Free Malware Removal Forum

[tin1]

Hi download and released a virus that won't quit. I think it was an antivirus 2010 with helpers. Can only start in safe mode system restore dead. When I remove virus it returns. Thanks for any help.
I was able to install Anti Malware program which got my registry unlocked and I was able to get my system restore to work. I am back. Below is new log file please check and let me know if all is good and any recommendations. Thanks Mike

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:19 PM, on 2/5/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [userinit] C:\Users\Mike\AppData\Roaming\sdra64.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 7019 bytes

ACDSee Pro 3
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player
All My Movies 5.6
Any Video Converter Professional 2.7.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft WebCam Companion 2
Bluesoleil 6.2.227.11
Bonjour
Borderlands
CanoScan Toolbox Ver4.1
CDDRV_Installer
Chicken Invaders 3
CloneDVD2
C-Media PCI Audio Device
Coupon Printer for Windows
DFX for Winamp
DFX for Windows Media Player
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
EA SPORTS online 2008
EPSON Printer Software
Forté Agent
Helium Music Manager 7 (build 7856)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ICatch (VI) PC Camera
iTunes
James Cameron's AVATAR(tm): THE GAME
KhalInstallWrapper
LiveUpdate 3.3 (Symantec Corporation)
Logitech SetPoint
Malwarebytes' Anti-Malware
MediaCoder 0.6.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel Viewer
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.7)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
NVIDIA Drivers
NVIDIA PhysX v8.10.29
PackPal Mp3 Ringtone Maker
PC Connectivity Solution
Popcap Game Collection
QuickPar 0.9
QuickTime
Realtek High Definition Audio Driver
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Serious Sam HD The First Encounter
Skype web features
Skype™ 4.1
Star Trek D-A-C
Star Trek Elite Force II
Super Internet TV v7.4
Super Internet TV v8.0 (Free Edition)
Symantec AntiVirus
Tiger Woods PGA TOUR 08
TuneUp Utilities
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Vampire Hunter
VC80CRTRedist - 8.0.50727.4053
Winamp
WinAVI Video Converter
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Media Player Firefox Plugin
WinRAR archiver
Xvid 1.2.2 final uninstall

[shinybeast]

Hello and welcome to Malware Removal Forums

My handle is shinybeast and I will be assisting you in the removal of malware your computer may have.

Please follow these guidelines as we work to clean your computer.

• Read through the instructions before you perform them and if you have questions please ask before you perform them. Please do not guess. I will be happy to clarify or explain.
• Perform all instructions in the order given.
• Stick with the process until I give you an "all clean." If the symptoms are gone, it does not necessarily mean your computer is safe and secure.
• The instructions assume you are using an account with administrator privileges.
• Do not run any other tools to remove malware while we are working.
• Post all responses in a reply to this topic - Please do not start a new topic.
• If your security software throws up warnings about some of these tools, please allow these tools to run, they are safe.
• If you have not done so, please take time to read the Malware Removal Forum Guidelines and Rules and How to get help at this forum where the conditions for receiving help at this forum are explained.

NOTE: I am in training here at Malware Removal University.
I must get my replies to you approved by a malware expert which means it could take slightly longer to get back to you.
Your patience is appreciated.

I will have further instructions once they get approved.

If you still need help, would you please answer a couple of questions for me?
Is Symantec Anti-virus up to date?
Is this computer used for personal or business work?

[tin1]

Hi shinnybeast thanks for your help. This is my home computer and Symantec Anti-virus is up to date. Malwarebytes' Anti-Malware has been finding the same registry error after deleting it I'll put in

Malwarebytes' Anti-Malware 1.44
Database version: 3699
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

2/7/2010 9:12:16 AM
mbam-log-2010-02-07 (09-12-16).txt

Scan type: Quick Scan
Objects scanned: 112132
Time elapsed: 5 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[shinybeast]

Hi tin1,

Thanks for the info.

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I suggest you disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of backdoor trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but I cannot guarantee that it will be secure afterwards.
However, if you do not have the resources to reinstall your operating system and would like me to attempt to clean it, I will be happy to do so.
Should you have any questions, please feel free to ask.

[tin1]

Hi this pc is not used for banking or credit card use. It's used for games internet and some email. Is there any way to remove this virus?

[shinybeast]

Hello tin1,

Is there any way to remove this virus?

Sure, we'll give it a go. First, one more scan...


Scan with OTL

Click here to download OTL by OldTimer and save it to your Desktop

• Close all other open windows, then double-click OTL to start the tool.
• Under Output, ensure that Minimal Output is selected
• Copy the text in the code box below and paste it into the Custom Scans/Fixes box (under the cyan line at the bottom of the window)
  

  Code: Select all

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  /md5stop
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  CREATERESTOREPOINT

• Click Run Scan in upper left of window.
• When the scan is finished, two logs will open:
  OTL.Txt <-- Will be opened
  Extras.Txt <-- Will be minimized
• Please post the contents of these two logs in your next reply.

[tin1]

hello shinnybeast I really appreciate your help thanks.

OTL logfile created on: 2/9/2010 9:18:45 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Mike\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 256.87 Gb Free Space | 55.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 698.46 Gb Total Space | 301.96 Gb Free Space | 43.23% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: MIKE-PC
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Mike\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe ()
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)


========== Modules (SafeList) ==========

MOD - C:\Users\Mike\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (BlueSoleilCS) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe ()
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (BsHelpCS) -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe ()
SRV - (BsMobileCS) -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (PCTCore) -- File not found
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100207.006\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100207.006\NAVENG.SYS (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys ()
DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (ssecmdm) -- C:\Windows\System32\drivers\ssecmdm.sys (MCCI Corporation)
DRV - (ssecmdfl) -- C:\Windows\System32\drivers\ssecmdfl.sys (MCCI Corporation)
DRV - (ssecbus) Samsung Mobile Modem Device driver (WDM) -- C:\Windows\System32\drivers\ssecbus.sys (MCCI Corporation)
DRV - (cmuda3) -- C:\Windows\System32\drivers\cmudax3.sys (C-Media Inc)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (BtHidBus) -- C:\Windows\System32\Drivers\BtHidBus.sys (IVT Corporation.)
DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (IvtBtBUs) -- C:\Windows\System32\drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.)
DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (BT) -- C:\Windows\System32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (ZSMC301b) -- C:\Windows\System32\drivers\usbVM31b.sys (VM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 D0 19 25 58 A6 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.optimum.net/"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/07 09:14:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/07 09:14:40 | 000,000,000 | ---D | M]

[2009/10/03 10:47:42 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2010/02/08 13:37:51 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\e0841v79.default\extensions
[2010/01/30 23:08:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\e0841v79.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(403)
[2010/01/30 23:08:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\e0841v79.default\extensions\esnipesnipeit@esnipe(400).com
[2009/10/18 10:47:29 | 000,002,217 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\e0841v79.default\searchplugins\askcom.xml
[2010/02/08 10:53:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/07 21:32:27 | 000,000,000 | ---D | M] (BlueSoleil Extension) -- C:\Program Files\Mozilla Firefox\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11}
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/01/15 07:49:34 | 000,000,925 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CmPCIaudio] File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [userinit] C:\Users\Mike\AppData\Roaming\sdra64.exe ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\skype4com.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/31 10:17:59 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/01 13:53:24 | 000,000,071 | -H-- | M] () - H:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/08/06 13:48:04 | 000,000,000 | ---D | M] - H:\autorun -- [ FAT32 ]
O33 - MountPoints2\{4ee92822-b116-11de-8ad1-001aa06d2a7b}\Shell - "" = AutoRun
O33 - MountPoints2\{4ee92822-b116-11de-8ad1-001aa06d2a7b}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{d3213677-b05f-11de-bc19-001aa06d2a7b}\Shell\AutoRun\command - "" = H:\wd_windows_tools\WDSetup.exe -- [2008/06/19 12:46:02 | 001,760,476 | ---- | M] (Western Digital Corporation )
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\wd_windows_tools\WDSetup.exe -- [2008/06/19 12:46:02 | 001,760,476 | ---- | M] (Western Digital Corporation )
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/11/27 11:33:02 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2010/02/08 10:48:45 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Visual Studio 2005
[2010/02/07 14:34:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/02/07 14:02:13 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010/02/07 09:39:31 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\extras
[2010/02/07 09:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/07 09:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/07 09:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/02/06 20:51:51 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\NPS
[2010/02/06 20:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010/02/06 20:46:06 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\PC Suite
[2010/02/06 20:45:11 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DIFxAPI.dll
[2010/02/06 20:44:43 | 000,114,304 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssecmdm.sys
[2010/02/06 20:44:43 | 000,086,528 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssecbus.sys
[2010/02/06 20:44:43 | 000,014,976 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssecmdfl.sys
[2010/02/06 20:44:43 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssecwhnt.sys
[2010/02/06 20:44:43 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssecwh.sys
[2010/02/06 20:44:43 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sseccmnt.sys
[2010/02/06 20:44:43 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sseccm.sys
[2010/02/06 20:43:55 | 000,233,472 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
[2010/02/06 20:43:54 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\My NPS Files
[2010/02/06 20:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010/02/06 09:05:53 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\TurboTax
[2010/02/06 08:59:25 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Intuit
[2010/02/06 08:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2010/02/06 08:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2010/02/06 08:53:32 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\IsolatedStorage
[2010/02/06 08:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2010/02/06 08:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax
[2010/02/04 21:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/02/04 21:18:41 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/02/04 21:18:40 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/02/04 21:18:40 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/02/04 21:18:10 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/02/04 21:18:09 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/02/04 21:18:09 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/02/04 21:18:09 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/02/04 21:18:09 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/02/04 21:18:08 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/02/04 21:18:08 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/02/04 21:18:08 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/02/04 21:18:08 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/02/04 21:18:08 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/02/04 21:18:08 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/02/04 21:18:08 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/02/04 21:18:08 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/02/04 21:18:08 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/02/04 21:18:08 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/02/04 21:18:08 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/02/04 21:18:08 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/02/04 21:18:08 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/02/04 21:18:08 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/02/04 21:18:08 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/02/04 21:18:08 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/02/04 21:18:08 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/02/04 21:18:08 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/02/04 21:18:08 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/02/04 21:18:08 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/02/04 21:17:29 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/02/04 21:17:29 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/02/04 21:17:24 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/02/04 21:17:22 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/02/04 21:17:22 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/02/04 21:17:22 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2010/02/04 21:17:22 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/02/04 21:17:22 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/02/04 21:17:22 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/02/04 21:17:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2010/02/04 21:17:22 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2010/02/04 21:17:21 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/02/04 21:16:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/02/04 21:16:18 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/02/04 20:56:35 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\AnyDVDHD
[2010/02/04 20:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2010/02/04 20:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/02/04 20:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010/02/04 15:46:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/02/04 15:46:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/02/04 15:46:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/02/04 10:16:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/04 10:16:42 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/04 08:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/31 19:15:58 | 000,000,000 | ---D | C] -- C:\temp
[2010/01/31 12:30:55 | 000,000,000 | ---D | C] -- C:\rsit
[2010/01/31 12:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/31 08:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Quick Heal
[2010/01/31 08:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Heal
[2010/01/30 09:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2010/01/30 09:23:20 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Registry Mechanic
[2010/01/30 09:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2010/01/30 09:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2010/01/29 17:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/29 17:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/28 16:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\pagifali
[2010/01/28 16:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\wuwagebe
[2010/01/28 16:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\buyopako
[2010/01/28 14:35:03 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Simply Super Software
[2010/01/28 14:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/01/28 14:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/01/28 14:24:48 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Nero
[2010/01/27 08:37:10 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\BioWare
[2010/01/27 08:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mass Effect
[2010/01/25 03:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/01/24 14:40:23 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\My Art
[2010/01/24 14:40:22 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Samsung
[2010/01/24 14:34:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\Samsung_USB_Drivers
[2010/01/24 14:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/01/21 14:28:23 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/21 14:28:23 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/21 14:28:23 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/21 14:28:23 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/21 14:28:23 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/21 14:28:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/21 14:28:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/21 14:28:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/21 14:28:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/21 14:28:22 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/21 14:28:22 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/21 14:28:22 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/21 14:28:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/21 14:28:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/18 08:13:33 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Intermedia Software
[2010/01/18 08:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Intermedia Software
[2010/01/18 08:13:15 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4r.dll
[2010/01/18 08:13:15 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2010/01/18 08:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Intermedia Software
[2010/01/18 08:13:15 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Helium Music Manager 7
[2010/01/16 07:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/01/15 08:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2010/01/15 07:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010/01/13 00:53:00 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/13 00:53:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/12 09:48:22 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\WindowsDll
[2010/01/11 16:30:09 | 000,181,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/10 16:57:43 | 000,000,000 | -HSD | C] -- C:\Users\Mike\AppData\Roaming\lowsec
[2010/01/10 11:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/01/10 11:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/01/10 11:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Super Internet TV

========== Files - Modified Within 30 Days ==========

[2010/02/09 09:17:23 | 002,883,584 | -HS- | M] () -- C:\Users\Mike\ntuser.dat
[2010/02/09 08:42:24 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/09 08:42:24 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/09 08:24:19 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for Mike.job
[2010/02/09 01:00:12 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for Mike.job
[2010/02/08 18:00:00 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/02/08 16:47:52 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/08 16:47:52 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/08 16:47:52 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/08 16:41:20 | 000,000,952 | ---- | M] () -- C:\Windows\System32\bscs.ini
[2010/02/08 16:41:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/08 16:41:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/08 16:40:45 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/08 16:37:27 | 000,004,369 | ---- | M] () -- C:\Windows\System32\LOCALSERVICE.INI
[2010/02/08 16:37:18 | 000,524,288 | -HS- | M] () -- C:\Users\Mike\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/02/08 16:37:18 | 000,065,536 | -HS- | M] () -- C:\Users\Mike\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/02/08 06:19:27 | 000,000,099 | ---- | M] () -- C:\Windows\System32\LOCALDEVICE.INI
[2010/02/07 15:54:44 | 001,730,004 | ---- | M] () -- C:\Users\Mike\Documents\540 tredmill.pdf
[2010/02/07 14:10:23 | 000,378,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/07 14:07:14 | 002,751,151 | -H-- | M] () -- C:\Users\Mike\AppData\Local\IconCache.db
[2010/02/07 09:17:13 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/07 09:14:41 | 000,001,929 | ---- | M] () -- C:\Users\Mike\Desktop\CanoScan Toolbox 4.1.lnk
[2010/02/06 21:56:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2010/02/06 20:42:35 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2010/02/06 09:02:04 | 000,102,408 | ---- | M] () -- C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/06 08:56:10 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/02/04 21:43:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/02/04 21:43:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/02/04 18:25:47 | 000,006,027 | ---- | M] () -- C:\Windows\System32\SHORTCUT.INI
[2010/02/04 18:24:34 | 000,000,488 | ---- | M] () -- C:\Windows\System32\REMOTEDEVICE.INI
[2010/02/04 10:16:52 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/04 08:50:11 | 000,006,456 | -H-- | M] () -- C:\ProgramData\yebosiye
[2010/02/04 07:25:14 | 000,000,680 | ---- | M] () -- C:\Users\Mike\AppData\Local\d3d9caps.dat
[2010/01/31 10:17:59 | 000,000,024 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/28 08:41:51 | 000,427,520 | ---- | M] () -- C:\Users\Mike\Documents\super-bowl-xlii-pool.xls
[2010/01/25 10:10:32 | 000,090,112 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/24 16:39:52 | 005,639,201 | ---- | M] () -- C:\Users\Mike\Documents\ATT_SGH-a797_ug_eng_F12.pdf.pdf
[2010/01/18 08:13:23 | 000,000,909 | ---- | M] () -- C:\Users\Mike\Desktop\Helium Music Manager 7.lnk
[2010/01/15 09:16:53 | 000,000,294 | ---- | M] () -- C:\Users\Mike\Desktop\autorun - Shortcut.lnk
[2010/01/15 07:49:34 | 000,000,925 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/01/15 06:54:21 | 000,014,892 | ---- | M] () -- C:\Users\Mike\Documents\FOOTBALL GAME TITLE.docx
[2010/01/14 11:12:06 | 000,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/12 09:48:25 | 000,175,104 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\SQLite3.dll
[2010/01/10 09:24:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/01/10 09:24:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\ProgramData\yebosiye
[2010/02/07 15:54:41 | 001,730,004 | ---- | C] () -- C:\Users\Mike\Documents\540 tredmill.pdf
[2010/02/07 09:17:13 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/07 09:14:41 | 000,001,929 | ---- | C] () -- C:\Users\Mike\Desktop\CanoScan Toolbox 4.1.lnk
[2010/02/06 20:43:55 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/02/06 20:43:55 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/02/06 20:42:35 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2010/02/06 08:56:10 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/02/05 19:25:51 | 000,000,474 | ---- | C] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for Mike.job
[2010/02/05 19:25:41 | 000,000,488 | ---- | C] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for Mike.job
[2010/02/04 21:43:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/02/04 21:43:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/02/04 10:16:52 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/04 09:50:03 | 2145,902,592 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/24 16:39:44 | 005,639,201 | ---- | C] () -- C:\Users\Mike\Documents\ATT_SGH-a797_ug_eng_F12.pdf.pdf
[2010/01/24 14:38:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/01/24 14:34:27 | 000,000,766 | ---- | C] () -- C:\Windows\System32\Uninstall.ico
[2010/01/24 14:34:18 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/01/18 08:13:23 | 000,000,909 | ---- | C] () -- C:\Users\Mike\Desktop\Helium Music Manager 7.lnk
[2010/01/15 09:16:53 | 000,000,294 | ---- | C] () -- C:\Users\Mike\Desktop\autorun - Shortcut.lnk
[2010/01/15 06:57:31 | 000,427,520 | ---- | C] () -- C:\Users\Mike\Documents\super-bowl-xlii-pool.xls
[2010/01/15 06:54:20 | 000,014,892 | ---- | C] () -- C:\Users\Mike\Documents\FOOTBALL GAME TITLE.docx
[2010/01/12 09:48:25 | 000,175,104 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\SQLite3.dll
[2010/01/10 09:24:35 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/01/10 09:24:35 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/12/08 16:33:44 | 000,000,200 | ---- | C] () -- C:\Windows\BsMobileModel.ini
[2009/12/07 22:01:31 | 000,006,027 | ---- | C] () -- C:\Windows\System32\SHORTCUT.INI
[2009/12/07 21:56:25 | 000,000,488 | ---- | C] () -- C:\Windows\System32\REMOTEDEVICE.INI
[2009/12/07 21:36:18 | 000,004,369 | ---- | C] () -- C:\Windows\System32\LOCALSERVICE.INI
[2009/12/07 21:36:13 | 000,000,099 | ---- | C] () -- C:\Windows\System32\LOCALDEVICE.INI
[2009/12/07 21:32:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\BSPRINT.INI
[2009/12/05 10:21:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/27 11:00:09 | 000,438,272 | R--- | C] () -- C:\Users\Mike\AppData\Roaming\sdra64.exe
[2009/11/27 11:00:09 | 000,438,272 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\sdra64.exe.vir
[2009/10/24 19:24:52 | 000,003,082 | ---- | C] () -- C:\Windows\System32\affv39738p1now.sys
[2009/10/16 18:43:39 | 000,014,385 | ---- | C] () -- C:\Windows\Tw561a.ini
[2009/10/16 18:43:39 | 000,000,081 | ---- | C] () -- C:\Windows\Setup8a.ini
[2009/10/16 17:51:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/04 16:40:23 | 000,000,725 | ---- | C] () -- C:\Windows\EF2.INI
[2009/10/04 13:45:00 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/10/03 16:36:08 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/10/03 16:36:08 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/10/03 16:16:56 | 000,000,164 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2009/10/03 16:16:35 | 000,258,048 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2009/10/03 16:16:35 | 000,002,125 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2009/10/03 16:16:35 | 000,000,188 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2009/10/03 16:16:34 | 000,002,423 | ---- | C] () -- C:\Windows\cmudax3.ini
[2009/10/03 15:32:22 | 000,090,112 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/03 10:38:19 | 000,000,680 | ---- | C] () -- C:\Users\Mike\AppData\Local\d3d9caps.dat
[2009/06/17 14:02:46 | 000,029,192 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/04 18:04:44 | 000,000,952 | ---- | C] () -- C:\Windows\System32\bscs.ini
[2008/08/04 17:36:50 | 000,405,589 | ---- | C] () -- C:\Windows\System32\BsUI.dll
[2008/08/01 15:58:50 | 000,278,647 | ---- | C] () -- C:\Windows\System32\outlookAddin.dll
[2008/08/01 15:58:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\HtmPrintHelper.dll
[2008/08/01 15:58:14 | 000,622,693 | ---- | C] () -- C:\Windows\System32\BSShell.dll
[2008/08/01 15:56:14 | 000,098,403 | ---- | C] () -- C:\Windows\System32\Bs2Res.dll
[2008/08/01 15:55:40 | 000,118,880 | ---- | C] () -- C:\Windows\System32\BsMobileSDK.dll
[2008/08/01 15:55:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BsMobileCSps.dll
[2008/08/01 15:46:30 | 017,907,824 | ---- | C] () -- C:\Windows\System32\BsLangInDepRes.dll
[2008/08/01 15:46:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\BsVistaCommon.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008/01/18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/02/21 14:49:48 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/02/21 14:49:48 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/02/21 14:49:48 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2009/10/05 03:13:03 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009/10/05 03:13:03 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009/10/05 03:13:02 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2008/01/18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2008/01/18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2007/01/06 00:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007/01/06 00:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys
[2007/01/06 00:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_f48b8337\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2008/01/18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\drivers\nvstor32.sys
[2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_99d8b088\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2008/01/18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/10/04 13:45:00 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Alternate Data Streams ==========

@Alternate Data Stream - 656 bytes -> C:\Users\Mike\Documents\contacts.eml:OECustomProperty
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:0295CBF7
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >


OTL Extras logfile created on: 2/9/2010 9:18:45 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Mike\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 256.87 Gb Free Space | 55.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 698.46 Gb Total Space | 301.96 Gb Free Space | 43.23% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: MIKE-PC
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{289F8C8F-4394-46BD-96D7-2B56019EC3F1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4615BCBF-09B1-45F9-BBDE-3207937581B6}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{47281AD5-5327-4E5C-9DEC-47116275F0F0}" = lport=138 | protocol=17 | dir=in | app=system |
"{4E4DD66A-26BB-4CF7-918E-6902DF88688D}" = rport=138 | protocol=17 | dir=out | app=system |
"{50693B2D-D743-4C8E-B45C-43784C470D91}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5270F284-E7CB-4979-B6C1-90C554DA8793}" = lport=137 | protocol=17 | dir=in | app=system |
"{62856CC1-5FD1-4C4B-AAB3-D4DAA4712ABD}" = lport=445 | protocol=6 | dir=in | app=system |
"{9BD4AA87-419E-4631-9CE2-702D943D6DC8}" = lport=139 | protocol=6 | dir=in | app=system |
"{A81C8CD2-D9DF-4361-97BC-8EF0BF90289B}" = rport=137 | protocol=17 | dir=out | app=system |
"{C4FB196A-543E-421A-B54F-BA00D8E05993}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{C5FA56B0-927B-4579-A66E-04C2382CE319}" = rport=139 | protocol=6 | dir=out | app=system |
"{D3E752D0-6773-42DE-9293-486D0668219F}" = rport=445 | protocol=6 | dir=out | app=system |
"{DF41C1B3-96DD-4884-885E-1AB258007838}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ADE7D9A-093D-44B6-B4E0-BB34455F8C40}" = protocol=6 | dir=in | app=c:\program files\ubisoft\james cameron's avatar - the game\bin\avatar.exe |
"{1456B9B2-577E-4C61-A990-07F4BE3017C8}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{14E145AD-3FD4-4CD7-925F-53BCF71DDA3B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{17D13D73-85E4-433B-8D6A-48712B7AC892}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{32E4D455-5EB4-463F-99FC-E986C42A42F9}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{369EF85F-5751-42B3-8562-D76D4AF28C6A}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{3C38F360-7751-4928-9EC6-691F146ABEB2}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{3F654E6B-5D0A-480E-B6DF-84D8052FA7DD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{41D0B7DE-DCA1-4F03-9AFA-4E9A1877A5BD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{44270D46-53E4-4EAC-AD15-F8CF567B89B7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4F3CD978-8A58-4E2F-9D35-E1F4433181FF}" = protocol=6 | dir=in | app=c:\program files\ubisoft\james cameron's avatar - the game\bin\avatarlauncher.exe |
"{509B86E2-D75C-4ABA-BFBC-4DFCA67BFC9C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{528813EC-D31F-4B2A-B74F-C6024115D2E6}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{61E91254-1174-4B92-9F49-15055DDDA4EF}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{629136B0-02FC-4839-89E5-4DC7A5F40379}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7F089107-B50A-4F60-8AEF-5F5708AE14B6}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{876F5AB0-78EE-4F65-A745-089FB280D2DB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\james cameron's avatar - the game\bin\avatar.exe |
"{8BE0D007-52A8-4715-B9C5-B9C7BC520C88}" = protocol=17 | dir=in | app=c:\program files\ubisoft\james cameron's avatar - the game\bin\avatarlauncher.exe |
"{8CA96288-3787-4F7F-B94B-AF81197CBB4C}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{9916FB3D-5174-4669-AA68-8570777DE747}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{B4610925-BE6C-4215-9A2F-B5751C0229F9}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{BCD44FF6-CEA4-4914-92A2-016802257416}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{C00E5827-C2D2-44E2-AB05-8A2A6090A2BD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{C2F55DCD-5A24-42D3-A5D6-3182C610AD5F}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{C9955421-6905-41A8-A506-7DD19F4E99C3}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CB877E81-6649-4A67-B0E2-57594C18C834}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{CD5218E6-448F-41AD-B757-7BCAE3B155B0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DBA298BF-6ADF-4BEC-AE06-8BCBBC1A6330}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{E2BB7507-9E73-41CD-B02B-58E23EDF9A60}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EB302146-B706-49C5-83A6-4D79F58E607B}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{F18A5887-064B-4A65-A0CE-52791EF0DF9B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{32DE7284-87FA-43F4-B7CC-AAE49BB70C83}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{443D45B3-AE22-4646-9018-247868162650}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{615DFC3D-9B72-4443-B0A3-FBE9CB32FC0C}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{E1C65ECD-68A7-4AF9-854D-BE8B85577F60}C:\program files\activision\ef2\ef2.exe" = protocol=6 | dir=in | app=c:\program files\activision\ef2\ef2.exe |
"TCP Query User{F57E7E88-2374-47DB-9C53-61B6213516C7}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{20C96A1B-FD70-4A0C-92C9-1CB98A83D861}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{5CBDF1D3-69F0-495A-B6AD-7D653A29D3D1}C:\program files\activision\ef2\ef2.exe" = protocol=17 | dir=in | app=c:\program files\activision\ef2\ef2.exe |
"UDP Query User{6304B2F3-ABF4-4A44-8154-3FB135C07BE5}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{69866ABA-0BFA-4A3C-BBB4-FFB56D571295}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{DD702B3B-5A16-4C2C-BCA4-5D6C81F0762B}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18FE2022-2501-4F60-A0FA-F74476973E38}" = Symantec AntiVirus
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2223ADEF-1900-48F1-BE73-F2961822D15F}" = Samsung PC Studio 3
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{679068CA-C9E9-4C22-A90D-2C4F2881EF9C}" = Bluesoleil 6.2.227.11
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69EA986B-B172-4FAA-B54D-853BD3A2B264}" = Popcap Game Collection
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{729518C0-BF90-4653-B1A2-CD0193D14CE6}}_is1" = Helium Music Manager 7 (build 7856)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E19B002-4CA3-4C9F-BA92-91D101B97219}" = James Cameron's AVATAR(tm): THE GAME
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6392127-1223-4C7F-BBC8-87CCB449F96C}" = ArcSoft WebCam Companion 2
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB06254A-9A28-F8AD-236E-FB5C3108FE85}" = ATI Catalyst Install Manager
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DEE77D4F-249F-46DF-8176-4BC4822D68AD}_is1" = All My Movies 5.6
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}" = ICatch (VI) PC Camera
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Any Video Converter Professional_is1" = Any Video Converter Professional 2.7.6
"Chicken Invaders 3_is1" = Chicken Invaders 3
"CloneDVD2" = CloneDVD2
"C-Media PCI Audio Driver" = C-Media PCI Audio Device
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DFX for Winamp" = DFX for Winamp
"DFX for Windows Media Player" = DFX for Windows Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"Forte Agent" = Forté Agent
"HijackThis" = HijackThis 2.0.2
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.6.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"NVIDIA Drivers" = NVIDIA Drivers
"PackPal Mp3 Ringtone Maker" = PackPal Mp3 Ringtone Maker
"QuickPar" = QuickPar 0.9
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Serious Sam HD The First Encounter_is1" = Serious Sam HD The First Encounter
"Star Trek D-A-C_is1" = Star Trek D-A-C
"Star Trek Elite Force II" = Star Trek Elite Force II
"Super Internet TV (Free Edition)_is1" = Super Internet TV v8.0 (Free Edition)
"Super Internet TV_is1" = Super Internet TV v7.4
"TuneUp Utilities" = TuneUp Utilities
"TurboTax 2009" = TurboTax 2009
"uTorrent" = µTorrent
"Vampire Hunter_is1" = Vampire Hunter
"Winamp" = Winamp
"WinAVI Video Converter_is1" = WinAVI Video Converter
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/8/2010 7:26:23 AM | Computer Name = Mike-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!SpywareGuard2008 in File: Unavailable by: Scheduled
scan. Action: Reboot Required. Action Description: The file was quarantined successfully.



Error - 2/8/2010 8:45:29 AM | Computer Name = Mike-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Trojan Horse in File: C:\data1\LEFT 4 DEAD 2\RUN_L4D2.exe
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 2/8/2010 8:45:29 AM | Computer Name = Mike-PC | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Trojan Horse in File: C:\data1\LEFT 4 DEAD 2\RUN_L4D2.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 2/8/2010 8:45:31 AM | Computer Name = Mike-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan Horse in File: C:\data1\LEFT 4 DEAD 2\RUN_L4D2.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 2/8/2010 5:17:36 PM | Computer Name = Mike-PC | Source = Perflib | ID = 1010
Description =

Error - 2/8/2010 5:17:37 PM | Computer Name = Mike-PC | Source = Perflib | ID = 1008
Description =

Error - 2/8/2010 5:46:59 PM | Computer Name = Mike-PC | Source = sdCoreService | ID = 0
Description =

Error - 2/8/2010 5:50:59 PM | Computer Name = Mike-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!SpywareGuard2008 in File: Unavailable by: Invalid
: (15) scan. Action: Delete failed. Action Description: The file was left unchanged.



Error - 2/8/2010 5:51:01 PM | Computer Name = Mike-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!SpywareGuard2008 in File: Unavailable by: Invalid
: (15) scan. Action: Delete failed : Leave Alone failed. Action Description:


Error - 2/9/2010 4:19:28 AM | Computer Name = Mike-PC | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Trojan Horse in File: >>...>>movie-sample.avi - www.teenstoday.com
by: Scheduled scan. Action: Quarantine succeeded. Action Description: The file
was quarantined successfully.

[ System Events ]
Error - 11/27/2009 12:39:36 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/27/2009 12:42:02 PM | Computer Name = Mike-PC | Source = Microsoft-Windows-Eventlog | ID = 30
Description =

Error - 11/29/2009 1:53:19 PM | Computer Name = Mike-PC | Source = HTTP | ID = 15016
Description =

Error - 11/29/2009 1:54:05 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/29/2009 1:54:05 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/29/2009 10:05:32 PM | Computer Name = Mike-PC | Source = PlugPlayManager | ID = 12
Description = The device 'High Definition Audio Device' (HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&3165bed2&0&0001)
disappeared from the system without first being prepared for removal.

Error - 12/1/2009 8:51:53 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/5/2009 10:21:16 AM | Computer Name = Mike-PC | Source = HTTP | ID = 15016
Description =

Error - 12/5/2009 10:21:59 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/5/2009 10:21:59 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

[shinybeast]

Hello tin1,

P2P Software

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent

I'd like you to read P2P (Person to Person) File Sharing Programmes where this forum's policy is explained.

If you would like to continue, you must go to Control Panel > Programs and Features and uninstall the programs listed above (in red).
Warning: Any existing remnants of the program may be removed during cleaning.


Scan with CKScanner

Click here to download CKScanner and save it to your Desktop. <- Important

• Right-click CKScanner.exe and click Run as Administrator in the context menu.
• Click Search For Files.
• After a very short time, when the cursor hourglass disappears, click Save List To File.
• A message box will verify the file saved.
• Double-click the CKFiles.txt icon on your desktop. Copy the contents and paste them in your next reply.

Then...

• Please download this tool from Microsoft.
• Right click on MGADiag.exe and select Run As Administrator to run it.
• Click Continue.
• The program will run. It takes a while to finish the diagnosis, please be patient.
• Once done, click on Copy.
• Open Notepad and paste the contents in the window.

Save this file and copy/paste it in your next reply.


Please include in your next reply:
CKScanner log (CKFiles.txt)
MGADiag log

[tin1]

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\popcap game collection\bejeweled 2 deluxe\sounds\firecrackle.ogg
c:\program files\popcap game collection\bejeweled deluxe\sounds\firecrackle.ogg
scanner sequence 3.LB.11
----- EOF -----

Diagnostic Report (1.9.0019.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
Windows Product ID: 89578-OEM-7332157-00204
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {5674B677-A379-496A-BE63-FE3EBD299DEB}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.090803-2339
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 108 Invalid VLK
Microsoft Office Enterprise 2007 - 108 Invalid VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{5674B677-A379-496A-BE63-FE3EBD299DEB}</UGUID><Version>1.9.0019.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-3019109715-1815328312-2852718085</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 531</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.7</Version><SMBIOSVersion major="2" minor="5"/><Date>20071109000000.000000+000</Date></BIOS><HWID>9C323507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>AS09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>108</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>108</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65927</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="108"/><App Id="16" Version="12" Result="108"/><App Id="18" Version="12" Result="108"/><App Id="19" Version="12" Result="108"/><App Id="1A" Version="12" Result="108"/><App Id="1B" Version="12" Result="108"/><App Id="44" Version="12" Result="108"/><App Id="A1" Version="12" Result="108"/><App Id="BA" Version="12" Result="108"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500204-02-1033-6000.0000-2762009
Installation ID: 003116110346853700650280733681333181730652936161047526
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: B9HD2
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: PgAAAAIAAwABAAEAAgAEAAAAAwABAAEAJJSUwWGqKZaKVFKdkgAkO86tje/y9BrsxIicPNtKIF2sVqYOyPQ=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL AS09
FACP DELL AS09
HPET DELL AS09
MCFG DELL AS09
SLIC DELL AS09
SSDT DELL AS09

[shinybeast]

Hello tin1,

The Microsoft Office installation you have appears to be invalid

Please use Internet Explorer to visit this validation page and click Validate Now button
Allow the activex to install the OGA plug-in and wait for the report.


Once it completes, run MGADiag again as follows.

• Please download this tool from Microsoft if you did not save it.
• Right click on MGADiag.exe and select Run As Administrator to run it.
• Click Continue.
• The program will run. It takes a while to finish the diagnosis, please be patient.
• Once done, click on Copy.
• Open Notepad and paste the contents in the window.

Save this file and copy/paste it in your next reply.


If you know it to be invalid and cannot validate it, you will have to uninstall Microsoft Office Enterprise 2007 before we can proceed.

[tin1]

Diagnostic Report (1.9.0019.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
Windows Product ID: 89578-OEM-7332157-00204
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {888C9985-1DB2-4B2D-A7ED-05EAD6355FE4}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.091208-0542
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{888C9985-1DB2-4B2D-A7ED-05EAD6355FE4}</UGUID><Version>1.9.0019.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-3019109715-1815328312-2852718085</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 531</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.7</Version><SMBIOSVersion major="2" minor="5"/><Date>20071109000000.000000+000</Date></BIOS><HWID>9C323507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>AS09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500204-02-1033-6000.0000-2762009
Installation ID: 003116110346853700650280733681333181730652936161047526
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: B9HD2
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: PgAAAAIAAwABAAEAAgAEAAAAAwABAAEAJJSUwWGqKZaKVFKdkgAkO86tje/y9BrsxIicPNtKIF2sVqYOyPQ=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL AS09
FACP DELL AS09
HPET DELL AS09
MCFG DELL AS09
SLIC DELL AS09
SSDT DELL AS09

[shinybeast]

Hi tin1,

Let's try to kill the malware.


Run a command

• Click Start button. Navigate to All Programs > Accessories and find Command Prompt.
• Right-click Command Prompt and select Run as administrator (click Continue if you get a User Account Control message)
• Copy the text in the code box below.
  

  Code: Select all

  icacls C:\Users\Mike\AppData\Roaming\sdra64.exe /deny system:f

• Right-click in the black command prompt window and select Paste.
• Press Enter. You should get this output after the command:
  

  processed file: C:\Users\Mike\AppData\Roaming\sdra64.exe
  Successfully processed 1 files; Failed processing 0 files

• Type Exit and press enter. If you do not get the output above, let me know and do not continue.

If the above runs correctly:

Reboot the computer <-IMPORTANT

After reboot...

Update and Scan with MalwareBytes'

• Start MalwareBytes' Anti-Malware (MBAM)
• Click the Update tab, then click Check for Updates button
• Allow MBAM to check for and download updates, then click OK
• Click the Scanner tab and select (tick) Perform full scan
• Click Scan to start then scan.
• When it finishes, click OK in the window that pops up and then click Show Results in the main window
• Check all items EXCEPT items in the C:\System Volume Information folder... then click on Remove Selected.
• When the removal is complete, a logfile will open. Please copy and paste the entire contents of the logfile in your next reply. See NOTE below
• If necessary, the logfile can also be accessed by running Malwarebytes' and clicking the Log tab. Double-click the current log to open it.

NOTE: If Malwarebytes' encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let it proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent Malwarebytes' from removing all the malware.


OTL Scan

• Close all other open windows, then double-click OTL.exe to start OTL
• Click Run Scan to start the scan
• Once it is finished, a log will open (OTL.txt)
• Please copy and paste the contents of OTL.txt in your next reply.

Please include in your next reply:
Malwarebytes' log
OTL log (otl.txt)

[tin1]

Malwarebytes' Anti-Malware 1.44
Database version: 3723
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

2/10/2010 10:09:00 PM
mbam-log-2010-02-10 (22-09-00).txt

Scan type: Full Scan (C:\|)
Objects scanned: 271387
Time elapsed: 56 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logfile created on: 2/10/2010 10:19:49 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Mike\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 249.27 Gb Free Space | 53.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIKE-PC
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Mike\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe ()
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Mike\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (BlueSoleilCS) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe ()
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (BsHelpCS) -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe ()
SRV - (BsMobileCS) -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100207.006\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100207.006\NAVENG.SYS (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys ()
DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (ssecmdm) -- C:\Windows\System32\drivers\ssecmdm.sys (MCCI Corporation)
DRV - (ssecmdfl) -- C:\Windows\System32\drivers\ssecmdfl.sys (MCCI Corporation)
DRV - (ssecbus) Samsung Mobile Modem Device driver (WDM) -- C:\Windows\System32\drivers\ssecbus.sys (MCCI Corporation)
DRV - (cmuda3) -- C:\Windows\System32\drivers\cmudax3.sys (C-Media Inc)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (BtHidBus) -- C:\Windows\System32\Drivers\BtHidBus.sys (IVT Corporation.)
DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (IvtBtBUs) -- C:\Windows\System32\drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.)
DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (BT) -- C:\Windows\System32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (ZSMC301b) -- C:\Windows\System32\drivers\usbVM31b.sys (VM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 D0 19 25 58 A6 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.optimum.net/"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/10 08:54:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/10 09:19:50 | 000,000,000 | ---D | M]

[2009/10/03 10:47:42 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2010/02/10 18:37:25 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\e0841v79.default\extensions
[2010/01/30 23:08:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\e0841v79.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(403)
[2010/01/30 23:08:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\e0841v79.default\extensions\esnipesnipeit@esnipe(400).com
[2009/10/18 10:47:29 | 000,002,217 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\e0841v79.default\searchplugins\askcom.xml
[2010/02/08 10:53:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/07 21:32:27 | 000,000,000 | ---D | M] (BlueSoleil Extension) -- C:\Program Files\Mozilla Firefox\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11}
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2010/02/10 09:29:52 | 000,000,925 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CmPCIaudio] File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [userinit] C:\Users\Mike\AppData\Roaming\sdra64.exe ()
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\skype4com.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d3213677-b05f-11de-bc19-001aa06d2a7b}\Shell\AutoRun\command - "" = H:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\wd_windows_tools\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/10 09:16:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/02/09 17:50:25 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/09 17:50:25 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/09 17:49:46 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/09 17:49:46 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/09 17:49:46 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/09 17:49:45 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/09 15:46:20 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2010/02/09 15:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/02/08 10:48:45 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Visual Studio 2005
[2010/02/07 14:02:13 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010/02/07 09:39:31 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\extras
[2010/02/07 09:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/07 09:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/07 09:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/02/06 20:51:51 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\NPS
[2010/02/06 20:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010/02/06 20:46:06 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\PC Suite
[2010/02/06 20:45:11 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DIFxAPI.dll
[2010/02/06 20:44:43 | 000,114,304 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssecmdm.sys
[2010/02/06 20:44:43 | 000,086,528 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssecbus.sys
[2010/02/06 20:44:43 | 000,014,976 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssecmdfl.sys
[2010/02/06 20:44:43 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssecwhnt.sys
[2010/02/06 20:44:43 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssecwh.sys
[2010/02/06 20:44:43 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sseccmnt.sys
[2010/02/06 20:44:43 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sseccm.sys
[2010/02/06 20:43:55 | 000,233,472 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
[2010/02/06 20:43:54 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\My NPS Files
[2010/02/06 20:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010/02/06 09:05:53 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\TurboTax
[2010/02/06 08:59:25 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Intuit
[2010/02/06 08:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2010/02/06 08:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2010/02/06 08:53:32 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\IsolatedStorage
[2010/02/06 08:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2010/02/06 08:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax
[2010/02/04 21:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/02/04 21:18:41 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/02/04 21:18:40 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/02/04 21:18:40 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/02/04 21:18:10 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/02/04 21:18:09 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/02/04 21:18:09 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/02/04 21:18:09 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/02/04 21:18:09 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/02/04 21:18:08 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/02/04 21:18:08 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/02/04 21:18:08 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/02/04 21:18:08 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/02/04 21:18:08 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/02/04 21:18:08 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/02/04 21:18:08 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/02/04 21:18:08 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/02/04 21:18:08 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/02/04 21:18:08 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/02/04 21:18:08 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/02/04 21:18:08 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/02/04 21:18:08 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/02/04 21:18:08 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/02/04 21:18:08 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/02/04 21:18:08 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/02/04 21:18:08 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/02/04 21:18:08 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/02/04 21:18:08 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/02/04 21:18:08 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/02/04 21:17:29 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/02/04 21:17:29 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/02/04 21:17:24 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/02/04 21:17:22 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/02/04 21:17:22 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/02/04 21:17:22 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2010/02/04 21:17:22 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/02/04 21:17:22 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/02/04 21:17:22 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/02/04 21:17:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2010/02/04 21:17:22 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2010/02/04 21:17:21 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/02/04 21:16:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/02/04 21:16:18 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/02/04 20:56:35 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\AnyDVDHD
[2010/02/04 20:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2010/02/04 20:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/02/04 20:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010/02/04 15:46:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/02/04 15:46:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/02/04 15:46:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/02/04 10:16:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/04 10:16:42 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/04 08:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/31 19:15:58 | 000,000,000 | ---D | C] -- C:\temp
[2010/01/31 12:30:55 | 000,000,000 | ---D | C] -- C:\rsit
[2010/01/31 12:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/31 08:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Quick Heal
[2010/01/31 08:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Heal
[2010/01/30 09:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2010/01/30 09:23:20 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Registry Mechanic
[2010/01/30 09:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2010/01/30 09:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2010/01/29 17:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/29 17:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/28 16:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\pagifali
[2010/01/28 16:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\wuwagebe
[2010/01/28 16:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\buyopako
[2010/01/28 14:35:03 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Simply Super Software
[2010/01/28 14:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/01/28 14:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/01/28 14:24:48 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Nero
[2010/01/27 08:37:10 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\BioWare
[2010/01/27 08:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mass Effect
[2010/01/25 03:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/01/24 14:40:23 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\My Art
[2010/01/24 14:40:22 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Samsung
[2010/01/24 14:34:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\Samsung_USB_Drivers
[2010/01/24 14:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/01/21 14:28:23 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/21 14:28:23 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/21 14:28:23 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/21 14:28:23 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/21 14:28:23 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/21 14:28:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/21 14:28:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/21 14:28:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/21 14:28:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/21 14:28:22 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/21 14:28:22 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/21 14:28:22 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/21 14:28:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/21 14:28:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/18 08:13:33 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Intermedia Software
[2010/01/18 08:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Intermedia Software
[2010/01/18 08:13:15 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4r.dll
[2010/01/18 08:13:15 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2010/01/18 08:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Intermedia Software
[2010/01/18 08:13:15 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Helium Music Manager 7
[2010/01/16 07:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/01/15 08:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2010/01/15 07:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010/01/13 00:53:00 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/13 00:53:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/12 09:48:22 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\WindowsDll

========== Files - Modified Within 30 Days ==========

[2010/02/10 22:11:38 | 002,883,584 | -HS- | M] () -- C:\Users\Mike\ntuser.dat
[2010/02/10 21:08:44 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/10 21:08:44 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/10 21:08:44 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/10 21:03:57 | 000,000,952 | ---- | M] () -- C:\Windows\System32\bscs.ini
[2010/02/10 21:03:45 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/10 21:03:45 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/10 21:03:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/10 21:03:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/10 21:03:25 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/10 21:01:59 | 000,524,288 | -HS- | M] () -- C:\Users\Mike\ntuser.dat{3d0d5f0f-15c9-11df-86e7-001167bd8921}.TMContainer00000000000000000001.regtrans-ms
[2010/02/10 21:01:59 | 000,065,536 | -HS- | M] () -- C:\Users\Mike\ntuser.dat{3d0d5f0f-15c9-11df-86e7-001167bd8921}.TM.blf
[2010/02/10 21:01:57 | 003,214,088 | -H-- | M] () -- C:\Users\Mike\AppData\Local\IconCache.db
[2010/02/10 18:00:00 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/02/10 11:52:06 | 000,374,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/10 11:49:52 | 000,004,369 | ---- | M] () -- C:\Windows\System32\LOCALSERVICE.INI
[2010/02/10 10:19:22 | 000,000,099 | ---- | M] () -- C:\Windows\System32\LOCALDEVICE.INI
[2010/02/10 10:19:10 | 000,100,392 | ---- | M] () -- C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/10 09:29:52 | 000,000,925 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/10 09:16:34 | 000,000,276 | ---- | M] () -- C:\Windows\win.ini
[2010/02/10 08:30:32 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for Mike.job
[2010/02/10 01:00:09 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for Mike.job
[2010/02/09 20:09:06 | 000,524,288 | -HS- | M] () -- C:\Users\Mike\ntuser.dat{3d0d5f0f-15c9-11df-86e7-001167bd8921}.TMContainer00000000000000000002.regtrans-ms
[2010/02/09 19:26:45 | 000,092,160 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/09 17:27:16 | 000,524,288 | -HS- | M] () -- C:\Users\Mike\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/02/09 17:27:16 | 000,065,536 | -HS- | M] () -- C:\Users\Mike\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/02/07 15:54:44 | 001,730,004 | ---- | M] () -- C:\Users\Mike\Documents\540 tredmill.pdf
[2010/02/07 09:17:13 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/07 09:14:41 | 000,001,929 | ---- | M] () -- C:\Users\Mike\Desktop\CanoScan Toolbox 4.1.lnk
[2010/02/06 21:56:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2010/02/06 20:42:35 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2010/02/06 08:56:10 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/02/04 21:43:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/02/04 21:43:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/02/04 18:25:47 | 000,006,027 | ---- | M] () -- C:\Windows\System32\SHORTCUT.INI
[2010/02/04 18:24:34 | 000,000,488 | ---- | M] () -- C:\Windows\System32\REMOTEDEVICE.INI
[2010/02/04 10:16:52 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/04 08:50:11 | 000,006,456 | -H-- | M] () -- C:\ProgramData\yebosiye
[2010/02/04 07:25:14 | 000,000,680 | ---- | M] () -- C:\Users\Mike\AppData\Local\d3d9caps.dat
[2010/01/28 08:41:51 | 000,427,520 | ---- | M] () -- C:\Users\Mike\Documents\super-bowl-xlii-pool.xls
[2010/01/24 16:39:52 | 005,639,201 | ---- | M] () -- C:\Users\Mike\Documents\ATT_SGH-a797_ug_eng_F12.pdf.pdf
[2010/01/18 08:13:23 | 000,000,909 | ---- | M] () -- C:\Users\Mike\Desktop\Helium Music Manager 7.lnk
[2010/01/15 09:16:53 | 000,000,294 | ---- | M] () -- C:\Users\Mike\Desktop\autorun - Shortcut.lnk
[2010/01/15 06:54:21 | 000,014,892 | ---- | M] () -- C:\Users\Mike\Documents\FOOTBALL GAME TITLE.docx
[2010/01/14 11:12:06 | 000,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/12 09:48:25 | 000,175,104 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\SQLite3.dll

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\ProgramData\yebosiye
[2010/02/09 17:37:41 | 000,524,288 | -HS- | C] () -- C:\Users\Mike\ntuser.dat{3d0d5f0f-15c9-11df-86e7-001167bd8921}.TMContainer00000000000000000002.regtrans-ms
[2010/02/09 17:37:41 | 000,524,288 | -HS- | C] () -- C:\Users\Mike\ntuser.dat{3d0d5f0f-15c9-11df-86e7-001167bd8921}.TMContainer00000000000000000001.regtrans-ms
[2010/02/09 17:37:41 | 000,065,536 | -HS- | C] () -- C:\Users\Mike\ntuser.dat{3d0d5f0f-15c9-11df-86e7-001167bd8921}.TM.blf
[2010/02/07 15:54:41 | 001,730,004 | ---- | C] () -- C:\Users\Mike\Documents\540 tredmill.pdf
[2010/02/07 09:17:13 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/07 09:14:41 | 000,001,929 | ---- | C] () -- C:\Users\Mike\Desktop\CanoScan Toolbox 4.1.lnk
[2010/02/06 20:43:55 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/02/06 20:43:55 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/02/06 20:42:35 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2010/02/06 08:56:10 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/02/05 19:25:51 | 000,000,474 | ---- | C] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for Mike.job
[2010/02/05 19:25:41 | 000,000,488 | ---- | C] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for Mike.job
[2010/02/04 21:43:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/02/04 21:43:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/02/04 10:16:52 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/04 09:50:03 | 2145,902,592 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/24 16:39:44 | 005,639,201 | ---- | C] () -- C:\Users\Mike\Documents\ATT_SGH-a797_ug_eng_F12.pdf.pdf
[2010/01/24 14:38:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/01/24 14:34:27 | 000,000,766 | ---- | C] () -- C:\Windows\System32\Uninstall.ico
[2010/01/24 14:34:18 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/01/18 08:13:23 | 000,000,909 | ---- | C] () -- C:\Users\Mike\Desktop\Helium Music Manager 7.lnk
[2010/01/15 09:16:53 | 000,000,294 | ---- | C] () -- C:\Users\Mike\Desktop\autorun - Shortcut.lnk
[2010/01/15 06:57:31 | 000,427,520 | ---- | C] () -- C:\Users\Mike\Documents\super-bowl-xlii-pool.xls
[2010/01/15 06:54:20 | 000,014,892 | ---- | C] () -- C:\Users\Mike\Documents\FOOTBALL GAME TITLE.docx
[2010/01/12 09:48:25 | 000,175,104 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\SQLite3.dll
[2009/12/08 16:33:44 | 000,000,200 | ---- | C] () -- C:\Windows\BsMobileModel.ini
[2009/12/07 22:01:31 | 000,006,027 | ---- | C] () -- C:\Windows\System32\SHORTCUT.INI
[2009/12/07 21:56:25 | 000,000,488 | ---- | C] () -- C:\Windows\System32\REMOTEDEVICE.INI
[2009/12/07 21:36:18 | 000,004,369 | ---- | C] () -- C:\Windows\System32\LOCALSERVICE.INI
[2009/12/07 21:36:13 | 000,000,099 | ---- | C] () -- C:\Windows\System32\LOCALDEVICE.INI
[2009/12/07 21:32:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\BSPRINT.INI
[2009/12/05 10:21:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/27 11:00:09 | 000,438,272 | R--- | C] () -- C:\Users\Mike\AppData\Roaming\sdra64.exe
[2009/11/27 11:00:09 | 000,438,272 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\sdra64.exe.vir
[2009/10/24 19:24:52 | 000,003,082 | ---- | C] () -- C:\Windows\System32\affv39738p1now.sys
[2009/10/16 18:43:39 | 000,014,385 | ---- | C] () -- C:\Windows\Tw561a.ini
[2009/10/16 18:43:39 | 000,000,081 | ---- | C] () -- C:\Windows\Setup8a.ini
[2009/10/16 17:51:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/04 16:40:23 | 000,000,725 | ---- | C] () -- C:\Windows\EF2.INI
[2009/10/04 13:45:00 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/10/03 16:36:08 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/10/03 16:36:08 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/10/03 16:16:56 | 000,000,164 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2009/10/03 16:16:35 | 000,258,048 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2009/10/03 16:16:35 | 000,002,125 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2009/10/03 16:16:35 | 000,000,188 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2009/10/03 16:16:34 | 000,002,423 | ---- | C] () -- C:\Windows\cmudax3.ini
[2009/10/03 15:32:22 | 000,092,160 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/03 10:38:19 | 000,000,680 | ---- | C] () -- C:\Users\Mike\AppData\Local\d3d9caps.dat
[2009/06/17 14:02:46 | 000,029,192 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/04 18:04:44 | 000,000,952 | ---- | C] () -- C:\Windows\System32\bscs.ini
[2008/08/04 17:36:50 | 000,405,589 | ---- | C] () -- C:\Windows\System32\BsUI.dll
[2008/08/01 15:58:50 | 000,278,647 | ---- | C] () -- C:\Windows\System32\outlookAddin.dll
[2008/08/01 15:58:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\HtmPrintHelper.dll
[2008/08/01 15:58:14 | 000,622,693 | ---- | C] () -- C:\Windows\System32\BSShell.dll
[2008/08/01 15:56:14 | 000,098,403 | ---- | C] () -- C:\Windows\System32\Bs2Res.dll
[2008/08/01 15:55:40 | 000,118,880 | ---- | C] () -- C:\Windows\System32\BsMobileSDK.dll
[2008/08/01 15:55:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BsMobileCSps.dll
[2008/08/01 15:46:30 | 017,907,824 | ---- | C] () -- C:\Windows\System32\BsLangInDepRes.dll
[2008/08/01 15:46:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\BsVistaCommon.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 656 bytes -> C:\Users\Mike\Documents\contacts.eml:OECustomProperty
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:0295CBF7
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

[shinybeast]

Hi tin1,

That didn't do it. We are going to have to try something else. Before we do a quick question:

Do you have a Vista DVD in your possession?

[tin1]

Hi I do have the Dell disk that came with pc. Are we ready for a reformat?