Anti Vira AV victim

Web soldiers of fortune, I'm in need of your help. I was going to my favorite mixtape site and picked up whitesmoke for my troubles about a couple weeks ago. I used the safe mode, malware bytes combination and was rid of it. Thinking maybe the mixtape site was cleared I ventured again and came away with Anti Vira AV. I repeated my previous efforts and thought I was done with it; but I was a fool to think that. So after hours of trying to rid myself of this nasty, & relentless malware; I found myself here. So I followed instructions and will now post my OTL log. I'm looking forward to getting my cpu out of this hostage situation.

OTL logfile created on: 2/17/2011 10:01:57 AM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 69.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 165.08 Gb Free Space | 35.44% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 456.90 Gb Free Space | 98.10% Space Free | Partition Type: NTFS

Computer Name: LAMAR-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/17 09:11:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2010/01/18 14:14:36 | 001,593,808 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\Upgrade.exe


========== Modules (SafeList) ==========

MOD - [2011/02/17 09:11:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/12/23 13:45:10 | 000,020,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/03/25 22:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/20 22:01:26 | 000,829,952 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/01 14:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/13 06:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 09:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/23 13:45:28 | 000,221,184 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\HDJMidi.sys -- (HDJMidi)
DRV:64bit: - [2010/12/23 13:45:20 | 000,185,856 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HDJBulk.sys -- (Bulk)
DRV:64bit: - [2010/04/16 07:33:36 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/17 11:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 11:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009/06/17 11:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 00:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2008/08/21 23:50:32 | 000,019,456 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgp.sys -- (motccgp)
DRV:64bit: - [2008/08/21 23:50:02 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2008/02/13 17:39:42 | 004,161,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2007/02/26 17:15:20 | 000,092,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2006/11/07 10:31:30 | 000,017,168 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2006/11/01 02:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2006/10/02 21:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2009/08/05 14:58:40 | 000,093,872 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2008/08/22 13:37:14 | 000,014,336 | ---- | M] (The Nielsen Company) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\nnrnstdi.sys -- (nnrnstdi)
DRV - [2008/04/16 00:09:12 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2008/01/24 08:11:58 | 000,031,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\GameTap\bin\Release\X4HSX32.sys -- (X4HSX32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49362

========== FireFox ==========


FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files (x86)\eMusic Download Manager\xulrunner\components [2010/10/25 23:09:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files (x86)\eMusic Download Manager\xulrunner\plugins [2010/12/02 00:22:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/21 03:03:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/21 03:03:20 | 000,000,000 | ---D | M]

[2010/01/01 21:20:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2010/01/01 21:20:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2009/08/19 18:21:38 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2009/08/19 18:21:38 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2009/08/19 18:21:38 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No CLSID value found.
O3 - HKLM\..\Toolbar: (@c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {ABA69CF4-20FB-42CE-BB6D-B6171D64B8EC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [1A:Stardock TrayMonitor] File not found
O4 - HKLM..\Run: [Adobe ARM] File not found
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
O4 - HKCU..\Run: [nvmwocbi] C:\Users\Administrator\AppData\Local\Temp\gfhbexbfc\vmyqhqxsikk.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunServices: [1A:Stardock TrayMonitor] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files (x86)\MP3 Player Utilities 3.74\AMVConverter\grab.html ()
O8:64bit: - Extra context menu item: Add to AMV Converter... - C:\Program Files (x86)\MP3 Player Utilities 4.04\AMVConverter\grab.html ()
O8:64bit: - Extra context menu item: Add to Media Manager... - C:\Program Files (x86)\MP3 Player Utilities 4.04\MediaManager\grab.html ()
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files (x86)\MP3 Player Utilities 3.74\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files (x86)\MP3 Player Utilities 4.04\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files (x86)\MP3 Player Utilities 4.04\MediaManager\grab.html ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4E73C07D-0A23-42DF-9E32-BBBB027D869A} http://client2.tvtonic.com/install/3.2/install.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} http://download.copysafe.net/plugins5/installers/Copysafe.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553542000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6023ebee-b937-11de-9f84-001bfc1d18bb}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\autorun.exe
O33 - MountPoints2\{fe3de7c4-64c9-11dd-9d2e-001bfc1d18bb}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *SBBD.exe /d \Device\HarddiskVolume1\Users\Administrator\Desktop\Definitions) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin:64bit: sdAuxService - Reg Error: Value error.
SafeBootMin:64bit: sdCoreService - Reg Error: Value error.
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: sdAuxService - Reg Error: Value error.
SafeBootMin: sdCoreService - Reg Error: Value error.

SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: sdAuxService - Reg Error: Value error.
SafeBootNet:64bit: sdCoreService - Reg Error: Value error.
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: sdAuxService - Reg Error: Value error.
SafeBootNet: sdCoreService - Reg Error: Value error.

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{50c527e8-46ca-48cc-9d3d-042c514ea4c1} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{549c7f86-a987-4fad-9cf0-b42300eb5340} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/02/17 09:11:31 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/02/17 08:58:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\JavaRa[1]
[2011/02/17 08:11:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2011/02/17 08:11:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/02/17 07:52:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2011/02/17 07:52:21 | 000,000,000 | ---D | C] -- C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP
[2011/02/17 07:52:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/02/17 06:26:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2011/02/17 06:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/02/17 06:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/02/17 06:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/16 23:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/02/16 22:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/02/16 22:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/02/16 20:14:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\tdsskiller[1]
[2011/02/14 21:54:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\tdsskiller
[2011/02/13 08:52:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo Layers Client
[2011/02/13 08:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/02/09 17:46:35 | 004,699,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/02/09 17:46:35 | 001,585,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/02/09 17:46:27 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/02/09 17:46:27 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/02/09 17:46:26 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/02/09 17:46:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/01/23 22:25:22 | 000,336,896 | ---- | C] (Hercules®) -- C:\Windows\SysNative\HDJSeries.cpl
[2011/01/23 22:25:14 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll
[2011/01/23 22:25:14 | 000,253,952 | ---- | C] (© Guillemot R&D, 2010. All rights reserved.) -- C:\Windows\SysNative\drivers\HDJAsioK.sys
[2011/01/23 22:25:14 | 000,221,184 | ---- | C] (© Guillemot R&D, 2010. All rights reserved.) -- C:\Windows\SysNative\drivers\HDJMidi.sys
[2011/01/23 22:25:14 | 000,185,856 | ---- | C] (© Guillemot R&D, 2010. All rights reserved.) -- C:\Windows\SysNative\drivers\HDJBulk.sys
[2011/01/23 22:25:14 | 000,028,160 | ---- | C] (© Guillemot R&D, 2010. All rights reserved.) -- C:\Windows\SysNative\drivers\HDJCtrl.sys
[2011/01/20 21:08:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/20 21:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/20 21:07:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/20 20:57:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\New Folder (2)
[2011/01/20 20:57:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\New Folder
[2011/01/20 20:50:54 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup.exe
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Administrator\Documents\*.tmp files -> C:\Users\Administrator\Documents\*.tmp -> ]
_________End of pt.1___________

WARNING these fixes are designed for this user only and may cause damage if run on any other machine.


Please download the OTM.exe by OldTimer.

Save it to your Desktop.
Please double-click OTM.exe to run it.
Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):




Return to OTM.exe, right click in the "Paste Instructions for Items to be Moved" window (under the light yellow bar) and choose Paste.
Click the red Moveit! button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




=================================

Please download Malwarebytes' Anti-Malware from one of these places:

Majorgeeks or Besttechie


Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.Do so.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.



===============================================



Download Combofix from Bleepingcomputer or Geekstogo and place it on your Desktop

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start.

You can get help on disabling your protection programs here : http://www.bleepingcomputer.com/forums/topic114351.html

Please include the C:\ComboFix.txt in your next reply for further review.


Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a qualified helper









Last edited by Pancake on 17th February 2011, 10:18 pm; edited 1 time in total

Copy and posted from a seperate thread.



Here is the rest of the otl log. This anti vira av is slick and nasty.



========== Files - Modified Within 30 Days ==========

[2011/02/17 09:11:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/02/17 07:43:14 | 000,119,808 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/17 06:26:50 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/17 06:23:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/17 06:20:02 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{516C8738-2292-4B46-9992-96A67B7858FE}.job
[2011/02/17 06:18:00 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{83BD2409-64A3-4E5E-A132-420ABD4505E7}.job
[2011/02/17 06:16:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{245307AC-31B3-4580-B797-5EBF4FA99675}.job
[2011/02/17 06:05:38 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/17 06:05:18 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/17 06:05:18 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/17 06:05:12 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/02/17 01:16:27 | 350,605,271 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/17 01:05:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/17 00:33:00 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2011/02/17 00:21:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3060978209-2902479752-3004359420-500UA.job
[2011/02/17 00:21:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/02/17 00:07:45 | 001,151,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/17 00:07:45 | 000,291,948 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/17 00:07:45 | 000,005,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/17 00:05:19 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{94F7D7C6-B463-45B8-9652-911C53B39DE8}.job
[2011/02/16 20:40:26 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/02/16 19:21:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/02/16 18:00:00 | 000,000,482 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/02/16 17:21:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/02/16 16:21:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011/02/16 15:21:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/02/16 14:21:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/02/16 13:21:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/02/16 12:46:54 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011/02/16 11:21:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/02/16 10:21:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/02/16 09:21:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/02/16 08:21:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/02/16 07:21:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3060978209-2902479752-3004359420-500Core.job
[2011/02/16 07:21:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/02/16 06:21:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/02/16 05:21:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/02/16 04:21:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/02/16 03:21:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/02/16 03:17:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/02/16 02:21:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/02/16 01:21:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/02/15 23:21:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/02/15 22:21:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/02/15 21:21:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/02/15 20:21:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/02/14 22:40:47 | 000,001,356 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2011/02/10 03:08:55 | 000,276,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/08 21:55:19 | 000,010,367 | ---- | M] () -- C:\Users\Administrator\Documents\Undertaker.docx
[2011/02/08 21:13:48 | 000,870,128 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\mcs.rma
[2011/02/08 21:13:48 | 000,000,004 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\17038D
[2011/02/05 05:21:27 | 000,000,513 | ---- | M] () -- C:\Users\Administrator\Desktop\velvet - Shortcut.lnk
[2011/02/02 22:07:00 | 001,246,371 | ---- | M] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
[2011/02/01 21:55:57 | 000,000,672 | ---- | M] () -- C:\Users\Administrator\Desktop\Documents on john's XV6175.LNK
[2011/01/29 12:29:00 | 000,010,663 | ---- | M] () -- C:\Users\Administrator\Documents\This is for the yard where grave souls rest where rooks of the game become ghetto vets repping the set heavy ready for whatever where a hail of bullets is forecasted in the weather.docx
[2011/01/25 23:32:58 | 000,018,397 | ---- | M] () -- C:\Users\Administrator\Documents\Close your eys.docx
[2011/01/23 22:05:27 | 000,000,878 | ---- | M] () -- C:\Users\Administrator\Desktop\Virtual DJ (DJConsole).lnk
[2011/01/21 05:32:11 | 000,010,977 | ---- | M] () -- C:\Users\Administrator\Documents\Dreamworks.docx
[2011/01/21 05:29:34 | 000,010,793 | ---- | M] () -- C:\Users\Administrator\Documents\Aston Martin Freestyle.docx
[2011/01/21 03:58:37 | 000,012,581 | ---- | M] () -- C:\Users\Administrator\Documents\Let me see ya hands clap one.docx
[2011/01/20 21:08:01 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/20 20:51:04 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup.exe
[2011/01/20 20:50:24 | 000,719,873 | ---- | M] () -- C:\Users\Administrator\Desktop\iExplore.exe
[2011/01/20 20:10:48 | 000,000,732 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2011/01/20 11:59:23 | 000,002,317 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/01/19 22:34:11 | 000,000,883 | ---- | M] () -- C:\Users\Administrator\Desktop\Virtual DJ Home.lnk
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Administrator\Documents\*.tmp files -> C:\Users\Administrator\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/17 08:11:12 | 000,433,872 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistMSI2F71.txt
[2011/02/17 08:11:12 | 000,016,622 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI2F75.txt
[2011/02/17 08:11:11 | 000,017,450 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI2F71.txt
[2011/02/17 06:26:50 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/08 21:55:18 | 000,010,367 | ---- | C] () -- C:\Users\Administrator\Documents\Undertaker.docx
[2011/02/05 05:21:27 | 000,000,513 | ---- | C] () -- C:\Users\Administrator\Desktop\velvet - Shortcut.lnk
[2011/02/02 22:06:58 | 001,246,371 | ---- | C] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
[2011/02/01 21:55:57 | 000,000,672 | ---- | C] () -- C:\Users\Administrator\Desktop\Documents on john's XV6175.LNK
[2011/01/29 11:00:46 | 000,010,663 | ---- | C] () -- C:\Users\Administrator\Documents\This is for the yard where grave souls rest where rooks of the game become ghetto vets repping the set heavy ready for whatever where a hail of bullets is forecasted in the weather.docx
[2011/01/21 05:18:29 | 000,010,793 | ---- | C] () -- C:\Users\Administrator\Documents\Aston Martin Freestyle.docx
[2011/01/20 21:08:01 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/20 20:49:24 | 000,719,873 | ---- | C] () -- C:\Users\Administrator\Desktop\iExplore.exe
[2011/01/19 22:34:11 | 000,000,883 | ---- | C] () -- C:\Users\Administrator\Desktop\Virtual DJ Home.lnk
[2010/12/23 20:19:57 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/12/23 20:19:48 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/12/23 20:19:47 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2010/12/23 20:19:47 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/12/23 20:19:44 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/12/08 23:23:37 | 000,005,136 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\82DE.DA1
[2010/12/05 12:10:20 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/12/05 12:10:19 | 000,013,632 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/12/05 12:10:13 | 000,012,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/12/05 12:10:13 | 000,010,304 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/12/05 12:08:38 | 000,015,911 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/12/02 06:27:26 | 000,000,112 | ---- | C] () -- C:\ProgramData\ty81J0oy5.dat
[2010/11/26 15:11:58 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/10/29 19:57:04 | 019,657,194 | ---- | C] () -- C:\ProgramData\vlc-1.1.4-win32.exe
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/19 20:03:28 | 000,000,150 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/07/25 05:08:05 | 000,001,356 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2010/07/12 23:03:19 | 000,000,022 | ---- | C] () -- C:\Windows\kodakpcd.ini
[2010/05/12 12:28:19 | 000,006,053 | ---- | C] () -- C:\ProgramData\AntLog.txt
[2010/04/24 00:17:12 | 000,013,290 | -HS- | C] () -- C:\ProgramData\ewLMs
[2010/03/03 18:27:46 | 000,000,823 | ---- | C] () -- C:\Windows\RegGenie.ini
[2009/09/23 21:12:26 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/23 21:11:27 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/29 22:21:31 | 002,484,408 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_NET_Framework35_x64_MSI36BC.txt
[2009/06/29 21:48:19 | 000,200,326 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/06/29 21:48:11 | 000,201,080 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_dotnetfx35install.txt
[2009/06/29 21:48:11 | 000,002,690 | ---- | C] () -- C:\Users\Administrator\AppData\Local\uxeventlog.txt
[2009/06/29 21:48:11 | 000,000,002 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_dotnetfx35error.txt
[2009/05/23 20:57:44 | 016,742,799 | ---- | C] () -- C:\ProgramData\vlc-0.9.9-win32.exe
[2009/03/11 07:21:01 | 000,000,369 | -HS- | C] () -- C:\Windows\SysWow64\RYxFgiPo.ini2
[2009/03/11 07:21:00 | 000,000,369 | -HS- | C] () -- C:\Windows\SysWow64\tuEMmUtv.ini2
[2009/03/11 07:21:00 | 000,000,369 | -HS- | C] () -- C:\Windows\SysWow64\rXFhRXbc.ini2
[2009/03/11 07:21:00 | 000,000,369 | -HS- | C] () -- C:\Windows\SysWow64\qWvwDfhk.ini2
[2009/03/11 07:21:00 | 000,000,369 | -HS- | C] () -- C:\Windows\SysWow64\CIQponpo.ini2
[2009/03/11 07:20:59 | 000,000,369 | -HS- | C] () -- C:\Windows\SysWow64\DgPqAcdd.ini2
[2009/03/11 07:20:57 | 000,000,369 | -HS- | C] () -- C:\Windows\SysWow64\tsttDfhk.ini2
[2009/03/11 07:20:57 | 000,000,369 | -HS- | C] () -- C:\Windows\SysWow64\rXFhRXbc.ini
[2009/03/11 07:20:57 | 000,000,369 | -HS- | C] () -- C:\Windows\SysWow64\DgPqAcdd.ini
[2009/03/11 07:20:57 | 000,000,369 | -HS- | C] () -- C:\Windows\SysWow64\CIQponpo.ini
[2009/03/11 07:20:56 | 000,000,369 | -HS- | C] () -- C:\Windows\SysWow64\tuEMmUtv.ini
[2009/03/11 07:20:56 | 000,000,369 | -HS- | C] () -- C:\Windows\SysWow64\tsttDfhk.ini
[2009/03/11 07:20:56 | 000,000,369 | -HS- | C] () -- C:\Windows\SysWow64\RYxFgiPo.ini
[2009/03/11 07:20:56 | 000,000,369 | -HS- | C] () -- C:\Windows\SysWow64\qWvwDfhk.ini
[2009/03/11 07:20:56 | 000,000,369 | -HS- | C] () -- C:\Windows\SysWow64\LVxacMoq.ini2
[2009/03/11 07:20:56 | 000,000,369 | -HS- | C] () -- C:\Windows\SysWow64\beOnoYay.ini2
[2009/03/11 07:20:56 | 000,000,369 | -HS- | C] () -- C:\Windows\SysWow64\beOnoYay.ini
[2009/03/11 07:20:55 | 000,000,369 | -HS- | C] () -- C:\Windows\SysWow64\LVxacMoq.ini
[2008/11/29 01:20:16 | 000,799,126 | -HS- | C] () -- C:\Windows\SysWow64\adcbcccf.ini2
[2008/11/29 01:20:16 | 000,003,119 | -HS- | C] () -- C:\Windows\SysWow64\adcbcccf.ini
[2008/11/29 01:20:15 | 000,000,345 | -HS- | C] () -- C:\Windows\SysWow64\VGOUBJjl.ini2
[2008/11/29 01:20:15 | 000,000,345 | -HS- | C] () -- C:\Windows\SysWow64\VGOUBJjl.ini
[2008/11/29 01:20:15 | 000,000,345 | -HS- | C] () -- C:\Windows\SysWow64\OXENmUtv.ini2
[2008/11/29 01:20:15 | 000,000,345 | -HS- | C] () -- C:\Windows\SysWow64\OXENmUtv.ini
[2008/11/29 00:58:36 | 000,000,004 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\17038D
[2008/11/29 00:58:35 | 000,870,128 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\mcs.rma
[2008/10/30 23:16:37 | 000,000,612 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Notes.stt
[2008/03/01 03:19:03 | 000,000,250 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/02/22 06:55:09 | 000,119,808 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/13 17:25:35 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008/02/13 14:49:45 | 000,000,732 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/10/10 22:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2006/03/06 09:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\AMV_DecDLL.dll
[2004/09/16 12:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\SysWow64\drivers\ADFUUD.SYS
[2004/09/16 12:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\ADFUUD.SYS

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/03/03 13:41:46 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/08/20 22:34:22 | 007,548,201 | ---- | M] () -- C:\Windows\Heroes_T.scr
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/09/03 02:06:08 | 000,000,189 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\12.url
[2009/09/20 17:57:04 | 000,000,286 | -HS- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/07/24 21:20:55 | 005,479,695 | ---- | M] (ffdshow ) -- C:\Users\Administrator\Desktop\ffdshow_rev3476_20100615_clsid.exe
[2011/01/20 20:50:24 | 000,719,873 | ---- | M] () -- C:\Users\Administrator\Desktop\iExplore.exe
[2011/01/20 20:51:04 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup.exe
[2011/02/17 09:11:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2009/07/16 13:15:45 | 000,173,456 | ---- | M] (Symantec Corporation) -- C:\Users\Administrator\FixVundo.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/12/05 12:41:19 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/12/05 12:40:49 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/12/05 12:40:49 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/12/05 12:40:49 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/12/05 12:40:49 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2010/12/05 12:40:49 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/02/13 14:50:07 | 000,000,402 | -HS- | M] () -- C:\Users\Administrator\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/11/11 07:48:08 | 000,006,053 | ---- | M] () -- C:\ProgramData\AntLog.txt
[2010/04/24 13:31:53 | 000,013,290 | -HS- | M] () -- C:\ProgramData\ewLMs
[2009/05/23 20:58:22 | 016,742,799 | ---- | M] () -- C:\ProgramData\vlc-0.9.9-win32.exe
[2010/10/29 19:57:43 | 019,657,194 | ---- | M] () -- C:\ProgramData\vlc-1.1.4-win32.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >
[2005/03/21 11:00:24 | 000,004,096 | ---- | M] (SuperAdBlocker.com) -- C:\Windows\SysWOW64\sabprocenum.sys
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %SYSTEMDRIVE%\*.* >
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/02/13 14:38:53 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2008/08/25 07:59:59 | 000,000,057 | ---- | M] () -- C:\Config_BackUp.ini
[2011/02/17 09:13:00 | 000,045,826 | ---- | M] () -- C:\JavaRa.log
[2005/09/23 03:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2009/04/23 10:04:43 | 000,000,451 | ---- | M] () -- C:\nsinst.log
[2009/07/16 14:44:58 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/07/16 14:44:58 | 000,005,120 | -H-- | M] () -- C:\ntuser.dat.LOG1
[2009/07/11 16:49:40 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG2
[2009/07/11 16:49:41 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{d14097ac-6e4a-11de-9f9a-001bfc1d18bb}.TM.blf
[2009/07/11 16:49:41 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{d14097ac-6e4a-11de-9f9a-001bfc1d18bb}.TMContainer00000000000000000001.regtrans-ms
[2009/07/11 16:49:41 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{d14097ac-6e4a-11de-9f9a-001bfc1d18bb}.TMContainer00000000000000000002.regtrans-ms
[2009/07/16 14:44:58 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{d14097b0-6e4a-11de-9f9a-001bfc1d18bb}.TM.blf
[2009/07/16 14:44:58 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{d14097b0-6e4a-11de-9f9a-001bfc1d18bb}.TMContainer00000000000000000001.regtrans-ms
[2009/07/11 16:49:42 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{d14097b0-6e4a-11de-9f9a-001bfc1d18bb}.TMContainer00000000000000000002.regtrans-ms
[2011/02/17 06:21:12 | 312,029,183 | -HS- | M] () -- C:\pagefile.sys
[2011/02/16 23:49:21 | 000,000,370 | ---- | M] () -- C:\rkill.log
[2011/02/14 21:54:50 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.4.16.0_14.02.2011_21.54.36_log.txt
[2011/02/14 21:55:58 | 000,059,446 | ---- | M] () -- C:\TDSSKiller.2.4.16.0_14.02.2011_21.55.14_log.txt
[2011/02/14 23:12:15 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.4.16.0_14.02.2011_23.12.00_log.txt
[2011/02/14 23:14:47 | 000,058,818 | ---- | M] () -- C:\TDSSKiller.2.4.16.0_14.02.2011_23.13.58_log.txt
[2011/02/14 23:50:13 | 000,058,818 | ---- | M] () -- C:\TDSSKiller.2.4.16.0_14.02.2011_23.49.27_log.txt
[2011/02/16 20:13:56 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.4.16.0_16.02.2011_20.13.52_log.txt
[2011/02/16 20:14:23 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.4.16.0_16.02.2011_20.14.21_log.txt
[2011/02/16 20:15:31 | 000,058,840 | ---- | M] () -- C:\TDSSKiller.2.4.16.0_16.02.2011_20.15.03_log.txt
[2011/02/16 20:42:54 | 000,000,178 | ---- | M] () -- C:\TDSSKiller.2.4.16.0_16.02.2011_20.42.54_log.txt
[2011/02/16 20:43:16 | 000,000,178 | ---- | M] () -- C:\TDSSKiller.2.4.16.0_16.02.2011_20.43.16_log.txt
[2011/02/17 06:03:50 | 000,058,840 | ---- | M] () -- C:\TDSSKiller.2.4.16.0_17.02.2011_06.03.12_log.txt
[2011/02/17 08:06:30 | 000,059,364 | ---- | M] () -- C:\TDSSKiller.2.4.16.0_17.02.2011_08.05.56_log.txt
[2010/09/08 09:18:12 | 000,001,752 | ---- | M] () -- C:\{225AA4DB-FEC4-4DC9-9493-E6EF9AE3FDFD}
[2010/09/08 09:46:51 | 000,002,272 | ---- | M] () -- C:\{30A9963D-B29D-4300-A20F-DC54173C74C3}
[2010/08/05 14:27:07 | 000,002,784 | ---- | M] () -- C:\{A4A5F797-89D0-4CE8-A2E9-6E4E53D46E98}

< %PROGRAMFILES%\*. >
[2009/06/21 01:38:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\5000 Year Leap
[2010/12/02 00:22:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/12/20 00:20:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Alarm
[2008/05/05 14:46:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ANPARK
[2010/11/11 07:48:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ant.com
[2010/08/25 21:17:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2009/06/10 15:39:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ascentive
[2009/06/10 15:46:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Astro Gemini Software
[2010/12/05 12:10:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ASUS
[2008/02/13 17:43:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2010/08/29 08:25:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BearShare Applications
[2010/12/21 03:03:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bing Bar Installer
[2010/10/25 23:04:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2011/02/17 08:11:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/08/14 09:06:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CramMaster
[2008/02/22 15:15:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX
[2010/04/09 18:05:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts
[2009/08/19 18:21:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\eMusic Download Manager
[2011/02/17 07:52:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Enigma Software Group
[2010/09/16 07:13:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Feedback Tool
[2010/11/26 15:12:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Free Audio Pack
[2010/08/20 22:16:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Free B-boy 3D Screensaver
[2010/12/23 20:21:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Free Convert to DIVX AVI WMV MP4 MPEG Converter
[2010/10/30 15:16:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Free WMA to MP3 Converter
[2008/02/13 17:24:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Futuremark
[2008/02/28 01:20:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GameTap
[2010/09/19 06:52:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2010/04/10 18:54:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hasbro
[2010/11/29 18:35:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hercules
[2009/09/17 16:45:28 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallJammer Registry
[2011/01/31 18:34:46 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/11/24 03:00:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2009/09/19 12:14:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iPhone Configuration Utility
[2010/12/02 21:58:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2011/02/17 09:01:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/12/23 20:19:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\K-Lite Codec Pack
[2009/07/03 07:24:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LimeWire
[2011/01/20 21:08:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/01 23:50:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2010/10/12 06:26:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/11/11 17:13:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Easy Assist
[2008/03/19 15:17:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games
[2010/11/17 03:01:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2008/02/23 15:57:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2011/02/16 03:19:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/11/17 03:05:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/06/26 02:02:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2009/06/21 01:40:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mobipocket.com
[2008/06/03 03:39:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MP3 Player Utilities 3.74
[2008/06/03 03:43:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MP3 Player Utilities 4.04
[2006/11/02 10:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2008/03/09 19:58:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache
[2010/11/01 23:50:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSN Toolbar
[2008/02/21 13:17:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010/10/04 16:29:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Norton AntiVirus
[2009/07/16 13:10:16 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Norton Support
[2009/06/10 15:48:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NortonInstaller
[2010/09/16 23:00:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NOS
[2010/11/10 00:22:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Object
[2008/03/04 16:15:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PocketRAR
[2010/12/09 04:12:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2008/04/16 00:06:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real
[2010/12/05 12:38:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2006/11/02 10:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/11/10 00:52:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RegGenie
[2008/04/29 15:13:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Rhapsody
[2009/09/19 12:20:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Safari
[2010/11/13 21:49:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SAMSUNG
[2008/04/15 23:28:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SanDisk
[2009/09/17 16:48:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Screen Saver Manager
[2008/08/25 07:59:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SinoWealth
[2011/02/17 08:21:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spyware Doctor
[2010/03/03 19:02:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SpyZooka
[2010/12/05 12:48:21 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2010/01/01 21:19:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TomTom DesktopSuite
[2010/01/01 21:20:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TomTom HOME 2
[2010/01/01 21:20:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TomTom International B.V
[2006/11/02 10:36:07 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2008/02/13 17:34:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\USB TV
[2008/11/29 01:03:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\V CAST Music with Rhapsody
[2009/06/10 23:43:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\vghd
[2009/03/11 07:20:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2010/01/29 09:25:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Virtual Earth 3D
[2011/01/23 22:05:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VirtualDJ
[2009/09/20 11:48:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze
[2010/03/03 14:01:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Calendar
[2008/01/20 22:09:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Collaboration
[2008/01/20 22:09:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2008/02/26 19:49:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/02/10 03:05:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/10/13 02:30:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2006/11/02 10:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2010/03/03 14:01:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Gallery
[2010/03/04 03:00:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2010/03/03 14:01:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2008/11/28 23:59:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!
[2011/02/13 08:52:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yontoo Layers Client

< %appdata%\*.* >
[2011/02/08 21:13:48 | 000,000,004 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\17038D
[2010/12/12 05:15:46 | 000,005,136 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\82DE.DA1
[2011/02/08 21:13:48 | 000,870,128 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\mcs.rma


< MD5 for: AGP440.SYS >
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 21:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 02:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/11 02:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 06:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006/11/02 06:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2008/01/20 21:46:53 | 000,068,664 | ---- | M] (Microsoft Corporation) MD5=2DC415FC05FB8A079F896CBBACB19324 -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_55e51d682c89f490\disk.sys
[2009/04/11 02:15:25 | 000,067,032 | ---- | M] (Microsoft Corporation) MD5=B0107E40ECDB5FA692EBF832F295D905 -- C:\Windows\SysNative\drivers\disk.sys
[2009/04/11 02:15:25 | 000,067,032 | ---- | M] (Microsoft Corporation) MD5=B0107E40ECDB5FA692EBF832F295D905 -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_57d0967429abbfdc\disk.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 21:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008/01/20 21:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 21:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 02:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009/04/11 02:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 21:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008/01/20 21:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 21:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 02:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009/04/11 02:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/01/20 21:47:25 | 000,066,048 | ---- | M] (Microsoft Corporation) MD5=586D9876A4945779C8EEA926C0D16889 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_a4a4ea3a50308c79\USBSTOR.SYS
[2009/04/11 00:39:38 | 000,077,824 | ---- | M] (Microsoft Corporation) MD5=B854C1558FCA0C269A38663E8B59B581 -- C:\Windows\SysNative\drivers\USBSTOR.SYS
[2009/04/11 00:39:38 | 000,077,824 | ---- | M] (Microsoft Corporation) MD5=B854C1558FCA0C269A38663E8B59B581 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_a69063464d5257c5\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >