:25 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WMICOOKR.dll
[2009/04/11 11:58:25 | 000,129,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiDcPrv.dll
[2008/01/21 08:20:13 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPerfClass.dll
[2009/02/19 00:09:43 | 000,001,156 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WmiPerfClass.mof
[2009/04/11 11:58:25 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPerfInst.dll
[2009/02/19 00:09:44 | 000,000,980 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WmiPerfInst.mof
[2009/04/11 11:58:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
[2009/04/11 11:58:25 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wmiutils.dll
[2006/11/02 20:34:22 | 000,004,887 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wmp.mof
[2006/11/02 20:33:49 | 000,001,368 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpc.mof
[2006/11/02 20:33:49 | 000,021,677 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpcsprov.mof
[2006/11/02 20:33:49 | 000,000,470 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpcuninst.mof
[2009/06/09 01:52:22 | 000,002,759 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdbusenum.mof
[2006/11/02 20:34:31 | 000,002,737 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdfs.mof
[2009/06/09 01:13:37 | 000,003,011 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdmtp.mof
[2006/11/02 20:34:31 | 000,003,184 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdshext.mof
[2006/11/02 20:34:31 | 000,003,063 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WPDShServiceObj.mof
[2006/11/02 20:34:31 | 000,002,987 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdsp.mof
[2006/11/02 20:34:31 | 000,003,740 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdwcn.mof
[2009/02/19 00:08:38 | 000,000,334 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WscEapPr.mof
[2008/01/21 08:17:51 | 000,003,332 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wscenter.mof
[2006/09/19 03:11:39 | 000,001,072 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wscmisetup.mof
[2006/09/19 03:17:40 | 000,002,348 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WSDApi.mof
[2006/09/19 03:10:05 | 000,004,430 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WsmAuto.mof
[2008/01/21 08:17:35 | 000,000,723 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wzcdlg.mof
[2006/09/19 03:09:31 | 000,002,866 | ---- | M] () -- C:\Windows\SysWOW64\wbem\xsl-mappings.xml
[2006/09/19 03:13:11 | 000,001,050 | ---- | M] () -- C:\Windows\SysWOW64\wbem\xwizards.mof

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5
< End of report >

[shankar]

OTL Extras logfile created on: 8/29/2010 1:45:29 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop\malware removal
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.29 Gb Total Space | 179.16 Gb Free Space | 62.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 9.77 Gb Total Space | 3.10 Gb Free Space | 31.78% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 946.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 47 41 EC EF AB CF CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BEEEB1F-554F-4024-BF64-D37EB55B9EFD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1F3DCCA0-CDF2-4948-A747-0A7E686C288B}" = rport=139 | protocol=6 | dir=out | app=system |
"{20D9941D-A3BE-42F6-8342-6E834D01099C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{22B3EA8A-F919-4C8A-9E2F-9335A9264505}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{37D9D8DF-ECFF-491B-A1BB-CC61C2183369}" = lport=138 | protocol=17 | dir=in | app=system |
"{4214EC03-9469-4D0F-815A-EC9B6D3ADCA0}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4B738CCD-E4BB-4EA4-A757-52EF6A15A288}" = rport=138 | protocol=17 | dir=out | app=system |
"{534080B5-1A02-4BCA-9744-1FFE4A48CB56}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{53775669-74DB-47BC-9FB7-9E4E9E1A966C}" = rport=137 | protocol=17 | dir=out | app=system |
"{55976E49-D0A7-4CCF-988E-883BC229D3CF}" = lport=137 | protocol=17 | dir=in | app=system |
"{836A7F55-9C23-498C-A06F-46C2DD80C81A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CCE74B7A-5846-46B6-9E2B-7E351CB2FE52}" = lport=445 | protocol=6 | dir=in | app=system |
"{D5ACEB9E-9F05-40F1-ADA9-1380E09B455F}" = rport=445 | protocol=6 | dir=out | app=system |
"{D6E37FA7-50C1-4498-BE70-7884757B0AB7}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DEA1346D-BC99-456A-8DBA-7C2CA455582C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E611CA33-DC67-4D90-8EAE-D2B95EEAF452}" = lport=139 | protocol=6 | dir=in | app=system |
"{F03C6233-A7D3-457E-A53E-2135DD9DA9E4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003A8019-D94C-43C9-A4F1-6F6F340439D3}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{0D4CA510-259A-473A-B8E8-651FECBF2687}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{0E3A919C-B260-4918-A5F0-90D98D3AC646}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1279A9B9-9727-4AE2-9C2F-56D242F76016}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{3358730E-F93A-4AD5-8A2D-9C81FBDE3FD1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3C2EAE9E-7F65-42A4-8324-26091ED2DDCF}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{432644BC-E0BD-4F9B-A0A6-F4F461555E90}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{4908DB88-E350-427C-90D2-99DCBAA28D5D}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
"{580D349E-ADF9-48DA-B933-25359FE91B11}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{5C8AB632-FF29-47D0-AB1D-2FCACE6CC146}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{818B7451-5E04-496B-9156-0D3ABADF5C06}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{8280B170-FF4D-47A4-9060-E600B781091B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9DF2DE02-C3CC-40D7-8B42-D8C6A88560CB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A083348C-0324-4EFD-B369-77167C12E476}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{B951FCC4-2E3F-49AA-994E-E1A006BE5937}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{C4EE78F1-518E-47A4-9A50-CF18A231EBA3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CC09D534-C5E8-44F0-AEDB-67B861F1E3F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D06D3C97-B722-434C-BA63-69543EBE8F8B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{D2626BD1-5C5F-43CA-AC8B-023AB5092483}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D341517A-594F-49EA-91F3-B39894EF9B75}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D56C4CA3-93A3-4F2C-A97F-D22044B8377A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E034D09C-00A5-431B-A496-E93DBD4F9520}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{E24A0F13-823A-4B0C-9983-AFDF9A5E26AD}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{FBD11A79-EC83-470B-B2E8-705123D1FB6F}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{01FB05BD-817B-46AA-96B6-14B8D814F942}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"TCP Query User{15F6E696-80D1-4648-A6F8-3432CE26F0CD}C:\users\owner\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{229126AB-F4D0-4E89-978C-B971CC7D6CBD}C:\program files (x86)\ibm\lotus\sametime connect\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200803200905\jre\bin\sametime80w.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ibm\lotus\sametime connect\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200803200905\jre\bin\sametime80w.exe |
"TCP Query User{2FE849BD-5482-42D1-A0E4-7C4F93B9CC63}C:\program files (x86)\ibm\lotus\sametime connect\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200803200905\jre\bin\sametime80w.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ibm\lotus\sametime connect\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200803200905\jre\bin\sametime80w.exe |
"TCP Query User{407726F3-5C5D-4BDF-93FE-5871FC24A6FB}C:\program files (x86)\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget\flashget.exe |
"TCP Query User{6FA83816-745E-4EDE-BC76-F16BF6362046}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{92B5D677-1958-4DA8-BA5E-E5CCB6ED868B}C:\program files (x86)\ipmsg\ipmsg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ipmsg\ipmsg.exe |
"TCP Query User{CF14EF04-202B-4336-98D5-98CA055985A7}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{D29A7B38-4817-4074-92D0-4C1622ED516D}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe |
"TCP Query User{DE3F2A5F-7206-4FE0-82A3-8C0C65A493D7}C:\program files (x86)\ipmsg\ipmsg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ipmsg\ipmsg.exe |
"TCP Query User{ED567F01-7D4E-497D-9F25-C42E5A318E57}C:\program files (x86)\eltima software\swf & flv player\swf_player.exe" = protocol=6 | dir=in | app=c:\program files (x86)\eltima software\swf & flv player\swf_player.exe |
"TCP Query User{F861857C-2F26-455D-AB06-2133C0348EBF}C:\program files (x86)\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget\flashget.exe |
"UDP Query User{082824F5-1F2B-4AB4-B09B-9DF36525E5B2}C:\program files (x86)\eltima software\swf & flv player\swf_player.exe" = protocol=17 | dir=in | app=c:\program files (x86)\eltima software\swf & flv player\swf_player.exe |
"UDP Query User{2DB23915-CA56-42C6-A2F0-4CB3DC8F3278}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"UDP Query User{2F44636E-83A2-4652-8FB9-288BDA2A4B83}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{32136354-B26C-47C9-9DB6-443856B02260}C:\program files (x86)\ibm\lotus\sametime connect\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200803200905\jre\bin\sametime80w.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ibm\lotus\sametime connect\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200803200905\jre\bin\sametime80w.exe |
"UDP Query User{3A61224B-0ECA-4683-83D2-9837936CE191}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{4B73C1BF-268A-4A19-9D46-0AC6BBC0F1EC}C:\program files (x86)\ipmsg\ipmsg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ipmsg\ipmsg.exe |
"UDP Query User{6AAC529A-F43B-4E9C-8527-7995E29E8D2F}C:\users\owner\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{71866373-FED0-416C-98A2-6FACB61E6DE4}C:\program files (x86)\ibm\lotus\sametime connect\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200803200905\jre\bin\sametime80w.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ibm\lotus\sametime connect\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200803200905\jre\bin\sametime80w.exe |
"UDP Query User{B2AE2A7C-576F-4324-AB24-C10079444BD6}C:\program files (x86)\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget\flashget.exe |
"UDP Query User{E4D39CDF-9151-493F-8E4E-53B4FD4A4BCB}C:\program files (x86)\ipmsg\ipmsg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ipmsg\ipmsg.exe |
"UDP Query User{F9D632B4-B396-4B3E-A25F-2701DD6D6C79}C:\program files (x86)\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget\flashget.exe |
"UDP Query User{FB192D8D-00E2-4287-A551-F87130801E6E}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{056E5A6F-BEF6-4094-8724-D45F0F564312}" = Microsoft SQL Server 2008 Setup Support Files
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{3A25872A-0F1C-4989-9435-96C13230F818}" = Apple Mobile Device Support
"{5BFB956C-3AB9-492A-9E91-5D8C87DCC599}" = Paint.NET v3.5.1
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{6F4B9839-F409-4D38-89D6-145321400FED}" = iTunes
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro Internet Security
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B6901D72-1BF0-30FB-B9BC-B6DC1266E0F4}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}" = Microsoft SQL Server 2008 Native Client
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Creative OA009" = Integrated Webcam Driver (1.00.02.0825)
"Ext2Ifs_for_NT6" = Ext2 IFS 1.11a for Windows Vista/2008
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0978A841-2E44-4A85-922B-36D96F0BAE0E}_is1" = 3GP Player 2009
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34DAFDEC-A4B4-488A-A5CD-C91975A6F083}" = MediaRing Talk
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{499FE018-C367-4B1F-A1DE-D6CA7987059A}_is1" = BSE Mkt Watch 1.0.0.8
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{533557D5-E468-4F96-BD95-C81D0A2A8181}" = IBM Lotus Sametime Connect 8.0.1
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AF10D7E4-D29A-45DA-8050-B116097B69B5}" = Safari
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG 8.5
"Blaze Media Pro" = Blaze Media Pro
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Fiddler2" = Fiddler2
"FlashGet" = FlashGet 1.9.6.1073
"FLV Player" = FLV Player 2.0 (build 25)
"IPMSG for Win32" = IP Messenger for Win
"IsoBuster_is1" = IsoBuster 2.6
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"McAfee Security Scan" = McAfee Security Scan
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"ReCycle Demo_is1" = ReCycle Demo 2.1.2
"Search_USA Toolbar" = Search_USA Toolbar
"SWF & FLV Player_is1" = SWF & FLV Player 3.0 (build 3.0.33.5106)
"ToneGen" = NCH Tone Generator
"Virtual MIDI Piano Keyboard" = Virtual MIDI Piano Keyboard
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 0.9.9
"WavePad" = WavePad Sound Editor
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"Wireshark" = Wireshark 1.2.7
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"uTorrent" = µTorrent
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/20/2010 10:05:00 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/21/2010 10:19:15 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/22/2010 10:20:28 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/22/2010 10:40:26 PM | Computer Name = Owner-PC | Source = EventSystem | ID = 4621
Description =

Error - 6/23/2010 2:12:48 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/23/2010 4:02:27 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, time stamp 0x4c05deaa,
faulting module NPSWF32.dll, version 10.0.32.18, time stamp 0x4a613f8d, exception
code 0xc0000005, fault offset 0x00230241, process id 0x984, application start time
0x01cb130e70bc48eb.

Error - 6/23/2010 11:03:42 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/26/2010 1:03:50 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/26/2010 1:04:05 AM | Computer Name = Owner-PC | Source = Google Update | ID = 20
Description =

Error - 6/26/2010 2:04:05 AM | Computer Name = Owner-PC | Source = Google Update | ID = 20
Description =

[ Broadcom Wireless LAN Events ]
Error - 6/9/2010 8:10:55 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 05:40:55, Thu, Jun 10, 10 Error - Unable to decrypt string

Error - 6/20/2010 5:27:47 AM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 14:57:47, Sun, Jun 20, 10 Error - Unable to decrypt string

Error - 7/4/2010 9:50:08 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 07:20:03, Mon, Jul 05, 10 Error - Unable to gain access to user store


Error - 7/6/2010 2:36:59 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 00:06:59, Wed, Jul 07, 10 Error - User "" does not have administrative
privileges on this system

Error - 8/23/2010 3:33:50 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 01:03:50, Tue, Aug 24, 10 Error - Unable to gain access to user store


Error - 8/23/2010 7:08:28 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 04:38:28, Tue, Aug 24, 10 Error - User "" does not have administrative
privileges on this system

Error - 8/23/2010 7:08:28 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 04:38:28, Tue, Aug 24, 10 Error - User "" does not have administrative
privileges on this system

[ System Events ]
Error - 7/10/2009 9:46:41 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 7/10/2009 11:43:50 PM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 7/10/2009 11:44:13 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/10/2009 11:44:13 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/10/2009 11:44:13 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/11/2009 5:25:51 AM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 7/11/2009 5:25:52 AM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00234DCB8ECE has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/11/2009 5:26:13 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/11/2009 5:26:13 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/11/2009 5:26:13 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

[shankar]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1545
Logical Drives Mask: 0x000000b4

Kernel Drivers (total 146):
0x01C5C000 \SystemRoot\system32\ntoskrnl.exe
0x01C16000 \SystemRoot\system32\hal.dll
0x00604000 \SystemRoot\system32\kdcom.dll
0x0060E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00649000 \SystemRoot\system32\PSHED.dll
0x0065D000 \SystemRoot\system32\CLFS.SYS
0x006BA000 \SystemRoot\system32\CI.dll
0x00807000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EF000 \SystemRoot\system32\drivers\acpi.sys
0x00945000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094E000 \SystemRoot\system32\drivers\msisadrv.sys
0x00958000 \SystemRoot\system32\drivers\pci.sys
0x00988000 \SystemRoot\System32\drivers\partmgr.sys
0x0099D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x009A1000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009AD000 \SystemRoot\system32\drivers\volmgr.sys
0x0076C000 \SystemRoot\System32\drivers\volmgrx.sys
0x009C1000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A0C000 \SystemRoot\system32\drivers\iastor.sys
0x00B1C000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B63000 \SystemRoot\system32\drivers\fileinfo.sys
0x00B77000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00C08000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E08000 \SystemRoot\system32\drivers\ndis.sys
0x00C8F000 \SystemRoot\system32\drivers\msrpc.sys
0x00CDF000 \SystemRoot\system32\drivers\NETIO.SYS
0x01002000 \SystemRoot\System32\drivers\tcpip.sys
0x01178000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01205000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01385000 \SystemRoot\system32\drivers\volsnap.sys
0x013C9000 \SystemRoot\System32\Drivers\spldr.sys
0x013D1000 \SystemRoot\System32\Drivers\mup.sys
0x011A4000 \SystemRoot\System32\drivers\ecache.sys
0x013E3000 \SystemRoot\system32\drivers\disk.sys
0x011D0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00FCB000 \SystemRoot\system32\drivers\crcdisk.sys
0x02319000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02326000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x0240D000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02C07000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02CEA000 \SystemRoot\System32\drivers\watchdog.sys
0x02CFA000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02D06000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02D4C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02E05000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03008000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x03159000 \SystemRoot\system32\DRIVERS\yk60x64.sys
0x031BE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02EF2000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x031D4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x031E0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02F27000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x031EE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x031F9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x02F43000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x02F4C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02F5F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02F98000 \SystemRoot\system32\DRIVERS\storport.sys
0x02D5D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02D6A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02D8D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02D99000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02DCA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02DDA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02B96000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02BAE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02BC1000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x0232F000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x031FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0235D000 \SystemRoot\system32\DRIVERS\ks.sys
0x02FF5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02391000 \SystemRoot\system32\DRIVERS\umbus.sys
0x023A1000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x023E9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x00D38000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x00DAC000 \SystemRoot\system32\DRIVERS\portcls.sys
0x00B84000 \SystemRoot\system32\DRIVERS\drmk.sys
0x03000000 \SystemRoot\system32\drivers\ksthunk.sys
0x00FE3000 \SystemRoot\system32\DRIVERS\ifsmount.sys
0x02400000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x02200000 \SystemRoot\System32\Drivers\Null.SYS
0x00DE7000 \SystemRoot\System32\drivers\vga.sys
0x00BA7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x013F7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x00DF5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x00BCC000 \SystemRoot\system32\drivers\RTSTOR64.SYS
0x03006000 \SystemRoot\system32\drivers\USBD.SYS
0x03C07000 \SystemRoot\system32\DRIVERS\ext2fs.sys
0x03C4C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03C57000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03C68000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x03C71000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03C8E000 \SystemRoot\System32\Drivers\avgtdia.sys
0x03CB2000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03CF6000 \SystemRoot\system32\DRIVERS\smb.sys
0x03D11000 \SystemRoot\system32\drivers\afd.sys
0x03D7C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03D9A000 \SystemRoot\system32\DRIVERS\tmlwf.sys
0x03DCD000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03DDC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x00BE1000 \SystemRoot\system32\DRIVERS\tmtdi.sys
0x03E0F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03E5C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03E68000 \SystemRoot\System32\Drivers\dfsc.sys
0x03E85000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x03E8C000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03EFA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x03F16000 \SystemRoot\system32\DRIVERS\OA009Vid.sys
0x03F62000 \SystemRoot\system32\DRIVERS\OA009Ufd.sys
0x03F8C000 \SystemRoot\System32\Drivers\fastfat.SYS
0x03FC1000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x03FDD000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02209000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x00070000 \SystemRoot\System32\win32k.sys
0x03FEB000 \SystemRoot\System32\drivers\Dxapi.sys
0x009D4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004D0000 \SystemRoot\System32\TSDDD.dll
0x00680000 \SystemRoot\System32\cdd.dll
0x007D2000 \SystemRoot\system32\drivers\luafv.sys
0x03E00000 \SystemRoot\system32\DRIVERS\tmpreflt.sys
0x14E08000 \SystemRoot\system32\DRIVERS\vsapint.sys
0x1500E000 \SystemRoot\system32\DRIVERS\tmxpflt.sys
0x15063000 \SystemRoot\system32\drivers\spsys.sys
0x15174000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x15188000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x151BC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x151C7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x15E0F000 \SystemRoot\system32\drivers\HTTP.sys
0x15EB2000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x15EDB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x15EF9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x15F13000 \SystemRoot\system32\drivers\mrxdav.sys
0x15F3A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x15F63000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x15FAC000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x15FCB000 \SystemRoot\System32\DRIVERS\srv2.sys
0x1600F000 \SystemRoot\System32\DRIVERS\srv.sys
0x160A4000 \SystemRoot\system32\drivers\npf.sys
0x160B3000 \SystemRoot\system32\drivers\peauth.sys
0x16169000 \SystemRoot\System32\Drivers\secdrv.SYS
0x16174000 \SystemRoot\System32\drivers\tcpipreg.sys
0x1640C000 \SystemRoot\system32\DRIVERS\tmwfp.sys
0x165BC000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x008D0000 \SystemRoot\System32\ATMFD.DLL
0x77530000 \Windows\System32\ntdll.dll

Processes (total 76):
0 System Idle Process
4 System
504 C:\Windows\System32\smss.exe
572 csrss.exe
608 C:\Windows\System32\wininit.exe
628 csrss.exe
664 C:\Windows\System32\services.exe
680 C:\Windows\System32\lsass.exe
692 C:\Windows\System32\lsm.exe
784 C:\Windows\System32\winlogon.exe
864 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
444 C:\Windows\System32\svchost.exe
552 C:\Windows\System32\svchost.exe
12 C:\Windows\System32\svchost.exe
764 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d14bcbef\stacsv64.exe
1068 C:\Windows\System32\audiodg.exe
1140 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\SLsvc.exe
1180 C:\Windows\System32\svchost.exe
1304 C:\Program Files\Dell\DellDock\DockLogin.exe
1368 C:\Windows\System32\svchost.exe
1484 C:\Windows\System32\WLTRYSVC.EXE
1496 C:\Windows\System32\BCMWLTRY.EXE
1520 C:\Windows\System32\wlanext.exe
1644 C:\Windows\System32\spoolsv.exe
1672 C:\Windows\System32\svchost.exe
1880 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d14bcbef\AESTSr64.exe
1928 C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
1956 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2012 C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
1452 C:\Windows\System32\svchost.exe
1776 C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
1480 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2060 C:\Windows\System32\svchost.exe
2108 C:\Program Files\Trend Micro\BM\TMBMSRV.exe
2304 C:\PROGRA~2\AVG\AVG8\avgrsa.exe
2312 C:\PROGRA~2\AVG\AVG8\avgnsa.exe
2452 C:\Windows\System32\svchost.exe
2480 C:\Windows\System32\SearchIndexer.exe
2512 C:\Windows\System32\rundll32.exe
2580 C:\PROGRA~2\AVG\AVG8\avgemc.exe
2800 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2860 C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
2872 C:\Windows\System32\taskeng.exe
3440 C:\Windows\System32\taskeng.exe
3452 C:\Windows\System32\dwm.exe
3520 C:\Windows\explorer.exe
3708 C:\Program Files\DellTPad\Apoint.exe
3716 C:\Windows\System32\igfxtray.exe
3732 C:\Windows\System32\hkcmd.exe
3752 C:\Windows\System32\igfxpers.exe
3780 C:\Windows\System32\WLTRAY.EXE
3788 C:\Program Files\Dell\QuickSet\quickset.exe
3808 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3816 C:\Windows\WindowsMobile\wmdSync.exe
3828 C:\Program Files\IDT\WDM\sttray64.exe
3836 C:\Program Files\Windows Sidebar\sidebar.exe
3872 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4032 C:\Windows\System32\igfxsrvc.exe
3128 C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
3200 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
3396 C:\Program Files (x86)\AVG\AVG8\avgtray.exe
3676 C:\Program Files (x86)\MagicDisc\MagicDisc.exe
1004 C:\Windows\System32\svchost.exe
3852 WmiPrvSE.exe
3972 C:\Windows\System32\wbem\unsecapp.exe
4228 C:\Program Files\DellTPad\ApMsgFwd.exe
4252 C:\Program Files\DellTPad\hidfind.exe
4260 C:\Program Files\DellTPad\ApntEx.exe
3384 C:\Users\Owner\Desktop\malware removal\OTL.exe
3608 C:\Windows\System32\SearchProtocolHost.exe
4976 C:\Windows\System32\SearchFilterHost.exe
3268 dllhost.exe
4688 dllhost.exe
3416 C:\Users\Owner\Desktop\malware removal\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`73800000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

PhysicalDrive0 Model Number: ST9320320AS, Rev: DE05

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B


Done!

[Blade81]

Hi again,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent
eMule


I'd like you to read this thread.

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).


After that:


Let's run OTL.

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  :OTL
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
  [2010/08/23 03:49:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\jweokhpct
  [2010/08/23 03:49:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\jweokhpct
  [2010/08/05 00:28:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AB7B4B82BB5928E695DF8135FC0DFBC0
  [2010/08/05 00:29:29 | 000,001,141 | ---- | C] () -- C:\Users\Owner\Desktop\Antimalware Doctor.lnk
  [2010/08/05 00:29:29 | 000,001,121 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
  :Files
  C:\program files (x86)\utorrent
  C:\program files (x86)\emule
  :Reg
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
  "{003A8019-D94C-43C9-A4F1-6F6F340439D3}" = protocol=6 | dir=in | app=-
  "TCP Query User{6FA83816-745E-4EDE-BC76-F16BF6362046}C:\program files (x86)\utorrent\utorrent.exe" =-
  "TCP Query User{CF14EF04-202B-4336-98D5-98CA055985A7}C:\program files (x86)\emule\emule.exe" =-
  "UDP Query User{2F44636E-83A2-4652-8FB9-288BDA2A4B83}C:\program files (x86)\emule\emule.exe" =-
  "UDP Query User{3A61224B-0ECA-4683-83D2-9837936CE191}C:\program files (x86)\utorrent\utorrent.exe" =-

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post a new OTL log

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 21.
• Click the
  Download
  button to the right.
• Select Windows on platform combobox and check the box that says:
  Accept License Agreement. Click continue.
  
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report and a fresh OTL.txt log.

[shankar]

Hi ,
I have uninstalled both the P2P programs.
I ran the RunFix command in OTL and then rebooted the machine and the OTL log after rebooting the machine is pasted below

**OTL LOG - PRODUCED FOR RUNFIX**
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Users\Owner\AppData\Roaming\jweokhpct folder moved successfully.
C:\Users\Owner\AppData\Local\jweokhpct folder moved successfully.
C:\Users\Owner\AppData\Roaming\AB7B4B82BB5928E695DF8135FC0DFBC0 folder moved successfully.
C:\Users\Owner\Desktop\Antimalware Doctor.lnk moved successfully.
C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk moved successfully.
========== FILES ==========
File\Folder C:\program files (x86)\utorrent not found.
File\Folder C:\program files (x86)\emule not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{003A8019-D94C-43C9-A4F1-6F6F340439D3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{003A8019-D94C-43C9-A4F1-6F6F340439D3}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6FA83816-745E-4EDE-BC76-F16BF6362046}C:\program files (x86)\utorrent\utorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CF14EF04-202B-4336-98D5-98CA055985A7}C:\program files (x86)\emule\emule.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2F44636E-83A2-4652-8FB9-288BDA2A4B83}C:\program files (x86)\emule\emule.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3A61224B-0ECA-4683-83D2-9837936CE191}C:\program files (x86)\utorrent\utorrent.exe deleted successfully.

OTL by OldTimer - Version 3.2.11.0 log created on 08292010_183353

**OTL LOG FOR 'RUN SCAN'**
OTL logfile created on: 8/29/2010 6:49:49 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop\malware removal
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.29 Gb Total Space | 179.89 Gb Free Space | 62.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 9.77 Gb Total Space | 3.10 Gb Free Space | 31.78% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 946.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\malware removal\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Owner\Desktop\malware removal\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_d14bcbef\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_d14bcbef\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (yksvc) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (avg8emc) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys (Trend Micro Inc.)
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\DRIVERS\tmwfp.sys (Trend Micro Inc.)
DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\DRIVERS\tmlwf.sys (Trend Micro Inc.)
DRV:64bit: - (Ext2fs) -- C:\Windows\SysNative\DRIVERS\ext2fs.sys (Stephan Schreiber)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (OA009Vid) -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (OA009Ufd) -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (IfsMount) -- C:\Windows\SysNative\DRIVERS\ifsmount.sys (Stephan Schreiber)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4090115
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4090115
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4090115
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.4
FF - prefs.js..extensions.enabledItems: TFToolbarX@torrent-finder:1.2.5
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: firecookie@janodvarko.cz:1.0.2
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2010/06/13 22:24:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/01 21:03:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/22 18:41:21 | 000,000,000 | ---D | M]

[2009/08/26 06:48:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2009/04/23 11:19:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\eclipse\extensions
[2010/07/08 21:29:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\srkqybg8.Addon-Dev\extensions
[2010/04/20 23:35:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\srkqybg8.Addon-Dev\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/29 18:43:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions
[2009/08/26 07:07:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/30 21:06:32 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/11/29 22:03:00 | 000,000,000 | ---D | M] (ShowIP) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2010/01/23 22:57:38 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/06/13 22:35:46 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010/06/13 21:49:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\firebug@software.joehewitt.com
[2010/06/13 22:14:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\firecookie@janodvarko.cz
[2009/12/05 22:06:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\personas@christopher.beard
[2009/11/21 21:42:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\TFToolbarX@torrent-finder
[2010/04/20 07:59:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/08/07 14:25:24 | 000,415,906 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14358 more lines...
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search USA Toolbar) - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Search USA Toolbar) - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search USA Toolbar) - {48405D3D-2674-4CD8-B1EF-9A719443BD3F} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [googletalk] C:\Users\Owner\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2009/02/09 03:51:31 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: tcs.com ([inchnm02] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([icalms] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([knowmax] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([www.ultimatix.net] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.org ([apps] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://inchnm02.tcs.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/28 11:14:05 | 000,000,175 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell - "" = AutoRun
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell\AutoRun\command - "" = H:\setup.exe -- [2006/10/28 12:00:48 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell\configure\command - "" = H:\setup.exe -- [2006/10/28 12:00:48 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell\install\command - "" = H:\setup.exe -- [2006/10/28 12:00:48 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{b2611ab1-d674-11de-80ca-0023ae13f647}\Shell - "" = AutoRun
O33 - MountPoints2\{b2611ab1-d674-11de-80ca-0023ae13f647}\Shell\AutoRun\command - "" = D:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/29 18:33:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/29 01:31:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\malware removal
[2010/08/24 07:07:36 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/08/24 04:50:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Log files
[2010/08/24 04:37:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/24 04:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/08/23 02:24:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/08/11 03:01:53 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/08/11 02:46:56 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/11 02:46:39 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 02:46:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 02:46:36 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/11 02:46:18 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/11 02:46:14 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/08/11 02:46:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/08/11 02:46:13 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 02:46:13 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/08/11 02:46:13 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/11 02:46:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/08/11 02:46:13 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/08/11 02:46:12 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/11 02:46:12 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/08/11 02:46:12 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/08/11 02:46:12 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/11 02:46:12 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/11 02:46:12 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/08/11 02:46:12 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/08/11 02:46:11 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/11 02:46:11 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/08/11 02:46:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/08/11 02:46:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/08/11 02:46:11 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/11 02:46:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/08/11 02:46:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/11 02:46:11 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/07 14:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/08/07 14:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/08/01 15:24:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DivX
[2010/08/01 15:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/08/01 15:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010/08/01 15:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010/08/01 15:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/07/31 23:46:10 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/29 18:49:48 | 009,175,040 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT
[2010/08/29 18:37:25 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/29 18:37:25 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/29 18:37:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/29 18:37:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/29 18:37:02 | 4255,502,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/29 18:36:12 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/08/29 18:36:12 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/08/29 18:36:07 | 004,332,965 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/08/29 18:34:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4275679545-3703437013-2739024288-1000UA.job
[2010/08/29 18:10:46 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4275679545-3703437013-2739024288-1000Core.job
[2010/08/29 17:59:18 | 064,052,916 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/08/24 06:20:05 | 000,000,756 | ---- | M] () -- C:\Windows\tasks\Install.job
[2010/08/24 04:26:26 | 000,000,746 | ---- | M] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/08/23 02:25:40 | 000,001,848 | ---- | M] () -- C:\Users\Owner\Desktop\Install.lnk
[2010/08/22 18:41:21 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/20 23:44:30 | 000,036,352 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/12 01:41:48 | 000,387,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/09 02:19:59 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/08/07 14:25:24 | 000,415,906 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/08/07 14:05:08 | 000,001,123 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/07 14:05:08 | 000,001,099 | ---- | M] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/08/06 00:58:14 | 000,000,957 | ---- | M] () -- C:\Users\Owner\Desktop\mailto.html
[2010/08/02 04:04:02 | 000,000,831 | ---- | M] () -- C:\Users\Owner\Desktop\1mailto.html
[2010/08/02 03:33:24 | 000,000,970 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/08/01 15:25:32 | 000,001,420 | ---- | M] () -- C:\Users\Owner\Desktop\DivX Movies.lnk
[2010/08/01 15:24:37 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/08/01 15:23:37 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/07/31 22:31:39 | 000,788,990 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/31 22:31:39 | 000,665,138 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/31 22:31:39 | 000,127,696 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/24 04:26:26 | 000,000,746 | ---- | C] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/08/24 03:14:26 | 4255,502,336 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/23 02:25:40 | 000,001,848 | ---- | C] () -- C:\Users\Owner\Desktop\Install.lnk
[2010/08/23 02:25:40 | 000,000,756 | ---- | C] () -- C:\Windows\tasks\Install.job
[2010/08/07 14:05:08 | 000,001,123 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/07 14:05:08 | 000,001,099 | ---- | C] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/08/02 04:04:01 | 000,000,831 | ---- | C] () -- C:\Users\Owner\Desktop\1mailto.html
[2010/08/02 03:42:43 | 000,000,957 | ---- | C] () -- C:\Users\Owner\Desktop\mailto.html
[2010/08/02 03:33:24 | 000,000,970 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/08/01 15:25:32 | 000,001,420 | ---- | C] () -- C:\Users\Owner\Desktop\DivX Movies.lnk
[2010/08/01 15:24:37 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/08/01 15:23:37 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/01/05 22:20:16 | 000,285,936 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_RefInt_x64_MSI50DD.txt
[2010/01/05 22:20:03 | 000,547,432 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI50B3.txt
[2010/01/05 22:19:53 | 000,442,486 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI5092.txt
[2010/01/05 22:19:23 | 005,361,572 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_Build_x64_MSI5030.txt
[2010/01/05 22:19:14 | 000,654,946 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_Tools_x64_MSI5012.txt
[2010/01/05 22:18:34 | 002,507,814 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_CrystalReports2007_x64_MSI4F90.txt
[2010/01/05 22:17:04 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/05 22:15:56 | 004,641,116 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_CrystalReports2007_MSI4D8C.txt
[2010/01/05 22:15:49 | 000,407,610 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_RDBG_AMD64_MSI4D75.txt
[2010/01/05 22:15:42 | 000,300,512 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_64bitEmulator_MSI4D5E.txt
[2010/01/05 22:15:07 | 005,158,754 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WMSP_5_0_MSI4CEC.txt
[2010/01/05 22:14:16 | 007,065,284 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WMPPC_5_0_MSI4C45.txt
[2010/01/05 22:14:02 | 000,733,202 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SSCEDeviceRuntime_MSI4C18.txt
[2010/01/05 22:13:57 | 000,331,134 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SQLCEToolsForVS2007_MSI4C07.txt
[2010/01/05 22:13:47 | 000,358,526 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SSCERuntime_MSI4BE7.txt
[2010/01/05 22:12:50 | 000,876,402 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_VSTOR_MSI4B2D.txt
[2010/01/05 22:12:27 | 001,050,246 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_NETCFSetupv35_MSI4AE1.txt
[2010/01/05 22:12:13 | 001,015,892 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_NETCFSetupv2_MSI4AB4.txt
[2010/01/05 21:55:20 | 052,625,164 | ---- | C] () -- C:\Users\Owner\AppData\Local\VSMsiLog3DC8.txt
[2010/01/05 21:54:21 | 002,729,938 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_Dexplorer90_retMSI3D07.txt
[2010/01/05 21:54:13 | 000,355,634 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_PreReq_AMD64_MSI3CED.txt
[2010/01/05 21:54:00 | 000,866,344 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_VC_MinRed_MSI3CC2.txt
[2010/01/05 21:52:10 | 000,190,057 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2010/01/05 21:51:57 | 000,555,296 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_install_vs_procore_90.txt
[2010/01/05 21:51:57 | 000,000,002 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_error_vs_procore_90.txt
[2009/12/05 14:04:20 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/05 14:02:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/12/01 17:06:46 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2009/10/20 23:49:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/09/15 07:57:57 | 000,798,338 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/15 07:14:30 | 000,337,390 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SharedManagementObjects_MSI6CB9.txt
[2009/09/15 07:14:26 | 000,172,150 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SQLSysClrTypes_msi6CAC.txt
[2009/09/15 07:08:32 | 012,106,176 | ---- | C] () -- C:\Users\Owner\AppData\Local\VSMsiLog6828.txt
[2009/09/15 07:06:00 | 000,149,402 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_VWDTools_x64_MSI6634.txt
[2009/09/15 07:05:41 | 001,200,834 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_ExpRemoteDbg_x64_MSI65F9.txt
[2009/09/15 07:05:08 | 000,421,060 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_VC_Red_MSI658E.txt
[2009/09/12 21:22:32 | 000,222,380 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheck_VNS_EXP_90.txt
[2009/09/12 21:22:23 | 000,628,456 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_install_vns_xcor_90.txt
[2009/09/12 21:22:23 | 000,023,878 | ---- | C] () -- C:\Users\Owner\AppData\Local\uxeventlog.txt
[2009/09/12 21:22:23 | 000,000,002 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_error_vns_xcor_90.txt
[2009/08/20 06:05:48 | 000,024,226 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2009/08/05 09:32:30 | 000,008,248 | ---- | C] () -- C:\Users\Owner\AppData\Local\en.ini
[2009/08/05 09:32:29 | 000,476,672 | ---- | C] () -- C:\Users\Owner\AppData\Local\7za.exe
[2009/08/05 09:32:29 | 000,006,747 | ---- | C] () -- C:\Users\Owner\AppData\Local\doc_viewer_HTML_EN.zip
[2009/07/08 09:33:19 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/04/23 18:14:07 | 000,000,438 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/04/19 07:47:54 | 000,036,352 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/15 10:24:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/10/04 04:37:10 | 003,754,896 | ---- | C] () -- C:\Windows\SysWow64\erdmpg-6.dll
[2008/09/28 23:03:01 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\Manipulate.dll
[2008/08/28 16:50:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\comLyricGetter.dll
[2008/08/28 16:47:22 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\Uncommon.dll
[2008/08/28 16:47:20 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\NormalizeDSP.dll
[2008/01/21 08:20:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/07 01:00:38 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5
< End of report >

[shankar]

Hi ,
I uninstalled Java and installed the latest version as provided by you.
Also cleaned the temporary files using ATF. Then ran a online scan using Kaspersky. The Kaspersky report and the OTL log are posted below.
[Kaspersky wanted me to deactivate the anitvirus which I had. So I closed AVG and ran kaspersky scan. ]

**KASPERSKY SCAN REPORT**

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, August 30, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, August 29, 2010 10:21:56
Records in database: 4167253
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
E:\
F:\
H:\

Scan statistics:
Objects scanned: 188693
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 07:50:51

No threats found. Scanned area is clean.

Selected area has been scanned.

**OTL LOG REPORT**

OTL logfile created on: 8/30/2010 7:50:08 AM - Run 3
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop\malware removal
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 38.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.29 Gb Total Space | 184.75 Gb Free Space | 64.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 9.77 Gb Total Space | 3.10 Gb Free Space | 31.78% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 946.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\AppData\Local\Temp\jkos-Owner\binaries\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Program Files (x86)\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.)
PRC - C:\Users\Owner\Desktop\malware removal\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Owner\Desktop\malware removal\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_d14bcbef\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_d14bcbef\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (yksvc) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (avg8emc) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys (Trend Micro Inc.)
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\DRIVERS\tmwfp.sys (Trend Micro Inc.)
DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\DRIVERS\tmlwf.sys (Trend Micro Inc.)
DRV:64bit: - (Ext2fs) -- C:\Windows\SysNative\DRIVERS\ext2fs.sys (Stephan Schreiber)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (OA009Vid) -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (OA009Ufd) -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (IfsMount) -- C:\Windows\SysNative\DRIVERS\ifsmount.sys (Stephan Schreiber)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4090115
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4090115
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4090115
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.4
FF - prefs.js..extensions.enabledItems: TFToolbarX@torrent-finder:1.2.5
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: firecookie@janodvarko.cz:1.0.2
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2010/06/13 22:24:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/01 21:03:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/29 22:14:34 | 000,000,000 | ---D | M]

[2009/08/26 06:48:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2009/04/23 11:19:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\eclipse\extensions
[2010/07/08 21:29:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\srkqybg8.Addon-Dev\extensions
[2010/04/20 23:35:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\srkqybg8.Addon-Dev\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/30 03:26:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions
[2009/08/26 07:07:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/30 21:06:32 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/11/29 22:03:00 | 000,000,000 | ---D | M] (ShowIP) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2010/01/23 22:57:38 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/06/13 22:35:46 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010/06/13 21:49:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\firebug@software.joehewitt.com
[2010/06/13 22:14:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\firecookie@janodvarko.cz
[2009/12/05 22:06:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\personas@christopher.beard
[2009/11/21 21:42:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\TFToolbarX@torrent-finder
[2010/08/30 03:26:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/29 22:14:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/29 22:14:19 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/07 14:25:24 | 000,415,906 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14358 more lines...
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search USA Toolbar) - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Search USA Toolbar) - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search USA Toolbar) - {48405D3D-2674-4CD8-B1EF-9A719443BD3F} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [googletalk] C:\Users\Owner\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2009/02/09 03:51:31 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: tcs.com ([inchnm02] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([icalms] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([knowmax] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([www.ultimatix.net] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.org ([apps] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://inchnm02.tcs.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/28 11:14:05 | 000,000,175 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell - "" = AutoRun
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell\AutoRun\command - "" = H:\setup.exe -- [2006/10/28 12:00:48 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell\configure\command - "" = H:\setup.exe -- [2006/10/28 12:00:48 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell\install\command - "" = H:\setup.exe -- [2006/10/28 12:00:48 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{b2611ab1-d674-11de-80ca-0023ae13f647}\Shell - "" = AutoRun
O33 - MountPoints2\{b2611ab1-d674-11de-80ca-0023ae13f647}\Shell\AutoRun\command - "" = D:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/29 22:35:30 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/08/29 22:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/29 22:15:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/29 22:14:34 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/08/29 22:14:34 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/29 22:14:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/29 22:14:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/29 18:33:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/29 01:31:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\malware removal
[2010/08/24 07:07:36 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/08/24 04:50:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Log files
[2010/08/24 04:37:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/24 04:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/08/23 02:24:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/08/11 03:01:53 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/08/11 02:46:56 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/11 02:46:39 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 02:46:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 02:46:36 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/11 02:46:18 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/11 02:46:14 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/08/11 02:46:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/08/11 02:46:13 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 02:46:13 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/08/11 02:46:13 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/11 02:46:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/08/11 02:46:13 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/08/11 02:46:12 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/11 02:46:12 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/08/11 02:46:12 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/08/11 02:46:12 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/11 02:46:12 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/11 02:46:12 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/08/11 02:46:12 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/08/11 02:46:11 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/11 02:46:11 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/08/11 02:46:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/08/11 02:46:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/08/11 02:46:11 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/11 02:46:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/08/11 02:46:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/11 02:46:11 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/07 14:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/08/07 14:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/08/01 15:24:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DivX
[2010/08/01 15:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/08/01 15:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010/08/01 15:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010/08/01 15:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/07/31 23:46:10 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/30 07:50:11 | 009,175,040 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT
[2010/08/30 07:34:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4275679545-3703437013-2739024288-1000UA.job
[2010/08/30 06:41:41 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/30 06:41:41 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/30 02:09:22 | 000,807,366 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/30 02:09:22 | 000,668,042 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/30 02:09:22 | 000,128,540 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/29 23:36:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/29 22:14:19 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/08/29 22:14:19 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/29 22:14:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/29 22:14:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/29 20:41:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/29 20:41:38 | 4255,502,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/29 20:40:50 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/08/29 20:40:50 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/08/29 20:40:45 | 004,567,850 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/08/29 18:10:46 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4275679545-3703437013-2739024288-1000Core.job
[2010/08/29 17:59:18 | 064,052,916 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/08/24 06:20:05 | 000,000,756 | ---- | M] () -- C:\Windows\tasks\Install.job
[2010/08/24 04:26:26 | 000,000,746 | ---- | M] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/08/23 02:25:40 | 000,001,848 | ---- | M] () -- C:\Users\Owner\Desktop\Install.lnk
[2010/08/22 18:41:21 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/20 23:44:30 | 000,036,352 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/12 01:41:48 | 000,387,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/09 02:19:59 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/08/07 14:25:24 | 000,415,906 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/08/07 14:05:08 | 000,001,123 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/07 14:05:08 | 000,001,099 | ---- | M] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/08/06 00:58:14 | 000,000,957 | ---- | M] () -- C:\Users\Owner\Desktop\mailto.html
[2010/08/02 04:04:02 | 000,000,831 | ---- | M] () -- C:\Users\Owner\Desktop\1mailto.html
[2010/08/02 03:33:24 | 000,000,970 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/08/01 15:25:32 | 000,001,420 | ---- | M] () -- C:\Users\Owner\Desktop\DivX Movies.lnk
[2010/08/01 15:24:37 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/08/01 15:23:37 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/07/31 22:31:39 | 000,788,990 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/24 04:26:26 | 000,000,746 | ---- | C] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/08/24 03:14:26 | 4255,502,336 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/23 02:25:40 | 000,001,848 | ---- | C] () -- C:\Users\Owner\Desktop\Install.lnk
[2010/08/23 02:25:40 | 000,000,756 | ---- | C] () -- C:\Windows\tasks\Install.job
[2010/08/07 14:05:08 | 000,001,123 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/07 14:05:08 | 000,001,099 | ---- | C] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/08/02 04:04:01 | 000,000,831 | ---- | C] () -- C:\Users\Owner\Desktop\1mailto.html
[2010/08/02 03:42:43 | 000,000,957 | ---- | C] () -- C:\Users\Owner\Desktop\mailto.html
[2010/08/02 03:33:24 | 000,000,970 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/08/01 15:25:32 | 000,001,420 | ---- | C] () -- C:\Users\Owner\Desktop\DivX Movies.lnk
[2010/08/01 15:24:37 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/08/01 15:23:37 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/01/05 22:20:16 | 000,285,936 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_RefInt_x64_MSI50DD.txt
[2010/01/05 22:20:03 | 000,547,432 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI50B3.txt
[2010/01/05 22:19:53 | 000,442,486 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI5092.txt
[2010/01/05 22:19:23 | 005,361,572 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_Build_x64_MSI5030.txt
[2010/01/05 22:19:14 | 000,654,946 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_Tools_x64_MSI5012.txt
[2010/01/05 22:18:34 | 002,507,814 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_CrystalReports2007_x64_MSI4F90.txt
[2010/01/05 22:17:04 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/05 22:15:56 | 004,641,116 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_CrystalReports2007_MSI4D8C.txt
[2010/01/05 22:15:49 | 000,407,610 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_RDBG_AMD64_MSI4D75.txt
[2010/01/05 22:15:42 | 000,300,512 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_64bitEmulator_MSI4D5E.txt
[2010/01/05 22:15:07 | 005,158,754 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WMSP_5_0_MSI4CEC.txt
[2010/01/05 22:14:16 | 007,065,284 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WMPPC_5_0_MSI4C45.txt
[2010/01/05 22:14:02 | 000,733,202 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SSCEDeviceRuntime_MSI4C18.txt
[2010/01/05 22:13:57 | 000,331,134 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SQLCEToolsForVS2007_MSI4C07.txt
[2010/01/05 22:13:47 | 000,358,526 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SSCERuntime_MSI4BE7.txt
[2010/01/05 22:12:50 | 000,876,402 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_VSTOR_MSI4B2D.txt
[2010/01/05 22:12:27 | 001,050,246 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_NETCFSetupv35_MSI4AE1.txt
[2010/01/05 22:12:13 | 001,015,892 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_NETCFSetupv2_MSI4AB4.txt
[2010/01/05 21:55:20 | 052,625,164 | ---- | C] () -- C:\Users\Owner\AppData\Local\VSMsiLog3DC8.txt
[2010/01/05 21:54:21 | 002,729,938 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_Dexplorer90_retMSI3D07.txt
[2010/01/05 21:54:13 | 000,355,634 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_PreReq_AMD64_MSI3CED.txt
[2010/01/05 21:54:00 | 000,866,344 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_VC_MinRed_MSI3CC2.txt
[2010/01/05 21:52:10 | 000,190,057 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2010/01/05 21:51:57 | 000,555,296 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_install_vs_procore_90.txt
[2010/01/05 21:51:57 | 000,000,002 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_error_vs_procore_90.txt
[2009/12/05 14:04:20 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/05 14:02:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/12/01 17:06:46 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2009/10/20 23:49:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/09/15 07:57:57 | 000,807,366 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/15 07:14:30 | 000,337,390 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SharedManagementObjects_MSI6CB9.txt
[2009/09/15 07:14:26 | 000,172,150 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SQLSysClrTypes_msi6CAC.txt
[2009/09/15 07:08:32 | 012,106,176 | ---- | C] () -- C:\Users\Owner\AppData\Local\VSMsiLog6828.txt
[2009/09/15 07:06:00 | 000,149,402 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_VWDTools_x64_MSI6634.txt
[2009/09/15 07:05:41 | 001,200,834 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_ExpRemoteDbg_x64_MSI65F9.txt
[2009/09/15 07:05:08 | 000,421,060 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_VC_Red_MSI658E.txt
[2009/09/12 21:22:32 | 000,222,380 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheck_VNS_EXP_90.txt
[2009/09/12 21:22:23 | 000,628,456 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_install_vns_xcor_90.txt
[2009/09/12 21:22:23 | 000,023,878 | ---- | C] () -- C:\Users\Owner\AppData\Local\uxeventlog.txt
[2009/09/12 21:22:23 | 000,000,002 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_error_vns_xcor_90.txt
[2009/08/20 06:05:48 | 000,024,226 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2009/08/05 09:32:30 | 000,008,248 | ---- | C] () -- C:\Users\Owner\AppData\Local\en.ini
[2009/08/05 09:32:29 | 000,006,747 | ---- | C] () -- C:\Users\Owner\AppData\Local\doc_viewer_HTML_EN.zip
[2009/07/08 09:33:19 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/04/23 18:14:07 | 000,000,438 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/04/19 07:47:54 | 000,036,352 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/15 10:24:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/10/04 04:37:10 | 003,754,896 | ---- | C] () -- C:\Windows\SysWow64\erdmpg-6.dll
[2008/09/28 23:03:01 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\Manipulate.dll
[2008/08/28 16:50:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\comLyricGetter.dll
[2008/08/28 16:47:22 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\Uncommon.dll
[2008/08/28 16:47:20 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\NormalizeDSP.dll
[2008/01/21 08:20:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/07 01:00:38 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5
< End of report >

[Blade81]

Good. Do you still have that disabled startup entry there? Any (other) issues?