Several Malware/Virus Problems

b1ad3

New member
Got this virus yesterday evening. It installed several fake virus protections and, at first, restricted me from using task manage and using Malwarebytes Anti-Malware.

I ran Spyware Doctor, Avast! and RegRun and have gained control of task manage and have the ability to make Registry changes back. However, I still have several fake spyware "protectors" and am running really sluggish.

If you can help, it is greatly appreciated.

-------------------------------------------------------------------
DDS (Ver_10-03-17.01) - NTFSX64
Run by User 1 at 15:33:02.49 on Tue 04/27/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3326.979 [GMT -4:00]

AV: Digital Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: avast! antivirus 4.8.1296 [VPS 081226-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1296 [VPS 081226-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Greatis\RegRunSuite\watchdog.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\User 1\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient .exe
C:\program files (x86)\whatpulse\whatpulse .exe
C:\program files (x86)\java\jre6\bin\jusched .exe
C:\program files (x86)\itunes\ituneshelper .exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files (x86)\internet explorer\wmpscfgs.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\User 1\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\systemnative\userinit.exe,
uWinlogon: Shell=c:\users\user 1\appdata\roaming\ccommander\ccmain.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: adHlpr Object: {0c21698b-11a0-4202-96fe-198d01082753} - c:\windows\syswow64\yebkdlmo.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files (x86)\spyware doctor\bdt\PCTBROWSERDEFENDER.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: adShotHlpr Object: {b57d74ae-d437-4412-a5a7-7a3971e8a1e8} - c:\windows\syswow64\omjjxlpq.dll
BHO: hotrevenue browser enhancer: {c0745218-b667-f3f7-89ad-8848b9927739} - c:\windows\syswow64\pxdbmdsqgpfnqf.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: {e623ff84-bca2-469e-aa59-730c17858d4b} - c:\windows\syswow64\JIDEWOJO.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files (x86)\spyware doctor\bdt\PCTBROWSERDEFENDER.DLL
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WhatPulse] c:\program files (x86)\whatpulse\WhatPulse.exe
uRun: [Octoshape Streaming Services] "c:\users\user 1\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient .exe" -inv:bootrun
uRun: [Aim] "c:\program files (x86)\aim\aim .exe" /d locale=en-US
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
uRun: [sysmon64x.exe] c:\users\user1~1\appdata\local\temp\SYSMON64X.EXE
uRun: [apmanager.exe] c:\users\user 1\appdata\roaming\apmanager\apmanager.exe silent
uRun: [hsf87sdhfush87fsufhuie3fddf] c:\users\user1~1\appdata\local\temp\eo9p667jp.exe
uRun: [Digital Protection] "c:\program files (x86)\digital protection\digprot.exe" -noscan
uRun: [RTHDBPL] c:\users\user 1\appdata\roaming\systemproc\lsass.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [<NO NAME>]
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\qttask .exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [ewrgetuj] c:\users\user1~1\appdata\local\temp\geurge.exe
mRun: [lsdefrag] c:\users\user1~1\appdata\local\temp\cmnaexwosr.exe
mRun: [ezLife] rundll32 "omjjxlpq.dll",,Run
mRun: [RegRun WinBait] c:\windows\winbait.exe
mRun: [@RegRunOnSecure] c:\progra~2\greatis\regrun~1\OnSecure.exe
mRun: [ISTray] "c:\program files (x86)\spyware doctor\pctsTray.exe"
mRun: [nujuzugide] Rundll32.exe "jidewojo.dll",s
mRun: [vsvoczrnnqhsbpb] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\pxdbmdsqgpfnqf.dll"
mExplorerRun: [9xsl] c:\users\user1~1\appdata\local\temp\77wi.exe
StartupFolder: c:\users\user1~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files (x86)\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\user1~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\impuls~1.lnk - c:\program files (x86)\stardock\impulse\now\ImpulseNow.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Append to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files (x86)\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: hiwazedo.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
SEH: ShellObj Class: {f552dde6-2090-4bf4-b924-6141e87789a5} - c:\progra~2\greatis\regrun~1\RRSHELL.DLL
LSA: Notification Packages = scecli hiwazedo.dll
IFEO: MpCmdRun.exe - c:\windows\system32\svchost.exe
IFEO: MSASCui.exe - c:\windows\system32\svchost.exe
IFEO: MsMpEng.exe - c:\windows\system32\svchost.exe
IFEO: msseces.exe - c:\windows\system32\svchost.exe
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} -
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\System32\DreamScene.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\user1~1\appdata\roaming\mozilla\firefox\profiles\kuky3h7i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files (x86)\mozilla firefox\components\ffxShot.dll
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files (x86)\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\user 1\appdata\local\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\users\user 1\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\user 1\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2010-4-26 218056]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-26 89680]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-26 22096]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-12-26 64592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-12-26 138680]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\spyware doctor\bdt\BDTUpdateService.exe [2010-4-26 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\spyware doctor\pctsAuxs.exe [2010-4-26 365280]
R2 sdCoreService;PC Tools Security Service;c:\program files (x86)\spyware doctor\pctsSvc.exe [2010-4-26 1141712]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-12-26 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-12-26 352920]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-6-27 399360]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2007-12-6 391680]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\drivers\athrxu6.sys [2007-7-5 1041920]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-9-23 89920]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-27 27648]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 40464]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-12-27 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-10-16 50176]

=============== Created Last 30 ================

2010-04-27 00:24:41 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-27 00:24:40 882 ----a-w- c:\windows\RegSDImport.xml
2010-04-27 00:24:40 879 ----a-w- c:\windows\RegISSImport.xml
2010-04-27 00:24:40 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-27 00:24:40 131 ----a-w- c:\windows\IDB.zip
2010-04-27 00:24:40 1152444 ----a-w- c:\windows\UDB.zip
2010-04-27 00:24:39 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-27 00:24:39 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-27 00:24:39 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-04-27 00:18:07 7357 ----a-w- c:\windows\system32\drivers\pctgntdi64.cat
2010-04-27 00:18:07 306648 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2010-04-27 00:18:07 133072 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2010-04-27 00:18:04 7353 ----a-w- c:\windows\system32\drivers\pctcore64.cat
2010-04-27 00:18:04 218056 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2010-04-27 00:17:59 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2010-04-27 00:17:59 7353 ----a-w- c:\windows\system32\drivers\pctplsg64.cat
2010-04-27 00:17:52 0 d-----w- c:\users\user1~1\appdata\roaming\PC Tools
2010-04-27 00:17:52 0 d-----w- c:\programdata\PC Tools
2010-04-27 00:17:52 0 d-----w- c:\program files (x86)\Spyware Doctor
2010-04-27 00:17:52 0 d-----w- c:\program files (x86)\common files\PC Tools
2010-04-26 23:31:52 0 d-----w- c:\windows\RestoreSafeDeleted
2010-04-26 23:30:15 535 ----a-w- c:\windows\syswow64\Partizan.RRI
2010-04-26 23:27:00 0 d-sh--r- C:\desktop.ini
2010-04-26 23:27:00 0 d-sh--r- C:\comment.htt
2010-04-26 23:27:00 0 d-sh--r- C:\autorun.inf
2010-04-26 23:26:42 2 --shatr- c:\windows\winstart.bat
2010-04-26 23:26:42 2 --shatr- c:\windows\syswow64\AUTOEXEC.NT
2010-04-26 23:26:22 37600 ----a-w- c:\windows\syswow64\Partizan.exe
2010-04-26 23:25:20 57556 ----a-w- c:\windows\guard.bmp
2010-04-26 23:25:20 36864 ----a-w- c:\windows\winbait.exe
2010-04-26 23:25:20 20192 ----a-w- c:\windows\WinBait.org
2010-04-26 23:25:20 20192 ----a-w- c:\windows\winbait .exe
2010-04-26 23:25:20 1385184 ----a-w- c:\windows\RunGuard.exe
2010-04-26 23:25:12 0 d-----w- c:\program files (x86)\Greatis
2010-04-26 23:19:26 0 d-----w- c:\users\user1~1\appdata\roaming\CCommander
2010-04-26 23:19:24 0 d-sh--w- c:\users\user1~1\appdata\roaming\SystemProc
2010-04-26 23:17:18 0 d-----w- c:\program files (x86)\Digital Protection
2010-04-26 23:16:16 317440 ----a-w- c:\windows\syswow64\cooper.mine
2010-04-26 23:14:34 36864 ----a-w- c:\windows\syswow64\READER_S.del
2010-04-26 23:14:07 0 d-----w- c:\users\user1~1\appdata\roaming\APManager
2010-04-26 23:14:04 50990 ----a-w- c:\windows\syswow64\eqpcpcyydhhaueen.exe
2010-04-26 23:14:01 0 d-----w- c:\program files (x86)\ezLife
2010-04-26 23:13:50 162304 ----a-w- c:\windows\Dgynoa.exe
2010-04-26 23:13:48 0 d-----w- c:\users\user1~1\appdata\roaming\57FEB2771E017424312E3F6F5A51A206
2010-04-25 06:30:22 0 d-----w- c:\programdata\DivX
2010-04-21 11:55:32 299008 ----a-w- c:\windows\syswow64\yebkdlmo.dll
2010-04-21 11:55:04 319488 ----a-w- c:\windows\syswow64\omjjxlpq.dll
2010-04-15 10:58:44 384512 ----a-w- c:\windows\syswow64\_pxdbmdsqgpfnqf.dll
2010-04-15 10:58:44 381952 ----a-w- c:\windows\syswow64\pxdbmdsqgpfnqf.dll
2010-04-15 07:03:15 1427336 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 07:03:13 29696 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-15 07:03:13 225280 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 07:03:01 273920 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 07:03:01 135680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 07:03:00 106496 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 07:02:57 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 07:02:37 602624 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 07:02:37 430080 ----a-w- c:\windows\syswow64\vbscript.dll
2010-04-15 07:02:36 72192 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-15 07:02:36 62464 ----a-w- c:\windows\syswow64\l3codeca.acm
2010-04-15 07:02:36 220672 ----a-w- c:\windows\syswow64\l3codecp.acm
2010-04-15 07:02:36 181760 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-14 16:41:10 218624 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 16:41:10 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-04-14 16:41:09 98304 ----a-w- c:\windows\syswow64\cabview.dll
2010-04-14 16:41:09 104960 ----a-w- c:\windows\system32\cabview.dll
2010-04-05 17:50:09 0 d-----w- c:\program files\iPod
2010-04-05 17:50:08 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-04-05 17:50:08 0 d-----w- c:\program files\iTunes
2010-04-05 17:50:08 0 d-----w- c:\program files (x86)\iTunes
2010-04-05 17:45:44 0 d-----w- c:\program files\Bonjour
2010-03-31 01:58:24 353592 ----a-w- c:\windows\syswow64\DivXControlPanelApplet.cpl

==================== Find3M ====================

2010-04-27 19:01:37 66702 ----a-w- c:\programdata\nvModes.dat
2010-04-05 17:46:12 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-05 17:46:12 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-05 17:46:12 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-11 21:36:51 133712 ----a-w- c:\windows\War3Unin.dat
2010-03-09 16:50:32 86528 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 16:25:21 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2010-03-09 16:07:05 1032192 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 15:42:17 834048 ----a-w- c:\windows\syswow64\wininet.dll
2010-03-09 15:42:08 1176064 ----a-w- c:\windows\syswow64\urlmon.dll
2010-03-09 15:40:29 477184 ----a-w- c:\windows\syswow64\mshtmled.dll
2010-03-09 15:40:29 3601920 ----a-w- c:\windows\syswow64\mshtml.dll
2010-03-09 15:39:49 6080000 ----a-w- c:\windows\syswow64\ieframe.dll
2010-03-09 15:39:49 193024 ----a-w- c:\windows\syswow64\iepeers.dll
2010-03-09 15:39:49 180736 ----a-w- c:\windows\syswow64\ieui.dll
2010-03-09 15:39:47 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2010-02-24 14:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:15:56 32768 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:14:20 33792 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 23:06:41 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\syswow64\httpapi.dll
2010-02-12 16:01:24 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 16:01:24 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 15:46:14 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-02-12 15:46:14 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2009-11-17 09:14:05 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-12-27 06:40:49 174 --sha-w- c:\program files\desktop.ini
2008-12-27 06:40:49 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-27 11:19:49 1970157 --sha-w- c:\windows\syswow64\dukotova.exe
2010-01-27 11:19:49 0 --sha-w- c:\windows\syswow64\fogiguzu.exe
2010-01-26 23:13:48 127488 --sha-w- c:\windows\syswow64\hiwazedo.dll
2010-01-26 23:13:48 127488 --sha-w- c:\windows\syswow64\jidewojo.dll
2010-01-26 23:19:21 1970157 --sha-w- c:\windows\syswow64\jumaruri.exe
2010-01-26 23:13:48 127488 --sha-w- c:\windows\syswow64\korapulu.dll
2010-01-27 11:19:49 110592 --sha-w- c:\windows\syswow64\zudujogi.exe
2008-01-09 00:30:43 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 15:35:03.74 ===============

Also have Attach.txt saved - will be zipped and posted upon request.
 
Hi,

Your system is very severely infected. If this was my system I'd do a reformat. Do you have resources to reformat?
 
I have a disk that says Vista Ultimatex64 Recovery.

If this is not it I'm not sure that I have the resources - I bought this computer off craigslist about a year ago and he gave me a few disc - this is the only one that might be it.

If this is the right disc can you explain how to use it?
 
Hi,

Do you remember the exact date when the system got infected?

Could you reboot using the disk you have there and let me know what options it gives to you?
 
I believe the exact date that I got a noticeable infection was the April 27th.

Ill try booting from the disc and see what happens.
 
Unfortunately wont let me boot from disc, I set boot from cd drive in BIOS but it still wont.

There is an .exe file inside tho that gives me the option to install windows vista
 
Hi,

Did you have cd/dvd drive selected as 1. booting device? It has to be that or operating system on hard drive will be loaded earlier. What is the exe file name on that disk?
 
Yes I had my cd/dvd drive set as the #1 device for booting priority.
The .exe file is just setup.exe
 
Hi,

If you run that setup what options are offered there? Is there "Repair your computer" -option present?
 
There is..

Check Compatibility Online
Install Now

What to know before installing windows
Transfer files and settings from another computer
 
Hi,

If you have other system available you could test booting from that recovery disk to see if problem is with the dvd drive of infected system or with the disk itself.

I don't feel very comfortable trying Vista installation from Windows instead of rebooting with disk and doing complete reinstall there. If we have to take a cleaning attempt I can't guarantee anything since most tools won't work with 64-bit system.
 
I tried booting from disc on my other computer. It seemed to boot from it but had an error because it is a 32 bit system so I guess that means something wrong with this computer's dvd drive.

Where do we go from here?
 
As I told you, we can attempt cleaning but I can't guarantee successful end results.

Download Vipre rescue and save it to c:\Vipretemp folder. Then download OTL to your desktop.


1. Boot the computer in "Safe Mode with Command Prompt" (press F8 when the computer starts to boot. When the boot screen appears, use the down arrow to highlight the selection).
2. When the command line appears, navigate to the directory that contains the VIPRE Rescue Program (c:\VipreTemp if you followed my instructions about destination location) by typing following commands (press enter after each one):
c:
cd\VipreTemp


3. Type VIPRERescue6245.exe (without double quotes) at the command prompt.

4. At the prompt, "Do you wish to extract the VIPRE Rescue Scanner to your computer?" click Yes.

5. You will be prompted for a destination folder to unzip to. Keep the default (C:\VIPRERESCUE), make sure the checkbox for "When done unzipping open: .\deep_scan.bat" is NOT checked, and then click Unzip.

6. Go to c:\VIPRERESCUE folder by typing following commands:
c:
cd\VIPRERESCUE


7. Type following command and wait for scanner to complete its run:
viprerescuescanner /deep /log

That will generate results log file in xml format into Vipre folder (c:\VIPRERESCUE). Type exit to exit from command prompt and reboot system back into normal mode.

Archive Vipre log (xml file with datetime corresponding the time of Vipre run should be in c:\VIPRERESCUE) into a zip file and attach the file to your post.

---

Then do the following:

  • Double click on OTL icon on the desktop to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Copy-paste following contents into custom scan -area:
    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
 
OTL.txt

OTL logfile created on: 5/1/2010 11:17:33 PM - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\User 1\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.60 Gb Total Space | 175.91 Gb Free Space | 47.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 4.25 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVENG
Current User Name: User 1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\User 1\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Greatis\RegRunSuite\watchdog.exe (Greatis Software)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\SysWOW64\regsvr32.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\User 1\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV:64bit: - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV:64bit: - (TuneUp.Defrag) -- C:\Windows\SysNative\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software GmbH)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software GmbH)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 09:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (Capture Device Service) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\DRIVERS\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (ALWIL Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (ALWIL Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (ALWIL Software)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\DRIVERS\RTL8187.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (athrusb6) -- C:\Windows\SysNative\DRIVERS\athrxu6.sys (Atheros Communications, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (RegGuard) -- C:\Windows\SysWOW64\drivers\regguard.sys (Greatis Software)
DRV - (Partizan) -- C:\Windows\system32\drivers\Partizan.sys (Greatis Software)
DRV - (CSC) -- C:\Windows\CSC [2008/12/26 23:51:04 | 000,000,000 | ---D | M]
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledItems: {9CE11043-9A15-4207-A565-0C94C42D590D}:11.3.7.0
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0
FF - prefs.js..extensions.enabledItems: {8a39fe10-f553-11dd-87af-0800200c9a66}:1.2
FF - prefs.js..extensions.enabledItems: {50931610-3d8e-11dd-ae16-0800200c9a66}:1.0
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/26 19:14:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/25 04:12:05 | 000,000,000 | ---D | M]

[2008/12/30 23:04:44 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\mozilla\Extensions
[2010/05/01 16:09:56 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions
[2009/10/16 03:34:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/15 13:27:52 | 000,000,000 | ---D | M] (zblack) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
[2008/12/26 21:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/04 16:05:08 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/06/08 13:18:23 | 000,000,000 | ---D | M] (Proto_Dust) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{8a39fe10-f553-11dd-87af-0800200c9a66}
[2009/07/15 13:28:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/15 13:27:52 | 000,000,000 | ---D | M] (PitchDark) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010/04/04 16:04:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/04 16:05:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/01/19 22:16:39 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\moveplayer@movenetworks.com
[2009/04/29 16:39:29 | 000,001,739 | ---- | M] () -- C:\Users\User 1\AppData\Roaming\Mozilla\FireFox\Profiles\kuky3h7i.default\searchplugins\aim-search-1.xml
[2008/12/31 21:40:04 | 000,001,739 | ---- | M] () -- C:\Users\User 1\AppData\Roaming\Mozilla\FireFox\Profiles\kuky3h7i.default\searchplugins\aim-search.xml
[2009/03/30 13:47:24 | 000,000,655 | ---- | M] () -- C:\Users\User 1\AppData\Roaming\Mozilla\FireFox\Profiles\kuky3h7i.default\searchplugins\yahoo-search.xml
[2010/05/01 16:09:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/26 19:19:23 | 000,000,000 | ---D | M] (Adobe Flash Plugin) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/04/26 19:15:19 | 000,000,792 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (hotrevenue browser enhancer) - {C0745218-B667-F3F7-89AD-8848B9927739} - C:\Windows\SysWOW64\pxdbmdsqgpfnqf.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ezLife] File not found
O4 - HKLM..\Run: [vsvoczrnnqhsbpb] C:\Windows\SysWow64\pxdbmdsqgpfnqf.dll ()
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Users\User 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\User 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImpulseNow.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 9xsl = C:\Users\USER1~1\AppData\Local\Temp\77wi.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (hiwazedo.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\systemnative\userinit.exe) - c:\windows\systemnative\userinit.exe File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User 1\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\User 1\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - C:\Windows\system32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msseces.exe: Debugger - C:\Windows\system32\svchost.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - C:\Program Files (x86)\Greatis\RegRunSuite\RRShell.dll (Greatis Software, LLC)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/04/26 19:27:00 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/11/02 01:00:00 | 000,000,122 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4f0896b3-d3c9-11dd-acc0-ec17fc053c83}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\{4f0896b3-d3c9-11dd-acc0-ec17fc053c83}\Shell\phone\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Setup.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\SETUP.EXE -- File not found
O33 - MountPoints2\I\Shell\configure\command - "" = I:\SETUP.EXE -- File not found
O33 - MountPoints2\I\Shell\install\command - "" = I:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\Windows\SysWow64\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Value error. File not found

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/12/27 02:31:58 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/12/27 02:32:13 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/05/01 21:09:04 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2010/05/01 18:58:08 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\User 1\Desktop\OTL.exe
[2010/05/01 18:57:40 | 000,000,000 | ---D | C] -- C:\Vipretemp
[2010/04/28 22:51:27 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Local\Apple
[2010/04/28 22:48:04 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Local\Apple Computer
[2010/04/28 17:22:41 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Local\Adobe
[2010/04/27 20:29:49 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Local\AIM
[2010/04/27 20:29:44 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Local\AOL
[2010/04/27 15:52:36 | 000,000,000 | ---D | C] -- C:\Users\User 1\Desktop\dds
[2010/04/26 20:28:57 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Local\Threat Expert
[2010/04/26 20:24:40 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/04/26 20:24:39 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/04/26 20:24:39 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll.old
[2010/04/26 20:24:39 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/04/26 20:18:07 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010/04/26 20:18:07 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010/04/26 20:18:04 | 000,218,056 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010/04/26 20:17:59 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010/04/26 20:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010/04/26 20:17:52 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Roaming\PC Tools
[2010/04/26 20:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/04/26 20:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/04/26 19:31:52 | 000,000,000 | ---D | C] -- C:\Windows\RestoreSafeDeleted
[2010/04/26 19:28:23 | 000,024,416 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\drivers\regguard.sys
[2010/04/26 19:27:00 | 000,000,000 | RHSD | C] -- C:\desktop.ini
[2010/04/26 19:27:00 | 000,000,000 | RHSD | C] -- C:\comment.htt
[2010/04/26 19:27:00 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/04/26 19:26:22 | 000,037,600 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\Partizan.exe
[2010/04/26 19:26:22 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2010/04/26 19:26:16 | 000,000,000 | ---D | C] -- C:\Users\User 1\Documents\RegRun2
[2010/04/26 19:25:20 | 001,385,184 | ---- | C] (Greatis Software) -- C:\Windows\RunGuard.exe
[2010/04/26 19:25:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2010/04/26 19:25:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Greatis
[2010/04/26 19:19:24 | 000,000,000 | -HSD | C] -- C:\Users\User 1\AppData\Roaming\SystemProc
[2010/04/26 19:14:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ezLife
[2010/04/26 19:13:48 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Roaming\57FEB2771E017424312E3F6F5A51A206
[2010/04/25 02:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/04/15 03:02:57 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/15 03:02:37 | 000,602,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/04/15 03:02:37 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/04/15 03:02:36 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codecp.acm
[2010/04/15 03:02:36 | 000,181,760 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\l3codecp.acm
[2010/04/15 03:02:36 | 000,072,192 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\l3codeca.acm
[2010/04/15 03:02:36 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codeca.acm
[2010/04/14 12:41:10 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/04/14 12:41:10 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/04/14 12:41:09 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/04/14 12:41:09 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/04/05 13:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/05 13:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/05 13:50:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/04/05 13:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/04/05 13:48:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/04/05 13:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/01 23:21:09 | 003,670,016 | -HS- | M] () -- C:\Users\User 1\NTUSER.DAT
[2010/05/01 23:14:15 | 000,695,028 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/01 23:14:15 | 000,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/01 23:14:15 | 000,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/01 23:10:13 | 000,066,702 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/05/01 23:10:13 | 000,066,702 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/05/01 23:09:55 | 000,003,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/01 23:09:55 | 000,003,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/05/01 23:09:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/01 23:09:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/01 23:08:53 | 000,524,288 | -HS- | M] () -- C:\Users\User 1\NTUSER.DAT{d2ff25c6-24f5-11df-b51f-001bfc43aaeb}.TMContainer00000000000000000001.regtrans-ms
[2010/05/01 23:08:53 | 000,065,536 | -HS- | M] () -- C:\Users\User 1\NTUSER.DAT{d2ff25c6-24f5-11df-b51f-001bfc43aaeb}.TM.blf
[2010/05/01 21:04:23 | 000,024,416 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\drivers\regguard.sys
[2010/05/01 19:05:56 | 003,928,622 | -H-- | M] () -- C:\Users\User 1\AppData\Local\IconCache.db
[2010/05/01 19:05:49 | 000,000,004 | ---- | M] () -- C:\Program Files (x86)\187560.dat
[2010/05/01 18:58:08 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\User 1\Desktop\OTL.exe
[2010/05/01 17:13:16 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/05/01 17:13:16 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/04/30 16:24:42 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/30 15:47:57 | 000,001,118 | ---- | M] () -- C:\Windows\SysWow64\Partizan.RRI
[2010/04/28 10:24:22 | 003,308,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/04/27 16:25:20 | 000,004,100 | -H-- | M] () -- C:\Windows\SysWow64\mesideke
[2010/04/27 04:16:28 | 000,050,990 | ---- | M] () -- C:\Windows\SysWow64\eqpcpcyydhhaueen.exe
[2010/04/26 20:18:02 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/04/26 20:14:55 | 000,016,488 | -HS- | M] () -- C:\Users\User 1\AppData\Local\Do6pd
[2010/04/26 20:14:55 | 000,016,488 | -HS- | M] () -- C:\ProgramData\Do6pd
[2010/04/26 19:26:42 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2010/04/26 19:26:42 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2010/04/26 19:26:22 | 000,037,600 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\Partizan.exe
[2010/04/26 19:26:22 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2010/04/26 19:25:20 | 000,000,879 | ---- | M] () -- C:\Users\User 1\Desktop\RegRun Control Center.lnk
[2010/04/26 19:16:22 | 000,017,076 | -HS- | M] () -- C:\Users\User 1\AppData\Local\KLry0l
[2010/04/26 19:16:22 | 000,017,076 | -HS- | M] () -- C:\ProgramData\KLry0l
[2010/04/25 19:57:21 | 000,000,680 | ---- | M] () -- C:\Users\User 1\AppData\Local\d3d9caps.dat
[2010/04/25 04:12:07 | 000,001,419 | ---- | M] () -- C:\Users\User 1\Desktop\DivX Movies.lnk
[2010/04/25 00:39:20 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/04/23 08:06:42 | 000,381,952 | ---- | M] () -- C:\Windows\SysWow64\pxdbmdsqgpfnqf.dll
[2010/04/22 15:05:59 | 000,010,852 | ---- | M] () -- C:\Users\User 1\Documents\planning.docx
[2010/04/21 23:54:52 | 000,024,576 | ---- | M] () -- C:\Users\User 1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/01 19:05:49 | 000,000,004 | ---- | C] () -- C:\Program Files (x86)\187560.dat
[2010/04/30 19:25:41 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/04/30 19:25:41 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/04/30 15:50:42 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At24.job
[2010/04/30 15:50:42 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At23.job
[2010/04/30 15:50:41 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At22.job
[2010/04/30 15:50:40 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At21.job
[2010/04/30 15:50:40 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At20.job
[2010/04/30 15:50:39 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At19.job
[2010/04/30 15:50:38 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At18.job
[2010/04/30 15:50:38 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At17.job
[2010/04/30 15:50:37 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At16.job
[2010/04/30 15:50:37 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At15.job
[2010/04/30 15:50:35 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At14.job
[2010/04/30 15:50:35 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At13.job
[2010/04/30 15:50:34 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At12.job
[2010/04/30 15:50:33 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At11.job
[2010/04/30 15:50:32 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010/04/30 15:50:32 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010/04/30 15:50:31 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010/04/30 15:50:31 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010/04/30 15:50:30 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010/04/30 15:50:30 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010/04/30 15:50:29 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/04/30 15:50:26 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/04/30 15:50:26 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/04/30 15:50:26 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/04/26 20:24:41 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/04/26 20:24:40 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/04/26 20:24:40 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/04/26 20:24:40 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/04/26 20:24:40 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/04/26 20:18:07 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010/04/26 20:18:04 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010/04/26 20:18:02 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/04/26 20:17:59 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010/04/26 20:17:54 | 000,369,248 | ---- | C] () -- C:\Users\User 1\AppData\Local\dd_vcredistMSI083B.txt
[2010/04/26 20:17:54 | 000,011,246 | ---- | C] () -- C:\Users\User 1\AppData\Local\dd_vcredistUI083B.txt
[2010/04/26 20:17:54 | 000,010,578 | ---- | C] () -- C:\Users\User 1\AppData\Local\dd_vcredistUI083C.txt
[2010/04/26 20:08:06 | 000,016,488 | -HS- | C] () -- C:\Users\User 1\AppData\Local\Do6pd
[2010/04/26 20:08:06 | 000,016,488 | -HS- | C] () -- C:\ProgramData\Do6pd
[2010/04/26 19:30:15 | 000,001,118 | ---- | C] () -- C:\Windows\SysWow64\Partizan.RRI
[2010/04/26 19:26:42 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2010/04/26 19:26:42 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2010/04/26 19:25:20 | 000,057,556 | ---- | C] () -- C:\Windows\guard.bmp
[2010/04/26 19:25:20 | 000,020,192 | ---- | C] () -- C:\Windows\WinBait.org
[2010/04/26 19:25:20 | 000,020,192 | ---- | C] () -- C:\Windows\winbait .exe
[2010/04/26 19:25:20 | 000,000,879 | ---- | C] () -- C:\Users\User 1\Desktop\RegRun Control Center.lnk
[2010/04/26 19:14:04 | 000,050,990 | ---- | C] () -- C:\Windows\SysWow64\eqpcpcyydhhaueen.exe
[2010/04/26 19:13:48 | 000,017,076 | -HS- | C] () -- C:\Users\User 1\AppData\Local\KLry0l
[2010/04/26 19:13:48 | 000,017,076 | -HS- | C] () -- C:\ProgramData\KLry0l
[2010/04/22 14:31:21 | 000,010,852 | ---- | C] () -- C:\Users\User 1\Documents\planning.docx
[2010/04/15 06:58:44 | 000,381,952 | ---- | C] () -- C:\Windows\SysWow64\pxdbmdsqgpfnqf.dll
[2010/04/05 13:50:32 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/10/02 21:19:09 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/09/25 18:21:54 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2009/09/23 18:58:59 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/23 18:58:05 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/01/10 00:02:01 | 001,073,152 | ---- | C] () -- C:\Windows\SysWow64\libmysql_c.dll
[2009/01/04 16:42:25 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/12/27 02:49:22 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/12/27 02:49:22 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/12/27 02:49:22 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/12/27 02:49:22 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/12/27 02:49:22 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/12/27 02:49:22 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/12/27 01:20:22 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/12/26 23:37:06 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2002/03/16 20:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000071.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/12/26 23:48:03 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/05/01 14:16:29 | 000,000,079 | ---- | M] () -- C:\DVDPATH.TXT
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/03/17 06:41:22 | 000,171,136 | RHS- | M] () -- C:\grldr
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/11/15 15:20:05 | 000,001,105 | -H-- | M] () -- C:\IPH.PH
[2010/05/01 23:09:47 | 3802,460,160 | -HS- | M] () -- C:\pagefile.sys
[2010/04/26 20:07:09 | 000,001,724 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_26.04.2010_20.07.09_log.txt
[2010/04/26 20:07:19 | 000,001,724 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_26.04.2010_20.07.19_log.txt
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/26 19:26:22 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\SysWOW64\drivers\Partizan.sys
[2010/05/01 21:04:23 | 000,024,416 | ---- | M] (Greatis Software) -- C:\Windows\SysWOW64\drivers\regguard.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
 
Extras.txt

OTL Extras logfile created on: 5/1/2010 11:17:33 PM - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\User 1\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.60 Gb Total Space | 175.91 Gb Free Space | 47.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 4.25 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVENG
Current User Name: User 1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Value error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = EF 08 F8 D7 ED 67 C9 01 [binary data]
"VistaSp2" = 80 4D 73 1F 19 4C CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3676554984-1807389713-3211740643-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D1DA13-2828-4E2B-84BE-9F7071DA6EEA}" = lport=445 | protocol=6 | dir=in | app=system |
"{166799D3-A635-4562-AF82-A49ABF6B3526}" = lport=6117 | protocol=17 | dir=in | name=wc3-u6117 |
"{1CAE8886-FF44-4BD6-8F10-F647651F110A}" = lport=6112 | protocol=17 | dir=in | name=wc3-u6112 |
"{242C38EB-4266-43E2-B021-52D78ED4F944}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2A7ACCA6-38BA-44E5-BF18-08D18FCB6427}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{318073B5-0A9F-4B2D-AAAC-05AECD1D739D}" = lport=6118 | protocol=17 | dir=in | name=wc3-u6118 |
"{32393AC4-8D4B-4884-8DFF-813C9FE24810}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{326561E1-172C-457C-8453-87D83377C021}" = lport=80 | protocol=17 | dir=in | name=udp port 80 |
"{33065736-9F89-4615-8A7C-0EB494027367}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{35D7DA92-F1C2-4F47-A54C-5FA068AFB3A8}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{3B6A3575-E975-41AB-A98C-CA7E59E4D6DE}" = lport=6119 | protocol=17 | dir=in | name=wc3- u6119 |
"{4768847C-158A-45B5-9DAA-A9F82620BA6D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{4A91A663-4147-4B3A-86DA-A4FA598279CE}" = lport=6114 | protocol=17 | dir=in | name=wc3-u6114 |
"{4AFEE968-324B-46C0-89B1-9AB435988D69}" = lport=6116 | protocol=6 | dir=in | name=wc3-6116 |
"{4E7E8A45-EB02-4C6F-9FB7-75CDD19FE56D}" = rport=445 | protocol=6 | dir=out | app=system |
"{568581F6-982C-4EF2-9F93-244B0CC26C48}" = lport=6112 | protocol=6 | dir=in | name=wc3-6112 |
"{57792218-0923-496E-B721-B4D4F9856995}" = lport=6667 | protocol=6 | dir=in | name=mirc |
"{5B0F1DC0-A4FA-401F-A0A6-4567A5B0F9C9}" = lport=3724 | protocol=6 | dir=in | name=wowserver- 3724 |
"{67C3D02F-26F3-4938-93D0-D69393EAE5E9}" = lport=6113 | protocol=6 | dir=in | name=wc3-6113 |
"{73283694-3A69-4EE0-AD09-CE00B080683E}" = lport=3074 | protocol=17 | dir=in | name=udp port 3074 |
"{86535AC1-6EEB-4113-A3A1-31B7FCBF071A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8D546349-5C7F-41F5-84D9-BBE37E149A4B}" = rport=139 | protocol=6 | dir=out | app=system |
"{A2828E97-4120-41FA-AA8D-B90EA37816A8}" = lport=6117 | protocol=6 | dir=in | name=wc3-6117 |
"{A5BEC5A2-8E46-4319-8FBB-376AA8E00957}" = lport=138 | protocol=17 | dir=in | app=system |
"{A677F672-DAED-44DA-9AE7-A9D5616DAB95}" = lport=6116 | protocol=17 | dir=in | name=wc3-u6116 |
"{A6D3ED70-CD7C-42C1-90A3-DDB585C15EA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B36887B9-D588-4886-820F-A7CB2229A236}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B7725877-8D6F-46BC-99A2-8EA89DC87424}" = rport=138 | protocol=17 | dir=out | app=system |
"{C800C88B-FAB5-4921-BBBA-794D52DEE214}" = lport=3306 | protocol=17 | dir=in | name=wowserver -3306 |
"{C9004D37-C869-492C-A824-31C724561426}" = lport=139 | protocol=6 | dir=in | app=system |
"{D3C38C22-B27E-4DC3-A4C9-89AAE3F2A547}" = lport=6115 | protocol=6 | dir=in | name=wc3-6115 |
"{D762C389-CCBE-4AB9-94DE-D40EDE2F3825}" = rport=137 | protocol=17 | dir=out | app=system |
"{D9484782-A500-4ECF-B4EE-4CA2BFC83A3B}" = lport=6119 | protocol=6 | dir=in | name=wc3-6119 |
"{DAB35803-0BB4-44E7-8B72-9316AA84253A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DC263145-D952-47E4-B54A-3E90CB773FFD}" = lport=6113 | protocol=17 | dir=in | name=wc3-u6113 |
"{E64FAE7C-CDBE-4B29-A70B-3634C8FEAE85}" = lport=6118 | protocol=6 | dir=in | name=wc3-6118 |
"{E7DFE641-E283-4284-B5EC-CA07BB3B769C}" = lport=137 | protocol=17 | dir=in | app=system |
"{E9BFAA49-D00E-4660-B005-C972209E4265}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EB618777-0BAF-4D7F-A3A5-F721FFD93BF1}" = lport=3724 | protocol=17 | dir=in | name=wowserver -3724 |
"{F26A695A-1F7D-48B2-B7F3-DAAF68D882F5}" = lport=6114 | protocol=6 | dir=in | name=wc3-6114 |
"{F6B8B70A-911C-4F82-9694-3686D41369A7}" = lport=3306 | protocol=6 | dir=in | name=wowserver -3306 |
"{F7648077-1E3E-44F8-99CC-3964EDECB36C}" = lport=6667 | protocol=17 | dir=in | name=mirc |
"{F879CE17-B4D2-4F54-BC23-01A245C6BB4A}" = lport=6115 | protocol=17 | dir=in | name=wc3-u6115 |
"{FFB3F800-C793-4A8C-BEA9-CAE20266A4DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0108B6A5-405B-448E-89A7-7F5D372DDC00}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{041D5E75-9C89-4E36-BFA0-6D7F3A5896E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{05E5F4D8-8047-4037-A6E0-355BC3F2AA74}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{07CD643A-C6C9-465F-B21D-6D89A4335352}" = protocol=17 | dir=in | app=c:\users\user 1\appdata\roaming\mjusbsp\magicjack.exe |
"{07FB4D73-0669-4077-B6B3-006DF8F89666}" = protocol=6 | dir=in | app=c:\windows\syswow64\explorer.exe |
"{0C544971-683F-4288-AD4E-382DD2F0B062}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{18B52118-059E-46B7-B3FA-5C12984E6DB6}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\demigod\bin\demigod.exe |
"{1CA73980-F81D-42C2-B32B-0F27C62E8A26}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{1E185594-48CD-4D02-9623-A2DC807A1C13}" = protocol=17 | dir=in | app=c:\program files\alwil software\avast4\ashserv.exe |
"{20F4F68A-5BAF-4022-91BE-CBBFE0B381F7}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{2B481661-458D-45F8-9E1D-A3164968A615}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{2E3B73D6-AC53-4904-97A0-02BB6AF8AD1A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{3C19DED6-46F3-4238-A54F-B4C3720F369B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3F5CE00A-A68C-48F3-8344-CB2A6F360024}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\ituneshelper .exe |
"{4649413E-94BD-4D12-B1B1-0E25082F31E0}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow.exe |
"{4899C267-E411-4DF7-A149-915EFC158B32}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{4954450C-AB34-4AC6-B7A3-DB693E843425}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4C436BFE-501A-4968-8C70-D0C314E4CC1D}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{50118E49-F479-4BB4-AA07-861007CE981C}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{54896F8D-8194-4DD4-9AD9-F6F9E79596C1}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{55B657ED-4634-4238-AFE7-DE83CC5F84E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{575E9073-31F2-435D-A011-7AB6A8CF03D0}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{58009181-1CAE-4D34-9E1E-D6525D906280}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{58504A4E-7EB8-47DF-9E0E-C49CAF72FE8F}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{5C1BEA9C-3698-4886-A82C-9355C9205D7B}" = protocol=6 | dir=in | app=c:\program files\alwil software\avast4\ashdisp.exe |
"{5D55D7DB-5EA0-4CA3-82A6-371697D5C877}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{66B054D4-26D3-4A0E-AEA3-8233830F84D1}" = protocol=6 | dir=in | app=c:\program files\alwil software\avast4\ashserv.exe |
"{676B3DCA-FD32-4362-BEAA-BDB453AA5462}" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\warcraft iii.exe |
"{68924335-F39D-4BA2-BD90-D443B5DFB186}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{69C410C7-B470-4BC5-8632-A1D448342E44}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prototype\prototypef.exe |
"{6B1E6848-10FC-40A8-B740-B3C91F984398}" = protocol=17 | dir=in | app=c:\users\user 1\downloads\utorrent.exe |
"{6CB5E5F0-BF7F-49D2-97F4-46D6126CEE2C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{6CBD3052-7169-46F3-A67D-19A5CE29EF6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6D08E1B6-04BA-4A29-8342-4D29A951B5C7}" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\frozen throne.exe |
"{6E8D354A-FFC8-4517-A3B3-F729C1E89486}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{6F1A7A04-AA86-4233-82A4-50925658472D}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow.exe |
"{6FE96DB0-9718-4326-B214-4F582B828225}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe |
"{78EE0B2B-D862-49C6-BB0C-4A7A0B110E2E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{796CB195-2C01-4525-B276-CA63BDCD2886}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7C1E5EF8-715D-4B16-A7AD-489D4DA6A4FA}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"{7E470E9B-43C5-476B-BDFC-9EFCC86629F3}" = protocol=17 | dir=in | app=c:\program files\alwil software\avast4\ashserv.exe |
"{7E9C0FA9-A3FA-4317-A9FA-7A146731AC25}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{819CE24F-8DCE-42A2-B73C-7BCD98C272AE}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"{83507550-9EBB-4827-88C1-3C8C4B3C82D2}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{84655CEC-338C-4EEC-8347-3A9AFC60B68D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe |
"{8E94345C-8B7E-48C0-8E34-B6E37AB01340}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{914B99CF-34A6-4552-BD4D-9F7B692E18CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9695534F-AEB6-4F0F-BF26-BE24BAA7B020}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{975B4F74-A0E7-45C1-BCF7-268EC901B842}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{99E0B211-12B0-4966-AE08-D28BAFFC04FE}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\ituneshelper .exe |
"{A62D8F54-98B3-4C97-909B-D717876AE2B3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{A6304B87-A84B-40E3-B907-AAEEAB05DB56}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A71E9940-D481-45CD-BBD1-29D5A9ABA38C}" = protocol=6 | dir=in | app=c:\users\user 1\downloads\utorrent.exe |
"{A7D2A1A6-BAB4-4331-9F3D-469DF0D13CE4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AB59D384-352F-4E7D-B150-B57E78F902A5}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{AE47AF00-3293-4E22-9949-40F98ABD4AC4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B129538B-10EA-4433-9219-7B9A44E95556}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BC41FE39-DA3C-4FDE-9786-D69E49D1AAC6}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe |
"{C2B836CF-24D7-4074-9980-5EBE5500738D}" = protocol=6 | dir=in | app=c:\program files\alwil software\avast4\ashdisp.exe |
"{C428D2DC-8065-492F-B2AD-F2286B9888F5}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{C4CFDBC4-52FC-45BB-99C1-B9689369705E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{CE6C7BFB-D922-4126-9071-C36042A457BD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe |
"{CF113C36-5A50-4236-BB9E-B5636EC5CE28}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{CFC420E1-C3D2-43CF-8212-9475A5F373C8}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D398DBD0-5C83-4B73-B263-6AAE9AAF8EBA}" = protocol=6 | dir=in | app=c:\program files\alwil software\avast4\ashserv.exe |
"{D61168D8-1000-4E4A-874C-62FB24CED83F}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"{D6433413-8243-4EED-A31A-3CD8D531701D}" = protocol=17 | dir=in | app=c:\program files\alwil software\avast4\ashdisp.exe |
"{DA5A6671-6334-4021-9082-F254EEC13C4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DAAB6932-FA53-4DC9-93B0-A2A30B966534}" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\warcraft iii.exe |
"{DC0FA12C-8440-4A7D-9B2D-3E69B3A48E89}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DE83C026-77EA-45EF-9EBC-A41810E2EBF6}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{E0BA9B43-9120-42A1-8294-1ADD24BFA934}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{E1F4064D-17FD-4F5D-A0D1-5423FF50A4B2}" = protocol=17 | dir=in | app=c:\program files\alwil software\avast4\ashdisp.exe |
"{E3E5E284-38C3-4752-8229-7ACA0D69A2AA}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"{E4A28655-522C-4504-9E4C-77F2692B7BBD}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\ituneshelper .exe |
"{E4FE2AB9-7450-40AE-A65F-5659C52A3D77}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{E7687FE5-4E26-485C-932C-C217A663AE27}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\demigod\bin\demigod.exe |
"{EE971B15-4135-431E-9B63-43F705660766}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F71D0D21-AF06-4172-8E57-81DD0EBBD6DD}" = protocol=6 | dir=in | app=c:\users\user 1\appdata\roaming\mjusbsp\magicjack.exe |
"{F8207626-6BF6-4AAA-BBDE-903F6D447CA2}" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\frozen throne.exe |
"{FAB8237A-0F73-4FD8-8392-4D8DFAE94D86}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{FBD0BE0F-A924-4211-9491-B09EC1FF3A93}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\ituneshelper .exe |
"{FD7F56AC-A984-4BEF-818C-8CF700AD741E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{FF1CDC77-2DCF-445F-9FEE-03F98896BB1A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prototype\prototypef.exe |
"TCP Query User{0501A21E-0321-4EFD-9537-FFEB1D23BC92}C:\users\user 1\desktop\koc\mircb_lacn\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\users\user 1\desktop\koc\mircb_lacn\mirc\mirc.exe |
"TCP Query User{0FC6C907-68DB-4960-AF58-9808D57E9EE3}C:\users\user 1\desktop\koc\mircb_lacn\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\users\user 1\desktop\koc\mircb_lacn\mirc\mirc.exe |
"TCP Query User{147C1228-107E-4C3D-AC7C-0850F7F39B0F}C:\arcemu\database\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=c:\arcemu\database\bin\mysqld-nt.exe |
"TCP Query User{19C2D545-924B-416D-845D-D9DC89191503}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe |
"TCP Query User{20AAD504-C4BB-4540-9BB2-958ADCFA90CC}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"TCP Query User{376BCFCE-5F2E-4586-AB71-40319062233B}C:\users\user 1\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\user 1\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{43B0DE91-8805-4B6A-A17B-2CA71003E904}C:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"TCP Query User{45249871-3C06-40BB-99BF-840B5CBFF3A7}C:\users\user 1\downloads\mircb_lacn\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\users\user 1\downloads\mircb_lacn\mirc\mirc.exe |
"TCP Query User{49FF4ACA-4820-43FA-B128-5D0FC3894546}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{54ABEC19-6FD5-485E-921B-FC601656AEBB}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{675AAC1B-D814-4F05-B619-279B4DB50673}C:\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\arcemu\arcemu-logonserver.exe |
"TCP Query User{84A01C05-E6A7-46C9-9728-D847919469E0}C:\program files (x86)\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"TCP Query User{8AFDC63D-E395-4C10-8515-266C6032A0A1}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{8BDF7249-F4B6-4EF4-B2EB-575B747FF314}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"TCP Query User{978B7816-BD98-4F56-92D4-5CC385CC6CF0}C:\users\user 1\downloads\mircb_lacn\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\users\user 1\downloads\mircb_lacn\mirc\mirc.exe |
"TCP Query User{A6E3BE5D-AB42-4311-BCA9-906008A0006A}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"TCP Query User{BA6E1E25-8621-4775-911B-D6153A128F95}C:\program files (x86)\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\repair.exe |
"TCP Query User{BCF87D14-E611-49F0-8A18-596B9EFA8F0D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{BF625C2D-8C51-423D-B478-4307C3204DA4}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{C09A775D-35C8-4A71-ACE7-03284B43FB76}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{CE7C99B3-2022-442E-9F07-D02BA2E1201F}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{D94A3C73-BE4E-4BD2-A4D0-9C156BFAE9F0}C:\users\user 1\desktop\mircb_lacn\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\users\user 1\desktop\mircb_lacn\mirc\mirc.exe |
"TCP Query User{F5615160-D567-4E67-AD6A-8E7A53D9E2CA}C:\3.0.3 server\emu\arcemu-world.exe" = protocol=6 | dir=in | app=c:\3.0.3 server\emu\arcemu-world.exe |
"TCP Query User{F7560A03-873B-4159-926B-30072C8AC39C}C:\3.0.3 server\emu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\3.0.3 server\emu\arcemu-logonserver.exe |
"TCP Query User{FB3EAD38-FD18-475C-AD3A-8E9CCE7CFFEA}C:\arcemu\arcemu-world.exe" = protocol=6 | dir=in | app=c:\arcemu\arcemu-world.exe |
"UDP Query User{0CD2DD1F-71CE-4DDF-AEA9-48C01588370B}C:\program files (x86)\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\repair.exe |
"UDP Query User{0CEF974C-82F8-4007-816B-075053BCFF00}C:\3.0.3 server\emu\arcemu-world.exe" = protocol=17 | dir=in | app=c:\3.0.3 server\emu\arcemu-world.exe |
"UDP Query User{170E6C4E-90F7-4D82-A22C-A5545A1C7FE1}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{19D46B13-9A09-4A8B-BEEC-2A148A29F3F0}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{2B213CB0-B581-4F3C-B1FA-792E66EDF511}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{34B287E1-DB97-4D99-B115-BAB5EC3F280C}C:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"UDP Query User{4A22DA1E-99F5-4422-BA1A-282100CFAAB3}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"UDP Query User{4E3FA7C9-86A8-4F36-953B-02099F2040E9}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{4F9A46E0-29D0-4D4A-99D7-7B749E1A21EA}C:\arcemu\arcemu-world.exe" = protocol=17 | dir=in | app=c:\arcemu\arcemu-world.exe |
"UDP Query User{77E5A5A1-2646-4D53-A8DD-875A24E83019}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"UDP Query User{79123890-A21D-4A5E-B81C-B80E5CB3111E}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe |
"UDP Query User{7A6F07AB-8F35-4178-B62D-970945B45282}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"UDP Query User{8C4F9592-7993-4A56-9295-392F311821B9}C:\3.0.3 server\emu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\3.0.3 server\emu\arcemu-logonserver.exe |
"UDP Query User{9C68DDD3-18A4-4473-B3DC-2BF8486803E2}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{A46F9ED7-FFFF-47E4-8739-97824A457D5A}C:\users\user 1\desktop\koc\mircb_lacn\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\users\user 1\desktop\koc\mircb_lacn\mirc\mirc.exe |
"UDP Query User{AD25A759-E0B2-4A55-9B33-988A17689F67}C:\arcemu\database\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=c:\arcemu\database\bin\mysqld-nt.exe |
"UDP Query User{ADE7F007-D4FA-4629-95E9-B2CBB0413038}C:\users\user 1\downloads\mircb_lacn\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\users\user 1\downloads\mircb_lacn\mirc\mirc.exe |
"UDP Query User{C1ACC2AE-0B44-4511-B380-241EDAB0FA06}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{CB7DA737-8732-4B2B-ABEE-A1B6D98548E9}C:\users\user 1\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\user 1\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{CC5C8479-928D-4DB2-AEB5-2269194BB01F}C:\users\user 1\downloads\mircb_lacn\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\users\user 1\downloads\mircb_lacn\mirc\mirc.exe |
"UDP Query User{CCDA7340-452A-415D-B608-E2988DF7170A}C:\users\user 1\desktop\koc\mircb_lacn\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\users\user 1\desktop\koc\mircb_lacn\mirc\mirc.exe |
"UDP Query User{D5ED75BD-6D94-4560-BDDF-448400D68B4F}C:\users\user 1\desktop\mircb_lacn\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\users\user 1\desktop\mircb_lacn\mirc\mirc.exe |
"UDP Query User{E228C3C2-3C46-449C-B017-BF59FCBE880B}C:\program files (x86)\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"UDP Query User{EAADF40D-733D-4A90-88BC-3FF6339C382B}C:\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\arcemu\arcemu-logonserver.exe |
"UDP Query User{EDC109CB-2865-4D06-9289-772A77E13975}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2E24D722-06C0-4315-BC57-7C9CD2F6179E}" = Vista Manager
"{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
"{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0166E190-92D7-482A-A220-DE8B7354383A}" = Demigod
"{01D76D8E-A496-4870-8357-87C6D2B5E807}" = MySQL Server 5.1
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1" = WC3Banlist
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"AIM_7" = AIM 7
"ALSee_is1" = ALSee
"ALUpdate_is1" = ALTools Update
"ASIO4ALL" = ASIO4ALL
"avast!" = avast! Antivirus
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"Collab" = Collab
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"DC-Bass Source" = DC-Bass Source 1.1.1
"Demigod" = Demigod
"DirectVobSub" = DirectVobSub (remove only)
"DivX Setup.divx.com" = DivX Setup
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"ENTERPRISE" = Microsoft Office Enterprise 2007
"eqpcpcyydhhaueen" = Performance Solution Hotrevenue
"ezLife" = ezLife browser enhancer
"FL Studio 8" = FL Studio 8
"HaaliMkx" = Haali Media Splitter
"hon" = Heroes of Newerth
"IL Download Manager" = IL Download Manager
"Impulse" = Impulse
"InstallShield_{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PoiZone" = PoiZone
"PowerISO" = PowerISO
"PremiumSoft Navicat 8.0 Lite for MySQL_is1" = PremiumSoft Navicat 8.0 Lite for MySQL
"RealMedia" = RealMedia (remove only)
"RegRun Security Suite_is1" = RegRun Security Suite Standard
"Runic Games Torchlight" = Torchlight
"SHOUTcast Source" = SHOUTcast Source (remove only)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = Spyware Doctor 7.0
"Steam App 10150" = Prototype
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"SystemRequirementsLab" = System Requirements Lab
"Toxic Biohazard" = Toxic Biohazard
"ViewpointMediaPlayer" = Viewpoint Media Player
"Warcraft III" = Warcraft III
"WhatPulse" = WhatPulse 1.6.2.1
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Octoshape Streaming Services" = Octoshape Streaming Services
"Warcraft III" = Warcraft III: All Products
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 10/17/2009 3:24:02 AM | Computer Name = StevenG | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\riched20.dll failed, 00000005.

Error - 11/3/2009 4:32:49 PM | Computer Name = StevenG | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User 1\AppData\Local\Adobe\Updater5\Install\versioncueclient3\VC_client_310_1.exe
failed, 00000005.

Error - 12/8/2009 11:41:31 AM | Computer Name = StevenG | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files (x86)\AIM\plds4.dll failed, 00000005.

Error - 1/27/2010 12:57:56 PM | Computer Name = StevenG | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files (x86)\Steam\WriteMiniDump.exe failed, 00000005.

Error - 3/3/2010 4:58:55 PM | Computer Name = StevenG | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files (x86)\Steam\dbghelp.dll failed, 00000005.

Error - 3/17/2010 2:12:33 PM | Computer Name = StevenG | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcr90.dll
failed, 00000005.

Error - 3/17/2010 2:12:41 PM | Computer Name = StevenG | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\SysWOW64\mfc42u.dll failed, 00000005.

Error - 4/7/2010 11:09:34 PM | Computer Name = StevenG | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User 1\AppData\Roaming\Microsoft\Office\Recent\seminar.LNK failed, 00000026.


Error - 4/24/2010 12:48:11 PM | Computer Name = StevenG | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files (x86)\Steam\SteamApps\common\dawn of war 2\WorldBuilder.exe failed,
00000005.

Error - 4/25/2010 1:31:43 PM | Computer Name = StevenG | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files (x86)\Steam\SteamApps\common\dawn of war 2\ChaosRisingGDF.dll
failed, 00000005.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
Hi again,

It seems your Adobe product isn't legit one. That's why I have to request you to uninstall Adobe CS3 and CS4 related programs.


Let's run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O4 - HKLM..\Run: [vsvoczrnnqhsbpb] C:\Windows\SysWow64\pxdbmdsqgpfnqf.dll ()
    O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
    O4 - HKLM..\RunOnceEx: [Title] File not found
    O20 - AppInit_DLLs: (hiwazedo.dll) - File not found
    O27 - HKLM IFEO\MpCmdRun.exe: Debugger - C:\Windows\system32\svchost.exe (Microsoft Corporation)
    O27 - HKLM IFEO\msseces.exe: Debugger - C:\Windows\system32\svchost.exe (Microsoft Corporation)
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{50118E49-F479-4BB4-AA07-861007CE981C}"=-
    "{68924335-F39D-4BA2-BD90-D443B5DFB186}"=-
    "{6B1E6848-10FC-40A8-B740-B3C91F984398}"=-
    "{A71E9940-D481-45CD-BBD1-29D5A9ABA38C}"=-
    :Files
    C:\Users\User 1\AppData\Roaming\57FEB2771E017424312E3F6F5A51A206
    C:\Windows\tasks\At9.job
    C:\Windows\tasks\At8.job
    C:\Windows\tasks\At7.job
    C:\Windows\tasks\At6.job
    C:\Windows\tasks\At5.job
    C:\Windows\tasks\At4.job
    C:\Windows\tasks\At3.job
    C:\Windows\tasks\At24.job
    C:\Windows\tasks\At23.job
    C:\Windows\tasks\At22.job
    C:\Windows\tasks\At21.job
    C:\Windows\tasks\At20.job
    C:\Windows\tasks\At2.job
    C:\Windows\tasks\At19.job
    C:\Windows\tasks\At18.job
    C:\Windows\tasks\At17.job
    C:\Windows\tasks\At16.job
    C:\Windows\tasks\At15.job
    C:\Windows\tasks\At14.job
    C:\Windows\tasks\At13.job
    C:\Windows\tasks\At12.job
    C:\Windows\tasks\At11.job
    C:\Windows\tasks\At10.job
    C:\Windows\tasks\At1.job
    C:\Program Files (x86)\187560.dat
    C:\Windows\SysWow64\mesideke
    C:\Windows\SysWow64\eqpcpcyydhhaueen.exe
    C:\Users\User 1\AppData\Local\Do6pd
    C:\ProgramData\Do6pd
    C:\Users\User 1\AppData\Local\KLry0l
    C:\ProgramData\KLry0l
    C:\Windows\SysWow64\pxdbmdsqgpfnqf.dll
    c:\program files (x86)\utorrent
    c:\users\user 1\downloads\utorrent.exe
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 20.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the downloaded Java setup file to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report.
 
Fixed with OTL, Updated Java and Ran ATF
Waiting on Kaspersky Scanner to finish...

Just wondering, do you want me to do another OTL scan and post the logs or just post the log from the fix?

I'll check this again tomorrow afternoon and post all the logs you need.
 
OTL Fix Log

This is only the fix logs, hopefully it's what you needed.


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vsvoczrnnqhsbpb deleted successfully.
C:\Windows\SysWOW64\pxdbmdsqgpfnqf.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Flags deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Title deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:hiwazedo.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe\ deleted successfully.
File move failed. C:\Windows\SysWOW64\svchost.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe\ deleted successfully.
File move failed. C:\Windows\SysWOW64\svchost.exe scheduled to be moved on reboot.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{50118E49-F479-4BB4-AA07-861007CE981C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50118E49-F479-4BB4-AA07-861007CE981C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{68924335-F39D-4BA2-BD90-D443B5DFB186} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68924335-F39D-4BA2-BD90-D443B5DFB186}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B1E6848-10FC-40A8-B740-B3C91F984398} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B1E6848-10FC-40A8-B740-B3C91F984398}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A71E9940-D481-45CD-BBD1-29D5A9ABA38C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A71E9940-D481-45CD-BBD1-29D5A9ABA38C}\ not found.
========== FILES ==========
C:\Users\User 1\AppData\Roaming\57FEB2771E017424312E3F6F5A51A206 folder moved successfully.
C:\Windows\tasks\At9.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At24.job moved successfully.
C:\Windows\tasks\At23.job moved successfully.
C:\Windows\tasks\At22.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At1.job moved successfully.
C:\Program Files (x86)\187560.dat moved successfully.
C:\Windows\SysWow64\mesideke moved successfully.
C:\Windows\SysWow64\eqpcpcyydhhaueen.exe moved successfully.
C:\Users\User 1\AppData\Local\Do6pd moved successfully.
C:\ProgramData\Do6pd moved successfully.
C:\Users\User 1\AppData\Local\KLry0l moved successfully.
C:\ProgramData\KLry0l moved successfully.
File\Folder C:\Windows\SysWow64\pxdbmdsqgpfnqf.dll not found.
c:\program files (x86)\uTorrent folder moved successfully.
File\Folder c:\users\user 1\downloads\utorrent.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 33096 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3389016 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: User 1
->Temp folder emptied: 95361124 bytes
->Temporary Internet Files folder emptied: 64009471 bytes
->Java cache emptied: 85435350 bytes
->FireFox cache emptied: 39453621 bytes
->Google Chrome cache emptied: 6360256 bytes
->Flash cache emptied: 334240 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
RecycleBin emptied: 52539 bytes

Total Files Cleaned = 281.00 mb


OTL by OldTimer - Version 3.2.4.0 log created on 05032010_160852

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysWOW64\svchost.exe scheduled to be moved on reboot.
C:\Users\User 1\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X8EDCKHM\4b9a814362279CAYVKRXL.htm moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X8EDCKHM\4b9a81cc7dc85CAB1G0PJ.htm moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X8EDCKHM\4bcf48bbcdc9b[10].htm moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4V59SGI\4b9a8176e55b9CA0EJ5S5.htm moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEF2KV8Z\4bd71e0978b46CAN0T2BE.htm moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEF2KV8Z\4bdaed56e1297CA44EBZS.htm moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEF2KV8Z\st[3] moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEF2KV8Z\st[4] moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEF2KV8Z\st[5] moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEF2KV8Z\st[6] moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEF2KV8Z\st[7] moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEF2KV8Z\st[8] moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEF2KV8Z\st[9] moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3T85N3O\101ktm[1].htm moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3T85N3O\4bd7046747fd2[3].htm moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3T85N3O\4bd9d59c13d44[5].htm moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A19HU3NX\4bd7046747fd2CATV5JMH.htm moved successfully.
File move failed. C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A19HU3NX\CAUAS5F9CA1J270ACADPG4HQCADROMIMCAMFC4MOCA6ABX23CAC1NCUUCALX1OSDCAFM25ZXCA1Q9Q46CAMUC4KFCALF8LK2CAUUBL3CCAT1KP10CANNTFVZCAKD8R1OCA6SDRWGCA8CV43UCA8X84A4CABV0NNM scheduled to be moved on reboot.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A19HU3NX\st moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A19HU3NX\st[10] moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A19HU3NX\st[11] moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3PS1JO5R\4b9a81cc7dc85[8].htm moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3PS1JO5R\4bd86ecfbc551CAR5OPVY.htm moved successfully.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, May 3, 2010
Operating system: Microsoft Windows Vista Ultimate Edition, 64-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, May 03, 2010 16:59:46
Records in database: 4038720
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
E:\
F:\

Scan statistics:
Objects scanned: 234522
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 03:00:03

No threats found. Scanned area is clean.

Selected area has been scanned.
 
Hi,

Please post a fresh OTL log too. Also, update MBAM database and run a quick scan with it. Post back the report. How's the system running?
 
Back
Top