Want to check my system the right way

jim45682 · Nov 20, 2010

new OTL scan log

OTL logfile created on: 11/20/2010 6:15:51 PM - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 101.87 Gb Free Space | 34.17% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Advanced System Optimizer 3\ASO3.exe (Systweak Inc., (www.systweak.com))
PRC - C:\Program Files (x86)\Advanced System Optimizer 3\systemprotector.exe (Systweak Inc., (www.systweak.com))
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe (Hewlett-Packard Co.)
PRC - C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

========== Modules (SafeList) ==========

MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (lxdm_device) -- C:\Windows\SysNative\lxdmcoms.exe ( )
SRV:64bit: - (lxdmCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdmserv.exe ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_5632d69.dll ()
SRV - (ASO3DiskOptimizer) -- C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe (Systweak Inc., (www.systweak.com))
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (lxdm_device) -- C:\Windows\SysWow64\lxdmcoms.exe ( )

========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (NPPTNT2) -- C:\Windows\SysNative\npptNT2.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (purendis) -- C:\Windows\SysNative\DRIVERS\purendis.sys (Cisco Systems, Inc.)
DRV:64bit: - (pnarp) -- C:\Windows\SysNative\DRIVERS\pnarp.sys (Cisco Systems, Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\DRIVERS\motmodem.sys (Motorola)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (p17filtx) -- C:\Windows\SysNative\drivers\p17filtx.sys (Sensaura)
DRV:64bit: - (P1764) -- C:\Windows\SysNative\drivers\P1764.sys (Creative Technology Ltd.)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (RTCore64) -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys ()
DRV - (TVICHW64) -- C:\Windows\SysWOW64\drivers\TVICHW64.SYS (EnTech Taiwan)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files (x86)\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/29 02:22:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/01 12:26:30 | 000,000,000 | ---D | M]

[2010/02/07 21:02:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2010/02/07 21:02:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/04/17 22:54:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/09/19 09:05:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions
[2009/09/19 09:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008/12/01 08:42:06 | 000,638,464 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\components\nsadzgalore.dll
[2008/10/14 21:33:30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

O1 HOSTS File: ([2010/11/19 20:17:14 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (Tensons.Application.DownloadAcceleratorManager.BHO) - {00000003-1118-11da-8cd6-0800200c9888} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files (x86)\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files (x86)\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Lexmark 5000 Series] C:\Program Files (x86)\Lexmark 5000 Series\fm3032.exe ()
O4 - HKLM..\Run: [P17Helper] C:\Windows\SysWow64\P17.DLL ()
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\dlm.exe (IGN Entertainment)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\Windows\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD44/J...05/&filename=jinstall-6u7-windows-i586-jc.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} http://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab (CanvasX Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://webcam.atomicmods.com/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: CabBuilder http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\Pictures\untitled.bmp
O24 - Desktop BackupWallPaper: C:\Users\Administrator\Pictures\untitled.bmp
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1

jim45682 · Nov 20, 2010

/04/16 22:33:31 | 000,192,464 | ---- | M] () - C:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2009/04/16 22:33:31 | 000,063,204 | ---- | M] () - C:\AUTO.pst -- [ NTFS ]
O33 - MountPoints2\{40bf6040-e7cd-11df-b939-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{40bf6040-e7cd-11df-b939-806e6f6e6963}\Shell\AutoRun\command - "" = J:\kochstart\kochstart.exe -- File not found
O33 - MountPoints2\{8425e4fb-161e-11df-b4e1-001d600c0762}\Shell - "" = AutoRun
O33 - MountPoints2\{8425e4fb-161e-11df-b4e1-001d600c0762}\Shell\AutoRun\command - "" = N:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (sasnative64) - File not found
O34 - HKLM BootExecute: (ettings...) - File not found
O34 - HKLM BootExecute: (ountPoints2\O\Shell) - File not found
O34 - HKLM BootExecute: (nts2\N\S) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/20 14:19:42 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Users\Administrator\Desktop\spywareblastersetup44.exe
[2010/11/20 12:42:48 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/19 20:09:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/19 20:07:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\erunt
[2010/11/19 14:48:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/11/13 16:53:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/13 16:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/11/11 15:42:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WMP Tag Plus
[2010/11/11 15:39:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xiph.Org
[2010/11/11 03:07:03 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010/11/11 03:07:03 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/11/09 20:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010/11/09 19:39:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Fallout3
[2010/11/09 19:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2010/11/09 19:26:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010/11/09 10:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/11/08 22:31:12 | 000,402,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvraiins.dll
[2010/11/08 22:31:12 | 000,402,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvraidco.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoPtb.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoIt.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoFr.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoEsm.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoEs.dll
[2010/11/08 22:31:12 | 000,018,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoDe.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoSv.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoRu.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoNo.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoNl.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoFi.dll
[2010/11/08 22:31:12 | 000,018,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoDa.dll
[2010/11/08 22:31:12 | 000,017,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoENU.dll
[2010/11/08 22:31:12 | 000,017,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoEng.dll
[2010/11/08 22:31:12 | 000,016,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoKo.dll
[2010/11/08 22:31:12 | 000,016,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoJa.dll
[2010/11/08 22:31:12 | 000,015,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoZht.dll
[2010/11/08 22:31:12 | 000,015,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvRCoZhc.dll
[2010/11/08 21:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/11/08 21:56:20 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/11/08 21:56:20 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/11/08 21:56:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/11/08 21:56:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/11/07 20:46:42 | 000,017,640 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\ROBoot64.exe
[2010/11/07 19:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/11/07 19:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2010/11/07 19:12:02 | 000,000,000 | ---D | C] -- C:\Windows\Repair
[2010/11/07 19:12:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Systweak
[2010/11/07 19:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Optimizer 3
[2010/11/07 19:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/11/07 19:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/07 19:02:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010/11/07 16:55:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010/11/03 23:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DeepSilver
[2010/11/03 23:42:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2010/11/03 00:44:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Strategy First
[2010/11/02 22:10:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Star Ruler
[2010/11/02 22:07:50 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/11/02 22:07:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Star Ruler
[2010/10/31 15:53:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\EA Games
[2010/10/31 14:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/10/29 11:30:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/10/29 11:16:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Games
[2010/10/29 10:51:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Sunbelt Software
[2010/10/29 10:50:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/10/29 01:54:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lighthouse Interactive
[2010/10/29 00:14:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\OsmosDemo
[2010/10/29 00:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2010/10/29 00:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OsmosDemo
[2010/10/27 23:31:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\wallpapers and junk
[2010/10/27 23:30:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\mioObjects
[2010/10/27 23:27:52 | 000,061,440 | ---- | C] (JGsoft - Just Great Software) -- C:\Windows\UnDeploy.exe
[2010/10/27 23:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proactive Information Corporation
[2010/10/27 23:25:44 | 000,000,000 | ---D | C] -- C:\Windows\3D Ocean Lite
[2010/10/27 23:23:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3D Butterfly
[2010/10/27 23:16:40 | 000,792,298 | ---- | C] (Axialis Software) -- C:\Windows\SysWow64\catsplay.scr
[2010/10/27 23:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bear Celebrates Free Screensaver
[2010/10/27 23:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FullScreensavers.com
[2010/10/27 23:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaversPlanet.com
[2010/10/27 23:07:22 | 001,057,280 | ---- | C] (7art-screensavers.com) -- C:\Windows\Moon Clock.scr
[2010/10/27 23:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7art
[2010/10/27 22:45:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\FreeStone Group
[2010/10/27 22:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Video Card Stability Test
[2010/10/27 17:14:15 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/10/27 17:14:15 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010/10/27 17:11:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\NVIDIA
[2010/10/27 16:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVGA Precision
[2010/10/27 16:07:09 | 000,255,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcohda6.dll
[2010/10/27 16:07:09 | 000,131,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2010/10/27 16:07:09 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2010/10/27 16:04:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/10/27 16:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/10/27 16:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/10/26 18:10:10 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/10/26 18:10:10 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/10/26 18:10:08 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/10/26 18:10:08 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/10/26 18:10:07 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/10/26 18:10:06 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/10/22 14:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra
[2010/10/22 11:57:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2008/11/09 19:36:35 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdminpa.dll
[2008/11/09 19:36:35 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmiesc.dll
[2008/11/09 19:36:34 | 000,950,272 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmusb1.dll
[2008/11/09 19:36:34 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmpmui.dll
[2008/11/09 19:36:33 | 001,200,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmserv.dll
[2008/11/09 19:36:33 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmcomc.dll
[2008/11/09 19:36:33 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmhbn3.dll
[2008/11/09 19:36:33 | 000,565,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmlmpm.dll
[2008/11/09 19:36:33 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmcomm.dll
[2008/11/09 19:36:33 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmprox.dll
[2002/04/11 03:41:06 | 000,065,536 | ---- | C] ( ) -- C:\Windows\SysWow64\A3D.DLL
[4 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/20 18:16:35 | 000,672,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/20 18:16:35 | 000,131,726 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/20 18:16:34 | 000,802,674 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/20 18:13:59 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/11/20 18:13:06 | 000,037,685 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/11/20 18:13:05 | 000,037,685 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/11/20 18:09:45 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/20 18:09:12 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/20 18:09:11 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/20 18:08:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/20 18:01:43 | 000,000,328 | ---- | M] () -- C:\Windows\SysWow64\UnifiedToolbarCleanup.bat
[2010/11/20 17:54:00 | 000,000,598 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Administrator.job
[2010/11/20 17:48:43 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2FE5C40A-E355-489E-B912-307BFB235DDC}.job
[2010/11/20 17:34:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/20 14:19:52 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Users\Administrator\Desktop\spywareblastersetup44.exe
[2010/11/20 04:52:03 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ASO-AntiSpyware.job
[2010/11/19 14:49:43 | 000,630,272 | ---- | M] () -- C:\Users\Administrator\Desktop\dds.scr
[2010/11/19 14:48:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/11/17 08:51:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ASO-SystemCleaner.job
[2010/11/17 07:44:05 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\ASO-RegistryCleaner.job
[2010/11/17 07:43:39 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\ASO-DiskOptimizer.job
[2010/11/16 09:55:01 | 000,000,769 | ---- | M] () -- C:\Users\Administrator\Desktop\World of Warcraft.lnk
[2010/11/13 17:20:06 | 000,004,035 | ---- | M] () -- C:\Users\Administrator\Documents\Attach.zip
[2010/11/13 16:53:12 | 000,000,943 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/11 16:12:27 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/11/11 16:12:27 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/11/11 16:12:27 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/11/11 16:12:27 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/11/08 21:51:27 | 000,000,877 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced System Optimizer.lnk
[2010/11/07 20:55:00 | 005,378,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/07 20:52:29 | 000,002,088 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2010/11/07 19:17:21 | 000,001,019 | ---- | M] () -- C:\Users\Administrator\Desktop\Adobe Photoshop CS5 (64 Bit).lnk
[2010/11/05 15:34:53 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/11/04 20:56:46 | 000,012,288 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/04 00:00:13 | 000,000,124 | ---- | M] () -- C:\Users\Administrator\Documents\ax_files.xml
[2010/11/03 23:42:56 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010/11/03 23:35:00 | 000,503,352 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/11/03 11:08:29 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/10/29 10:50:53 | 000,001,073 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/29 01:36:15 | 000,000,298 | ---- | M] () -- C:\Windows\vtmb.ini
[2010/10/27 23:43:36 | 000,000,130 | ---- | M] () -- C:\Windows\waterfalls.ini
[2010/10/27 23:30:24 | 000,359,431 | ---- | M] () -- C:\Windows\SysWow64\mioengine.exe
[2010/10/27 23:16:40 | 000,792,298 | ---- | M] (Axialis Software) -- C:\Windows\SysWow64\catsplay.scr
[2010/10/27 23:12:41 | 000,001,676 | ---- | M] () -- C:\Windows\unins000.dat
[2010/10/27 15:55:07 | 000,001,460 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2010/10/24 12:11:02 | 000,002,009 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/22 14:15:19 | 000,000,190 | ---- | M] () -- C:\Windows\ODBCINST.INI
[4 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/20 18:13:52 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/11/20 18:01:43 | 000,000,328 | ---- | C] () -- C:\Windows\SysWow64\UnifiedToolbarCleanup.bat
[2010/11/19 14:49:38 | 000,630,272 | ---- | C] () -- C:\Users\Administrator\Desktop\dds.scr
[2010/11/13 17:20:06 | 000,004,035 | ---- | C] () -- C:\Users\Administrator\Documents\Attach.zip
[2010/11/13 16:53:12 | 000,000,943 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/13 12:21:00 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\ASO-SystemCleaner.job
[2010/11/13 12:20:28 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\ASO-RegistryCleaner.job
[2010/11/13 12:19:55 | 000,000,472 | ---- | C] () -- C:\Windows\tasks\ASO-DiskOptimizer.job
[2010/11/13 12:18:44 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\ASO-AntiSpyware.job
[2010/11/09 19:28:16 | 000,028,089 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_depcheckdotnetfx30.txt
[2010/11/09 19:28:10 | 000,033,634 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_dotnetfx3install.txt
[2010/11/09 19:28:10 | 000,000,604 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_dotnetfx3error.txt
[2010/11/07 20:46:42 | 000,002,088 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2010/11/07 19:17:21 | 000,001,019 | ---- | C] () -- C:\Users\Administrator\Desktop\Adobe Photoshop CS5 (64 Bit).lnk
[2010/11/07 19:11:49 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2010/11/07 19:11:46 | 000,000,877 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced System Optimizer.lnk
[2010/11/04 00:00:13 | 000,000,124 | ---- | C] () -- C:\Users\Administrator\Documents\ax_files.xml
[2010/11/03 23:42:56 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010/11/03 23:35:00 | 000,503,352 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/11/02 22:07:58 | 000,417,272 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistMSI079C.txt
[2010/11/02 22:07:54 | 000,014,792 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI079C.txt
[2010/10/29 10:50:53 | 000,001,073 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/29 01:36:15 | 000,000,298 | ---- | C] () -- C:\Windows\vtmb.ini
[2010/10/27 23:43:24 | 000,000,130 | ---- | C] () -- C:\Windows\waterfalls.ini
[2010/10/27 23:39:54 | 003,446,272 | ---- | C] () -- C:\Windows\Light Driver 2.stg
[2010/10/27 23:39:54 | 000,794,624 | ---- | C] () -- C:\Windows\Light Driver 2.scr
[2010/10/27 23:39:54 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2010/10/27 23:30:25 | 000,359,431 | ---- | C] () -- C:\Windows\SysWow64\mioengine.exe
[2010/10/27 23:27:52 | 000,474,431 | ---- | C] () -- C:\Windows\SysWow64\Realtime Weather Screen Saver 4.02.scr
[2010/10/27 23:25:45 | 000,000,081 | ---- | C] () -- C:\Windows\3d-ocean-homepage.url
[2010/10/27 23:25:44 | 001,719,808 | ---- | C] () -- C:\Windows\Fantastic Ocean 3D Lite.scr
[2010/10/27 23:15:13 | 000,647,168 | ---- | C] () -- C:\Windows\SysWow64\bearfree.scr
[2010/10/27 23:12:41 | 000,001,676 | ---- | C] () -- C:\Windows\unins000.dat
[2010/10/27 16:29:18 | 000,037,685 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/10/27 16:29:17 | 000,037,685 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/10/27 16:01:23 | 000,010,932 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/10/24 12:11:02 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/10/24 12:11:02 | 000,002,009 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/22 14:15:19 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/10/13 08:26:30 | 000,367,906 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistMSI7843.txt
[2010/10/13 08:26:29 | 000,012,210 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI7843.txt
[2010/06/23 11:10:13 | 000,374,670 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistMSI46AF.txt
[2010/06/23 11:10:13 | 000,011,426 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI46AF.txt
[2010/05/13 23:52:07 | 000,003,072 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\HFO27 Pref
[2010/05/13 23:52:05 | 000,000,035 | -H-- | C] () -- C:\Users\Administrator\AppData\Roaming\hfo26id
[2010/03/03 22:51:33 | 000,001,615 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/09/27 13:48:23 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/08/26 04:58:39 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/26 04:57:31 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/07 23:04:56 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/05/24 22:10:18 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/04/26 21:04:25 | 000,000,009 | ---- | C] () -- C:\Program Files (x86)\install_log.dat
[2009/02/13 10:59:25 | 000,000,077 | ---- | C] () -- C:\Windows\st_affiliate.ini
[2008/11/26 20:16:36 | 002,783,026 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_NET_Framework35_x64_MSI3889.txt
[2008/11/26 20:14:36 | 000,199,947 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2008/11/26 20:14:32 | 000,175,458 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_dotnetfx35install.txt
[2008/11/26 20:14:32 | 000,005,902 | ---- | C] () -- C:\Users\Administrator\AppData\Local\uxeventlog.txt
[2008/11/26 20:14:32 | 000,000,002 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_dotnetfx35error.txt
[2008/11/13 06:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2008/11/09 19:36:35 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdmcomx.dll
[2008/11/09 19:36:35 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdminst.dll
[2008/10/25 13:17:57 | 000,786,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/09/19 16:20:55 | 000,000,616 | ---- | C] () -- C:\Windows\SysWow64\Warlords4Editor.ini
[2008/06/02 17:23:12 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/05/07 14:22:05 | 000,012,288 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/23 22:24:57 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2008/04/23 22:24:57 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2008/04/23 22:05:51 | 000,000,078 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2008/04/23 18:28:40 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008/04/23 17:47:24 | 000,003,348 | ---- | C] () -- C:\Windows\SysWow64\Ludap17.ini
[2008/04/23 17:38:28 | 000,001,460 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2007/12/04 05:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007/06/07 15:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2006/03/17 18:11:56 | 000,081,408 | ---- | C] () -- C:\Windows\SysWow64\P17.DLL
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\AMV_DecDLL.dll
[2003/10/02 20:48:18 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\P17CPI.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:BD9F7E4E
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:CB0EB1DE
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:FC4EA67C
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:34B9286E
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:FACB65E7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:7715B65F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:3AD6342E
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:FAFEC4B9
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:9491C9C7
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9B7E8561
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP

3A89E47
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:7FD903D7
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:EDED3240
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:68B61847
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:07241935
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:80EA2EA3
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:895A78C5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:814B9485
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7F66BF58
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:2AE459B9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:EA1919C7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C5A503E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2C678471
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:225CD7D5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A724744F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:426796C0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:3F2F06F2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:943E8182
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5D2892D9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CA0CE093
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:AA60673F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:BE40C8A2
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP

1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3B5038B1
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:114BD271
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:101708D3
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:CC2686CD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:3C5ABDC7
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8401B6D5
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:F036C20D
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:581B0446
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:957E9765
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:7A0EFE63
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:96CC3FEF
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:AF54CFFD
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:8160BC44
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:24FECE50
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:EA34E08F
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:ED810E46
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B894C266

< End of report >

ken545 · Nov 21, 2010

:bigthumb:

How are things running now ?

jim45682 · Nov 21, 2010

seems to be running smoothly, think the system is clear and safe?

ken545 · Nov 21, 2010

Yep, looks good. OTL didn't find the item to remove because Malwarebytes did and removed it.

You can open OTL and click on the cleanup feature and it will remove a lot of the not needed tools we used to clean your system along with there backups.

Malwarebytes is the free version and yours to keep.

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
Grinler BleepingComputer
GeeksTo Go
Dslreports

Safe Surfn
Ken

jim45682 · Nov 21, 2010

Ok thanks for your help Ken

ken545 · Nov 21, 2010

Your very welcome

Ken

ken545 · Nov 26, 2010

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Want to check my system the right way

jim45682

New member

jim45682

New member

ken545

Emeritus-Security Expert

jim45682

New member

ken545

Emeritus-Security Expert

jim45682

New member

ken545

Emeritus-Security Expert

ken545

Emeritus-Security Expert