1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Adult Friend Finder opens in Internet Explorer tab

Discussion in 'Virus & Other Malware Removal' started by jasonrulz_44, Sep 27, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. jasonrulz_44

    jasonrulz_44 Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    7
    This is my first post, since about 2 days ago, every now and then while im using interent explorer a new tab opens with adult friend finder, however the link is http://95.143.193.60/AFF/ . How do i stop this from showing. Im running windows 7 64bit.

    here is my hijackthis log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:04:24 AM, on 9/28/2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\BandwidthMonitor\BWMonitor.exe
    C:\Program Files (x86)\TPG LeechOmeter\TPG LeechOmeter.exe
    C:\Program Files (x86)\BitTorrent\bittorrent.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe
    C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Users\Jason\AppData\Roaming\SystemProc\lsass.exe
    C:\Program Files (x86)\Billionton System Inc\Billionton USB Wireless LAN\ZDConfig.exe
    C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Freecorder\FLVSrvc.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Steam\steam.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [BandwidthMonitor] C:\Program Files (x86)\BandwidthMonitor\BWMonitor.exe
    O4 - HKCU\..\Run: [TPG] C:\Program Files (x86)\TPG LeechOmeter\TPG LeechOmeter.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\bittorrent.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [FireflyMini] "C:\Program Files (x86)\SnapStream Media\Firefly Mini\FireflyMini.exe"
    O4 - HKCU\..\Run: [RTHDBPL] C:\Users\Jason\AppData\Roaming\SystemProc\lsass.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: ZDConfig.lnk = C:\Program Files (x86)\Billionton System Inc\Billionton USB Wireless LAN\ZDConfig.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O16 - DPF: {447F8438-8124-4369-905B-A249E13CBBFC} (LgbContent Control) - http://pickles.liveblockauctions.com/install/new/lgbkc.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{08E849C9-5C85-4BC3-8C29-AB930CAED92C}: NameServer = 203.12.160.35,203.12.160.36
    O17 - HKLM\System\CS1\Services\Tcpip\..\{08E849C9-5C85-4BC3-8C29-AB930CAED92C}: NameServer = 203.12.160.35,203.12.160.36
    O17 - HKLM\System\CS2\Services\Tcpip\..\{08E849C9-5C85-4BC3-8C29-AB930CAED92C}: NameServer = 203.12.160.35,203.12.160.36
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\SysWOW64\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 14334 bytes

    thanks in advance,
    -Jason
     
  2. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi,

    Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Copy-paste following contents into custom scan -area:
      netsvcs
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
     
  3. jasonrulz_44

    jasonrulz_44 Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    7
    Thank you for your help,


    OTL logfile created on: 10/12/2010 4:49:29 PM - Run 1
    OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\Jason\Desktop
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 76.00% Memory free
    12.00 Gb Paging File | 10.00 Gb Available in Paging File | 87.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 698.63 Gb Total Space | 90.63 Gb Free Space | 12.97% Space Free | Partition Type: NTFS
    Drive E: | 465.75 Gb Total Space | 34.03 Gb Free Space | 7.31% Space Free | Partition Type: NTFS
    Drive I: | 931.51 Gb Total Space | 17.93 Gb Free Space | 1.92% Space Free | Partition Type: NTFS

    Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Jason\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Users\Jason\AppData\Roaming\SystemProc\lsass.exe (Ckojz sx)
    PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
    PRC - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
    PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
    PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
    PRC - C:\Windows\SysWOW64\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\Billionton System Inc\Billionton USB Wireless LAN\ZDConfig.exe ()


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Jason\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Users\Jason\AppData\Local\FLVService\lib\FLVSrvLib.dll (Applian Technologies, Inc.)
    MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\msvcr90.dll (Microsoft Corporation)
    MOD - C:\Program Files\Logitech\SetPoint\x86\GameHook.dll (Logitech, Inc.)
    MOD - C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll (Logitech, Inc.)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
    MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
    SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
    SRV:64bit: - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
    SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
    SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
    SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (Stereo Service) -- C:\Windows\SysWOW64\nvSCPAPISvr.exe (NVIDIA Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
    DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
    DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
    DRV:64bit: - (vncmirror) -- C:\Windows\SysNative\drivers\vncmirror.sys (RealVNC Ltd.)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
    DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
    DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
    DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
    DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (vmm) -- C:\Windows\SysNative\drivers\VMM.sys (Microsoft Corporation)
    DRV:64bit: - (VPCNetS2) -- C:\Windows\SysNative\drivers\VMNetSrv.sys (Microsoft Corporation)
    DRV - (VSPerfDrv100) -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys (Microsoft Corporation)
    DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "Bing"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://apptrackr.org/"
    FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
    FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
    FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
    FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.7.1.3
    FF - prefs.js..extensions.enabledItems: {9CE11043-9A15-4207-A565-0C94C42D590D}:2.0
    FF - prefs.js..extensions.enabledItems: [email protected]:3.1.0.12

    FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010/05/20 17:17:54 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/10/06 20:02:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/06 20:02:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/30 05:03:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/30 05:03:55 | 000,000,000 | ---D | M]

    [2010/03/30 01:43:43 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
    [2010/10/11 20:20:20 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions
    [2010/08/14 02:14:27 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    [2010/05/20 18:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/07/27 00:27:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/10/10 18:38:23 | 000,000,000 | ---D | M] (2Shared Community Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions\{ef468e5b-5b30-4136-a833-7f2e3a31afdf}
    [2010/10/10 18:38:23 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions\[email protected]
    [2010/05/19 23:12:32 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions\[email protected]
    [2010/07/27 00:13:32 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions\SkipScreen@SkipScreen
    [2010/10/07 22:20:07 | 000,001,832 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\searchplugins\bing.xml
    [2010/06/08 12:30:04 | 000,000,923 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\searchplugins\conduit.xml
    [2010/10/11 20:20:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/09/23 14:51:56 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}

    O1 HOSTS File: ([2010/09/28 01:57:15 | 000,001,955 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: 127.0.0.1 practivate.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 wip3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
    O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
    O1 - Hosts: 127.0.0.1 practivate.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 wip3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
    O1 - Hosts: 7 more lines...
    O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
    O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
    O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O4 - HKCU..\Run: [BandwidthMonitor] C:\Program Files (x86)\BandwidthMonitor\BWMonitor.exe (BWMONITOR.COM)
    O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\bittorrent.exe (BitTorrent, Inc.)
    O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
    O4 - HKCU..\Run: [FireflyMini] C:\Program Files (x86)\SnapStream Media\Firefly Mini\FireflyMini.exe File not found
    O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - HKCU..\Run: [RTHDBPL] C:\Users\Jason\AppData\Roaming\SystemProc\lsass.exe (Ckojz sx)
    O4 - HKCU..\Run: [TPG] C:\Program Files (x86)\TPG LeechOmeter\TPG LeechOmeter.exe (SLOB Enterprises)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {447F8438-8124-4369-905B-A249E13CBBFC} http://pickles.liveblockauctions.com/install/new/lgbkc.cab (LgbContent Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.12.160.35 203.12.160.36
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{460a2836-559f-11df-b10b-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{460a2836-559f-11df-b10b-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Autorun.exe -- File not found
    O33 - MountPoints2\{460a2837-559f-11df-b10b-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{460a2837-559f-11df-b10b-806e6f6e6963}\Shell\AutoRun\command - "" = I:\autorun.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
    Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
    Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/10/12 16:44:15 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
    [2010/10/06 20:12:33 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
    [2010/10/06 20:12:33 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
    [2010/10/06 20:12:33 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
    [2010/10/06 20:12:33 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
    [2010/10/06 20:12:33 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
    [2010/10/06 20:12:32 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
    [2010/10/06 20:12:32 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
    [2010/10/06 20:12:03 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
    [2010/10/06 20:12:03 | 000,899,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2010/10/06 20:12:03 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
    [2010/10/06 20:12:03 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
    [2010/10/06 20:12:02 | 001,844,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2010/10/06 20:12:02 | 001,543,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2010/10/06 20:12:02 | 001,076,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
    [2010/10/06 20:12:02 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2010/10/06 20:11:33 | 000,466,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
    [2010/10/06 20:11:33 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
    [2010/10/06 20:11:33 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
    [2010/10/06 20:11:32 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
    [2010/10/06 20:11:00 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
    [2010/10/06 20:11:00 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
    [2010/10/06 20:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
    [2010/10/06 20:02:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
    [2010/10/06 20:01:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
    [2010/10/03 02:23:08 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Friends (iPhone)
    [2010/10/02 19:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\Video to GIF
    [2010/09/26 16:26:59 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\dvdcss
    [2010/09/24 02:54:30 | 000,468,480 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
    [2010/09/24 02:54:30 | 000,183,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
    [2010/09/24 02:54:30 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
    [2010/09/24 02:54:30 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
    [2010/09/24 02:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2010/09/24 02:26:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Virus Solutions
    [2010/09/24 02:25:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2010/09/23 19:21:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YAMB
    [2010/09/23 14:51:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\AppData\Roaming\SystemProc
    [2010/09/22 21:24:29 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\storage
    [2010/09/22 19:13:38 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Cinema 4D Projects
    [2010/09/22 12:09:20 | 000,000,000 | ---D | C] -- C:\Program Files\MAXON
    [2010/09/22 12:04:11 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\MAXON
    [2010/09/17 21:44:57 | 000,086,016 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysWow64\ZDN50.dll
    [2010/09/17 21:44:57 | 000,054,656 | ---- | C] (ZyDAS Technology Corporation) -- C:\Windows\SysWow64\ZD1201U.sys
    [2010/09/17 21:44:57 | 000,015,872 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysWow64\ZDNDIS5.sys
    [2010/09/17 21:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Billionton System Inc
    [2010/09/15 21:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MagicSoftware
    [2010/09/15 21:44:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDVDRipper
    [2010/09/15 13:25:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Multimedia
    [2010/09/15 13:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SnapStream
    [2010/09/15 01:47:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SnapStream Media
    [2010/04/05 19:38:30 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Jason\AppData\Roaming\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2010/10/12 16:44:24 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
    [2010/10/12 16:42:25 | 000,001,908 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    [2010/10/12 16:36:24 | 000,018,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/10/12 16:36:24 | 000,018,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/10/12 16:35:34 | 000,887,274 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/10/12 16:35:34 | 000,738,374 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/10/12 16:35:34 | 000,150,630 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/10/12 16:31:45 | 000,000,023 | ---- | M] () -- C:\Windows\SysWow64\Error.dump
    [2010/10/12 16:31:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/10/12 16:31:08 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/11 22:52:29 | 000,015,706 | ---- | M] () -- C:\Users\Jason\Desktop\Macbeth Essay.docx
    [2010/10/10 23:59:27 | 000,038,400 | ---- | M] () -- C:\Users\Jason\Desktop\WRITING+AN+ESSAY+using+teel.doc
    [2010/10/10 17:49:06 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Mouse and Keyboard Settings.lnk
    [2010/10/10 17:49:06 | 000,001,053 | ---- | M] () -- C:\Users\Jason\Desktop\CINEMA 4D.lnk
    [2010/10/10 17:47:16 | 003,036,158 | ---- | M] () -- C:\Users\Jason\Desktop\IMG_0416.JPG
    [2010/10/09 17:43:22 | 001,244,429 | ---- | M] () -- C:\Users\Jason\Desktop\tears_sun1.mp3
    [2010/10/09 12:41:49 | 008,171,230 | ---- | M] () -- C:\Users\Jason\Documents\Sat Oct 09 12;38;23 2010.mp3
    [2010/10/06 20:17:47 | 000,001,441 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/10/03 02:21:31 | 000,010,691 | ---- | M] () -- C:\Users\Jason\Documents\dvd_ripper_largeCover.jpg
    [2010/10/01 14:34:54 | 059,791,528 | ---- | M] () -- C:\Users\Jason\Desktop\Bluray Add.avi
    [2010/10/01 02:19:19 | 000,255,350 | ---- | M] () -- C:\Users\Jason\Desktop\jason.psd
    [2010/10/01 00:51:04 | 000,054,702 | ---- | M] () -- C:\Users\Jason\Desktop\Untitled Project.aep
    [2010/09/30 03:04:42 | 000,166,135 | ---- | M] () -- C:\Users\Jason\Desktop\sheeppig.psd
    [2010/09/30 02:30:48 | 000,137,930 | ---- | M] () -- C:\Users\Jason\Desktop\hot dog.psd
    [2010/09/26 16:14:08 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\ImTOO DVD Ripper Ultimate 6.lnk
    [2010/09/25 20:02:50 | 000,000,572 | ---- | M] () -- C:\Users\Jason\Desktop\Fraps.lnk
    [2010/09/24 02:54:16 | 000,468,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
    [2010/09/24 02:54:16 | 000,183,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
    [2010/09/24 02:54:16 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
    [2010/09/24 02:54:16 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
    [2010/09/24 02:44:48 | 000,002,378 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg
    [2010/09/24 02:44:48 | 000,000,691 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\GetValue.vbs
    [2010/09/24 02:44:48 | 000,000,035 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\SetValue.bat
    [2010/09/22 13:11:20 | 000,085,294 | ---- | M] () -- C:\Users\Jason\Documents\body.c4d
    [2010/09/17 21:44:57 | 000,002,200 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ZDConfig.lnk
    [2010/09/17 13:08:53 | 003,691,865 | ---- | M] () -- C:\Users\Jason\Desktop\Jasmine V - Serious.mp3
    [2010/09/16 17:09:17 | 001,490,087 | ---- | M] () -- C:\Users\Jason\Desktop\matrix_fall_x_source.rar
    [2010/09/16 01:14:23 | 016,901,601 | ---- | M] () -- C:\Users\Jason\Desktop\trail.wmv
    [2010/09/15 21:44:46 | 000,001,007 | ---- | M] () -- C:\Users\Jason\Desktop\Magic DVD Ripper.lnk
    [2010/09/15 00:37:43 | 000,001,613 | ---- | M] () -- C:\Users\Jason\Desktop\DivX Movies.lnk

    ========== Files Created - No Company Name ==========

    [2010/10/11 00:14:14 | 000,015,706 | ---- | C] () -- C:\Users\Jason\Desktop\Macbeth Essay.docx
    [2010/10/10 23:59:29 | 000,038,400 | ---- | C] () -- C:\Users\Jason\Desktop\WRITING+AN+ESSAY+using+teel.doc
    [2010/10/10 17:26:03 | 003,036,158 | ---- | C] () -- C:\Users\Jason\Desktop\IMG_0416.JPG
    [2010/10/09 17:43:16 | 001,244,429 | ---- | C] () -- C:\Users\Jason\Desktop\tears_sun1.mp3
    [2010/10/09 12:38:23 | 008,171,230 | ---- | C] () -- C:\Users\Jason\Documents\Sat Oct 09 12;38;23 2010.mp3
    [2010/10/06 20:17:43 | 000,001,441 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/10/01 14:33:17 | 059,791,528 | ---- | C] () -- C:\Users\Jason\Desktop\Bluray Add.avi
    [2010/10/01 02:19:17 | 000,255,350 | ---- | C] () -- C:\Users\Jason\Desktop\jason.psd
    [2010/09/30 03:27:48 | 000,054,702 | ---- | C] () -- C:\Users\Jason\Desktop\Untitled Project.aep
    [2010/09/30 03:04:41 | 000,166,135 | ---- | C] () -- C:\Users\Jason\Desktop\sheeppig.psd
    [2010/09/30 02:30:47 | 000,137,930 | ---- | C] () -- C:\Users\Jason\Desktop\hot dog.psd
    [2010/09/26 16:27:12 | 000,010,691 | ---- | C] () -- C:\Users\Jason\Documents\dvd_ripper_largeCover.jpg
    [2010/09/26 16:14:08 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\ImTOO DVD Ripper Ultimate 6.lnk
    [2010/09/25 20:02:50 | 000,000,572 | ---- | C] () -- C:\Users\Jason\Desktop\Fraps.lnk
    [2010/09/24 02:44:48 | 000,000,691 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\GetValue.vbs
    [2010/09/24 02:44:48 | 000,000,035 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\SetValue.bat
    [2010/09/24 02:31:36 | 000,002,378 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg
    [2010/09/22 13:11:20 | 000,085,294 | ---- | C] () -- C:\Users\Jason\Documents\body.c4d
    [2010/09/22 12:18:21 | 000,001,053 | ---- | C] () -- C:\Users\Jason\Desktop\CINEMA 4D.lnk
    [2010/09/17 21:44:57 | 000,068,268 | ---- | C] () -- C:\Windows\SysWow64\WS01UPh.bin
    [2010/09/17 21:44:57 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\ZDTRLib.DLL
    [2010/09/17 21:44:57 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ZD12APP.dll
    [2010/09/17 21:44:57 | 000,029,345 | ---- | C] () -- C:\Windows\SysWow64\ZDNDIS3.VXD
    [2010/09/17 21:44:57 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe
    [2010/09/17 21:44:57 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll
    [2010/09/17 21:44:57 | 000,002,200 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ZDConfig.lnk
    [2010/09/17 13:08:40 | 003,691,865 | ---- | C] () -- C:\Users\Jason\Desktop\Jasmine V - Serious.mp3
    [2010/09/16 17:09:10 | 001,490,087 | ---- | C] () -- C:\Users\Jason\Desktop\matrix_fall_x_source.rar
    [2010/09/16 01:07:59 | 016,901,601 | ---- | C] () -- C:\Users\Jason\Desktop\trail.wmv
    [2010/09/15 21:44:46 | 000,001,007 | ---- | C] () -- C:\Users\Jason\Desktop\Magic DVD Ripper.lnk
    [2010/09/15 00:37:43 | 000,001,613 | ---- | C] () -- C:\Users\Jason\Desktop\DivX Movies.lnk
    [2010/09/13 01:57:29 | 013,020,176 | ---- | C] () -- C:\Users\Jason\Desktop\IMG_0206.MOV
    [2010/09/07 22:36:07 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
    [2010/09/07 22:35:46 | 000,000,893 | ---- | C] () -- C:\Windows\disney.ini
    [2010/08/05 19:51:30 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
    [2010/07/19 23:02:22 | 000,000,760 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\setup_ldm.iss
    [2010/07/10 00:15:27 | 000,000,083 | ---- | C] () -- C:\Windows\SysWow64\winitn.dll
    [2010/07/10 00:15:25 | 000,000,001 | ---- | C] () -- C:\Windows\sslzdlt.dll
    [2010/07/10 00:15:24 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
    [2010/06/25 16:36:04 | 000,000,093 | ---- | C] () -- C:\Users\Jason\AppData\Local\fusioncache.dat
    [2010/06/13 22:51:43 | 000,033,134 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\UserTile.png
    [2010/05/31 13:46:08 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\cdga.dll
    [2010/04/29 10:34:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2010/04/05 19:38:58 | 000,000,034 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.log
    [2010/04/05 19:38:30 | 000,099,384 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\inst.exe
    [2010/04/05 19:38:30 | 000,007,859 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.cat
    [2010/04/05 19:38:30 | 000,001,167 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.inf
    [2010/04/02 03:59:05 | 000,883,530 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/03/29 23:49:42 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
    [2010/03/26 18:11:28 | 000,000,041 | ---- | C] () -- C:\Program Files\New Text Document.txt
    [2010/03/05 19:25:12 | 000,000,927 | ---- | C] () -- C:\Windows\ARPR.INI
    [2010/02/12 22:37:17 | 000,000,017 | ---- | C] () -- C:\Users\Jason\AppData\Local\resmon.resmoncfg
    [2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 06:31:04 | 000,089,088 | ---- | C] () -- C:\Windows\SysWow64\nvimage.dll
    [2008/10/22 06:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2007/06/28 21:54:10 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2007/06/28 21:52:18 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/02/12 22:44:38 | 000,000,003 | ---- | M] () -- C:\7Loader.TAG
    [2009/07/14 12:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/02/13 16:45:02 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2010/08/14 15:52:59 | 000,003,532 | ---- | M] () -- C:\drmHeader.bin
    [2010/09/06 21:35:13 | 000,040,682 | -HS- | M] () -- C:\Game.jpg
    [2010/02/12 22:44:35 | 000,171,136 | RHS- | M] () -- C:\grldr
    [2010/10/12 16:31:08 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
    [2010/06/03 19:50:52 | 000,000,041 | ---- | M] () -- C:\New Text Document.txt
    [2010/10/12 16:31:09 | 2138,169,343 | -HS- | M] () -- C:\pagefile.sys
    [2010/09/24 02:46:20 | 000,003,483 | ---- | M] () -- C:\rapport.txt
    [2010/09/05 21:29:38 | 000,000,360 | ---- | M] () -- C:\rkill.log
    [2010/09/06 21:35:13 | 000,122,880 | -HS- | M] () -- C:\Trainer.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:FB1B13D8
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

    < End of report >









    OTL Extras logfile created on: 10/12/2010 4:49:29 PM - Run 1
    OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\Jason\Desktop
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 76.00% Memory free
    12.00 Gb Paging File | 10.00 Gb Available in Paging File | 87.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 698.63 Gb Total Space | 90.63 Gb Free Space | 12.97% Space Free | Partition Type: NTFS
    Drive E: | 465.75 Gb Total Space | 34.03 Gb Free Space | 7.31% Space Free | Partition Type: NTFS
    Drive I: | 931.51 Gb Total Space | 17.93 Gb Free Space | 1.92% Space Free | Partition Type: NTFS

    Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AntiVirusDisableNotify" = 0x00000000
    "FirewallDisableNotify" = 0x00000000
    "UpdatesDisableNotify" = 0x00000000

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\River Past\Audio Converter Pro\AudioConverter.exe" = C:\Program Files\River Past\Audio Converter Pro\AudioConverter.exe:*:Enabled:River Past Audio Converter Pro -- (River Past Corporation)
    "C:\Program Files\River Past\Audio Converter Pro\AudioConverter.exe" = C:\Program Files\River Past\Audio Converter Pro\AudioConverter.exe:*:Enabled:River Past Audio Converter Pro -- (River Past Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
    "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    "{20140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 (Beta)
    "{20140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 (Beta)
    "{20140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Beta)
    "{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
    "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
    "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
    "{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
    "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
    "{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
    "{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
    "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
    "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
    "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
    "{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
    "{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
    "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
    "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
    "{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
    "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
    "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
    "{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
    "{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}" = Microsoft SQL Server 2008 Native Client
    "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
    "{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
    "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
    "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
    "Audio Converter Pro" = River Past Audio Converter Pro
    "MAXONB6EC381C" = CINEMA 4D 11.514
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "NVIDIA Drivers" = NVIDIA Drivers
    "RealVNC_is1" = VNC Enterprise Edition E4.5.1
    "VNCMirror_is1" = VNC Mirror Driver 1.8.0
    "VNCPrinter_is1" = VNC Printer Driver 1.6.0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
    "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
    "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
    "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{20140000-000F-0000-0000-0000000FF1CE}" = Microsoft Office Mondo 2010 (Beta)
    "{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
    "{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
    "{20140000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2010 (Beta)
    "{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
    "{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
    "{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
    "{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
    "{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
    "{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
    "{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
    "{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
    "{20140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 (Beta)
    "{20140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010 (Beta)
    "{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
    "{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
    "{20140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010 (Beta)
    "{20140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 (Beta)
    "{20140000-0102-0409-0000-0000000FF1CE}" = Microsoft Office MondoOnly MUI (English) 2010 (Beta)
    "{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
    "{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
    "{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
    "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
    "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
    "{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
    "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{34D8A788-9397-4695-86BF-B6920284CC65}_is1" = Power AMR MP3 WAV WMA M4A AC3 Audio Converter 1.6
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
    "{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
    "{4277D135-5E38-4A5C-B5FB-F6EA03B72283}" = calibre
    "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
    "{43922202-9C8F-466B-8038-16AC60AAEED2}" = Multimedia Driver
    "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
    "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
    "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
    "{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
    "{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
    "{581CE7EA-A30D-11D6-8496-000008DD0110}" = Billionton USB Wireless LAN
    "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
    "{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision(R)
    "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
    "{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
    "{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
    "{7B63B2922B174135AFC0E1377DD81EC2}" =
    "{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5
    "{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
    "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
    "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A4A14B15-F25D-44F8-8483-291C1DF7C548}_is1" = WAV MP3 Converter v4.1 build 1218
    "{A92AB371-E1AC-478B-B4C1-62984CFB7396}_is1" = Bandwidth Monitor v3.4 build 757
    "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.134
    "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
    "{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1" = Auto Clicker v1.0
    "{C1D2D7B6-DE54-4634-A7FF-FE386DCB43DB}_is1" = TPG LeechOmeter 2.8
    "{C29B13CC-F0C5-4973-8980-2BCDC7C44E39}" = Beyond TV DVD Burning Foundation
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
    "{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype&#8482; 4.2
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
    "{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
    "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "12345_is1" = WeGame Client Public Beta 1.2.1
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
    "Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
    "Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
    "Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
    "Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "Advanced RAR Password Recovery" = Advanced RAR Password Recovery (remove only)
    "AI RoboForm" = AI RoboForm (All Users)
    "AMCap" = AMCap
    "Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.0.4
    "Any Video Converter_is1" = Any Video Converter 3.0.5
    "AviSynth" = AviSynth 2.5
    "BitTorrent" = BitTorrent
    "CamStudio" = CamStudio
    "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "CanonMyPrinter" = Canon Utilities My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
    "com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "CSS FULL DZ [Oct 15 2007]" = CSS FULL DZ [Oct 15 2007] v18.1
    "Cucusoft Ultimate DVD + Video Converter Suite_is1" = Cucusoft Ultimate DVD + Video Converter Suite 8.3.8.3
    "DC-Bass Source" = DC-Bass Source 1.1.1
    "Debut" = Debut Video Capture Software
    "DiskAid_is1" = DiskAid 4.05
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DivX Setup.divx.com" = DivX Setup
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "Easy-WebPrint EX" = Canon Easy-WebPrint EX
    "ffdshow_is1" = ffdshow v1.1.3356 [2010-04-11]
    "Fraps" = Fraps (remove only)
    "Freecorder Toolbar" = Freecorder Toolbar
    "Freecorder4.0" = Freecorder 4.0 Application
    "Freecorder4.01" = Freecorder 4.01 Application
    "Game Maker 7.0" = Game Maker 7.0
    "Game Maker 8.0" = Game Maker 8.0
    "G-Force" = G-Force
    "Halo" = Microsoft Halo
    "Halo CE" = Microsoft Halo Custom Edition
    "Icy Tower v1.4_is1" = Icy Tower v1.4
    "ImTOO DVD Ripper Ultimate 6" = ImTOO DVD Ripper Ultimate 6
    "ImTOO Video Converter Ultimate" = ImTOO Video Converter Ultimate 6
    "ImTOO Video Converter Ultimate 6" = ImTOO Video Converter Ultimate 6
    "InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur(TM)
    "Mafia II_is1" = Mafia II
    "Magic DVD Copier_is1" = Magic DVD Copier Version 4.8
    "Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MediaInfo" = MediaInfo 0.7.33 (32-bit)
    "MeGUI modern media encoder" = MeGUI modern media encoder (remove only)
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
    "Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "MKVtoolnix" = MKVtoolnix 3.3.0
    "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
    "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
    "MP3-Info extension_is1" = MP3-Info extension V3.4.23
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.MONDO" = Microsoft Office Mondo 2010
    "OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
    "PunkBusterSvc" = PunkBuster Services
    "save2pc Pro_is1" = save2pc Pro 3.25
    "save2pc_is1" = save2pc 4.04
    "Steam App 10180" = Call of Duty: Modern Warfare 2
    "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
    "Tunatic" = Tunatic
    "Videora iPhone 3G Converter" = Videora iPhone 3G Converter 5.04
    "WhiteCap" = WhiteCap
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "Worms Reloaded_is1" = Worms Reloaded
    "XPort 360_is1" = XPort 360
    "Xvid_is1" = Xvid 1.2.1 final uninstall
    "YAMB" = YAMB
    "YouTube Downloader App" = YouTube Downloader App 2.03

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  4. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi again,

    BitTorrent

    Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


    Start OTL.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      PRC - C:\Users\Jason\AppData\Roaming\SystemProc\lsass.exe (Ckojz sx)
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
      FF - prefs.js..extensions.enabledItems: {9CE11043-9A15-4207-A565-0C94C42D590D}:2.0
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      :Files
      C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
      C:\Users\Jason\AppData\Roaming\SystemProc
      :Commands
      [emptytemp]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • Then post a new OTL log


    Uninstall old Adobe Reader versions and get the latest one (9.4) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

    Uninstall this old Java:
    Java(TM) 6 Update 19


    Uninstall these toolbars if not installed on purpose:
    Ask Toolbar
    Freecorder Toolbar



    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


    Post back its report & a fresh OTL.txt log.
     
  5. jasonrulz_44

    jasonrulz_44 Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    7
    im up to the online scanner, however its asking me to download 'java framework version 1.6 or later' should i? also to get a new OTL log, i just run another scan, is that correct?

    thanks
    -Jason
     
  6. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi,

    Yep, get Java 6 Update 22 (JRE) here.
     
  7. jasonrulz_44

    jasonrulz_44 Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    7
    i installed the java 6, still tells me to get version 1.6 or later and it takes me to the java site, it also says

    'Attention! Kaspersky Online Scanner 7.0 may fail to start if another anti-virus program is already installed and running on your computer. Please deactivate the anti-virus software installed on your computer prior to starting Kaspersky Online Scanner 7.0.'

    i only have firewall and windows defender, and even when i turn them off it still wont work.
    thanks
     
  8. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Please see if ESET scanner works better:
    * Go here to run an online scanner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is UNchecked.
    • Click Scan
    • Wait for the scan to finish. Post back the results.
     
  9. jasonrulz_44

    jasonrulz_44 Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    7
    im so sorry but this doesnt work either, after i click 'yes, i accept the conditions', then once i click install active x, nothing happens after that and i have tryed it many different times
     
  10. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi,

    Let's skip online scanners and do a full scan with updated MBAM instead. So, please update MBAM before doing the scan with it (let MBAM delete found items). Post back the report + OTL related reports (result report after that OTL fix above + fresh OTL.txt contents).
     
  11. jasonrulz_44

    jasonrulz_44 Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    7
    1st .txt is OTL.txt after the OTL fix
    2nd .txt is MBAM.txt after quarantine
    3rd .txt is OTL.txt after MBAM


    OTL logfile created on: 10/17/2010 12:54:13 PM - Run 2
    OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\Jason\Desktop\OTL
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 76.00% Memory free
    12.00 Gb Paging File | 10.00 Gb Available in Paging File | 87.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 698.63 Gb Total Space | 70.68 Gb Free Space | 10.12% Space Free | Partition Type: NTFS
    Drive E: | 465.75 Gb Total Space | 34.69 Gb Free Space | 7.45% Space Free | Partition Type: NTFS
    Drive I: | 931.51 Gb Total Space | 17.54 Gb Free Space | 1.88% Space Free | Partition Type: NTFS

    Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Jason\Desktop\OTL\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
    PRC - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
    PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
    PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
    PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
    PRC - C:\Windows\SysWOW64\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\Billionton System Inc\Billionton USB Wireless LAN\ZDConfig.exe ()


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Jason\AppData\Local\FLVService\lib\FLVSrvLib.dll (Applian Technologies, Inc.)
    MOD - C:\Users\Jason\Desktop\OTL\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\msvcr90.dll (Microsoft Corporation)
    MOD - C:\Program Files\Logitech\SetPoint\x86\GameHook.dll (Logitech, Inc.)
    MOD - C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll (Logitech, Inc.)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
    MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
    SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
    SRV:64bit: - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
    SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
    SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
    SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (Stereo Service) -- C:\Windows\SysWOW64\nvSCPAPISvr.exe (NVIDIA Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
    DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
    DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
    DRV:64bit: - (vncmirror) -- C:\Windows\SysNative\drivers\vncmirror.sys (RealVNC Ltd.)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
    DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
    DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
    DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
    DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (vmm) -- C:\Windows\SysNative\drivers\VMM.sys (Microsoft Corporation)
    DRV:64bit: - (VPCNetS2) -- C:\Windows\SysNative\drivers\VMNetSrv.sys (Microsoft Corporation)
    DRV - (VSPerfDrv100) -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys (Microsoft Corporation)
    DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "Bing"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://apptrackr.org/"
    FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
    FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
    FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
    FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.7.1.3
    FF - prefs.js..extensions.enabledItems: [email protected]:3.1.0.12

    FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010/05/20 17:17:54 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/10/06 20:02:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/06 20:02:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/30 05:03:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/14 02:49:32 | 000,000,000 | ---D | M]

    [2010/03/30 01:43:43 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
    [2010/10/15 19:15:24 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions
    [2010/08/14 02:14:27 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    [2010/05/20 18:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/07/27 00:27:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/10/10 18:38:23 | 000,000,000 | ---D | M] (2Shared Community Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions\{ef468e5b-5b30-4136-a833-7f2e3a31afdf}
    [2010/10/10 18:38:23 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions\[email protected]
    [2010/05/19 23:12:32 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions\[email protected]
    [2010/07/27 00:13:32 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions\SkipScreen@SkipScreen
    [2010/10/07 22:20:07 | 000,001,832 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\searchplugins\bing.xml
    [2010/06/08 12:30:04 | 000,000,923 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\searchplugins\conduit.xml
    [2010/10/14 02:54:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/09/28 01:57:15 | 000,001,955 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: 127.0.0.1 practivate.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 wip3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
    O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
    O1 - Hosts: 127.0.0.1 practivate.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 wip3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
    O1 - Hosts: 7 more lines...
    O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
    O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O4 - HKCU..\Run: [BandwidthMonitor] C:\Program Files (x86)\BandwidthMonitor\BWMonitor.exe (BWMONITOR.COM)
    O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\bittorrent.exe (BitTorrent, Inc.)
    O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
    O4 - HKCU..\Run: [FireflyMini] C:\Program Files (x86)\SnapStream Media\Firefly Mini\FireflyMini.exe File not found
    O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - HKCU..\Run: [RTHDBPL] C:\Users\Jason\AppData\Roaming\SystemProc\lsass.exe File not found
    O4 - HKCU..\Run: [TPG] C:\Program Files (x86)\TPG LeechOmeter\TPG LeechOmeter.exe (SLOB Enterprises)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2010/10/14 02:32:17 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2010/10/14 02:32:17 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2010/10/14 02:32:17 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2010/10/14 02:32:17 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2010/10/14 02:32:17 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2010/10/14 02:32:17 | 000,000,000 | ---D | M]
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {447F8438-8124-4369-905B-A249E13CBBFC} http://pickles.liveblockauctions.com/install/new/lgbkc.cab (LgbContent Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.12.160.35 203.12.160.36
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{460a2836-559f-11df-b10b-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{460a2836-559f-11df-b10b-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Autorun.exe -- File not found
    O33 - MountPoints2\{460a2837-559f-11df-b10b-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{460a2837-559f-11df-b10b-806e6f6e6963}\Shell\AutoRun\command - "" = I:\autorun.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/10/16 20:13:16 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jason\Desktop\mbam-setup.exe
    [2010/10/14 17:21:58 | 000,189,216 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
    [2010/10/14 17:21:58 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
    [2010/10/14 17:21:58 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
    [2010/10/14 03:03:01 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Apple
    [2010/10/14 03:02:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Apple Computer
    [2010/10/14 02:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
    [2010/10/14 02:48:25 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Jason\Desktop\ATF-Cleaner.exe
    [2010/10/14 02:47:44 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\AdbeRdrUpd940_mui
    [2010/10/14 02:40:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2010/10/14 02:33:19 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/10/12 20:17:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP
    [2010/10/12 16:56:23 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\OTL
    [2010/10/06 20:12:33 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
    [2010/10/06 20:12:33 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
    [2010/10/06 20:12:33 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
    [2010/10/06 20:12:33 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
    [2010/10/06 20:12:33 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
    [2010/10/06 20:12:32 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
    [2010/10/06 20:12:32 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
    [2010/10/06 20:12:03 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
    [2010/10/06 20:12:03 | 000,899,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2010/10/06 20:12:03 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
    [2010/10/06 20:12:03 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
    [2010/10/06 20:12:02 | 001,844,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2010/10/06 20:12:02 | 001,543,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2010/10/06 20:12:02 | 001,076,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
    [2010/10/06 20:12:02 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2010/10/06 20:11:33 | 000,466,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
    [2010/10/06 20:11:33 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
    [2010/10/06 20:11:33 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
    [2010/10/06 20:11:32 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
    [2010/10/06 20:11:00 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
    [2010/10/06 20:11:00 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
    [2010/10/06 20:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
    [2010/10/06 20:02:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
    [2010/10/06 20:01:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
    [2010/10/03 02:23:08 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Friends (iPhone)
    [2010/10/02 19:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\Video to GIF
    [2010/09/26 16:26:59 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\dvdcss
    [2010/09/24 02:54:30 | 000,521,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
    [2010/09/24 02:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2010/09/24 02:26:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Virus Solutions
    [2010/09/24 02:25:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2010/09/23 19:21:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YAMB
    [2010/09/22 21:24:29 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\storage
    [2010/09/22 19:13:38 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Cinema 4D Projects
    [2010/09/22 12:09:20 | 000,000,000 | ---D | C] -- C:\Program Files\MAXON
    [2010/09/22 12:04:11 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\MAXON
    [2010/09/17 21:44:57 | 000,086,016 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysWow64\ZDN50.dll
    [2010/09/17 21:44:57 | 000,054,656 | ---- | C] (ZyDAS Technology Corporation) -- C:\Windows\SysWow64\ZD1201U.sys
    [2010/09/17 21:44:57 | 000,015,872 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysWow64\ZDNDIS5.sys
    [2010/09/17 21:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Billionton System Inc
    [2010/04/05 19:38:30 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Jason\AppData\Roaming\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2010/10/17 12:57:10 | 000,887,274 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/10/17 12:57:10 | 000,738,374 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/10/17 12:57:10 | 000,150,630 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/10/17 12:56:43 | 000,018,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/10/17 12:56:43 | 000,018,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/10/17 12:55:11 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/17 12:51:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/10/17 12:51:28 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/16 20:13:22 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jason\Desktop\mbam-setup.exe
    [2010/10/15 08:58:36 | 3583,018,285 | ---- | M] () -- C:\Users\Jason\Desktop\Quantum of Solace (720p-Bluray).mp4
    [2010/10/14 17:21:53 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
    [2010/10/14 17:21:53 | 000,189,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
    [2010/10/14 17:21:53 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
    [2010/10/14 17:21:53 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
    [2010/10/14 08:18:30 | 069,617,944 | ---- | M] () -- C:\Users\Jason\Desktop\jdk-6u22-windows-x64.exe
    [2010/10/14 02:48:15 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Jason\Desktop\ATF-Cleaner.exe
    [2010/10/13 22:06:10 | 000,000,600 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\winscp.rnd
    [2010/10/12 20:17:37 | 000,001,793 | ---- | M] () -- C:\Users\Jason\Desktop\WinSCP.lnk
    [2010/10/12 16:42:25 | 000,001,908 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    [2010/10/12 16:31:45 | 000,000,023 | ---- | M] () -- C:\Windows\SysWow64\Error.dump
    [2010/10/12 16:12:35 | 000,812,216 | ---- | M] () -- C:\Users\Jason\Desktop\IMG_0027.PNG
    [2010/10/12 16:05:49 | 000,317,698 | ---- | M] () -- C:\Users\Jason\Desktop\IMG_0026.PNG
    [2010/10/12 16:05:15 | 000,318,959 | ---- | M] () -- C:\Users\Jason\Desktop\IMG_0025.PNG
    [2010/10/12 16:04:33 | 000,317,012 | ---- | M] () -- C:\Users\Jason\Desktop\IMG_0024.PNG
    [2010/10/12 16:04:25 | 000,319,881 | ---- | M] () -- C:\Users\Jason\Desktop\IMG_0023.PNG
    [2010/10/12 16:04:15 | 000,318,355 | ---- | M] () -- C:\Users\Jason\Desktop\IMG_0022.PNG
    [2010/10/11 22:52:29 | 000,015,706 | ---- | M] () -- C:\Users\Jason\Desktop\Macbeth Essay.docx
    [2010/10/10 23:59:27 | 000,038,400 | ---- | M] () -- C:\Users\Jason\Desktop\WRITING+AN+ESSAY+using+teel.doc
    [2010/10/10 17:49:06 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Mouse and Keyboard Settings.lnk
    [2010/10/10 17:49:06 | 000,001,053 | ---- | M] () -- C:\Users\Jason\Desktop\CINEMA 4D.lnk
    [2010/10/10 17:47:16 | 003,036,158 | ---- | M] () -- C:\Users\Jason\Desktop\IMG_0416.JPG
    [2010/10/09 17:43:22 | 001,244,429 | ---- | M] () -- C:\Users\Jason\Desktop\tears_sun1.mp3
    [2010/10/09 12:41:49 | 008,171,230 | ---- | M] () -- C:\Users\Jason\Documents\Sat Oct 09 12;38;23 2010.mp3
    [2010/10/06 20:17:47 | 000,001,441 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/10/03 02:21:31 | 000,010,691 | ---- | M] () -- C:\Users\Jason\Documents\dvd_ripper_largeCover.jpg
    [2010/10/01 14:34:54 | 059,791,528 | ---- | M] () -- C:\Users\Jason\Desktop\Bluray Add.avi
    [2010/10/01 00:51:04 | 000,054,702 | ---- | M] () -- C:\Users\Jason\Desktop\Untitled Project.aep
    [2010/09/26 16:14:08 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\ImTOO DVD Ripper Ultimate 6.lnk
    [2010/09/25 20:02:50 | 000,000,572 | ---- | M] () -- C:\Users\Jason\Desktop\Fraps.lnk
    [2010/09/24 02:44:48 | 000,002,378 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg
    [2010/09/24 02:44:48 | 000,000,691 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\GetValue.vbs
    [2010/09/24 02:44:48 | 000,000,035 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\SetValue.bat
    [2010/09/22 13:11:20 | 000,085,294 | ---- | M] () -- C:\Users\Jason\Documents\body.c4d
    [2010/09/17 21:44:57 | 000,002,200 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ZDConfig.lnk
    [2010/09/17 13:08:53 | 003,691,865 | ---- | M] () -- C:\Users\Jason\Desktop\Jasmine V - Serious.mp3

    ========== Files Created - No Company Name ==========

    [2010/10/17 12:55:11 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/15 07:59:38 | 3583,018,285 | ---- | C] () -- C:\Users\Jason\Desktop\Quantum of Solace (720p-Bluray).mp4
    [2010/10/14 08:18:30 | 069,617,944 | ---- | C] () -- C:\Users\Jason\Desktop\jdk-6u22-windows-x64.exe
    [2010/10/12 20:17:38 | 000,000,600 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\winscp.rnd
    [2010/10/12 20:17:37 | 000,001,793 | ---- | C] () -- C:\Users\Jason\Desktop\WinSCP.lnk
    [2010/10/12 19:32:18 | 000,812,216 | ---- | C] () -- C:\Users\Jason\Desktop\IMG_0027.PNG
    [2010/10/12 19:32:18 | 000,317,698 | ---- | C] () -- C:\Users\Jason\Desktop\IMG_0026.PNG
    [2010/10/12 19:32:17 | 000,318,959 | ---- | C] () -- C:\Users\Jason\Desktop\IMG_0025.PNG
    [2010/10/12 19:32:17 | 000,317,012 | ---- | C] () -- C:\Users\Jason\Desktop\IMG_0024.PNG
    [2010/10/12 19:32:16 | 000,319,881 | ---- | C] () -- C:\Users\Jason\Desktop\IMG_0023.PNG
    [2010/10/12 19:32:16 | 000,318,355 | ---- | C] () -- C:\Users\Jason\Desktop\IMG_0022.PNG
    [2010/10/11 00:14:14 | 000,015,706 | ---- | C] () -- C:\Users\Jason\Desktop\Macbeth Essay.docx
    [2010/10/10 23:59:29 | 000,038,400 | ---- | C] () -- C:\Users\Jason\Desktop\WRITING+AN+ESSAY+using+teel.doc
    [2010/10/10 17:26:03 | 003,036,158 | ---- | C] () -- C:\Users\Jason\Desktop\IMG_0416.JPG
    [2010/10/09 17:43:16 | 001,244,429 | ---- | C] () -- C:\Users\Jason\Desktop\tears_sun1.mp3
    [2010/10/09 12:38:23 | 008,171,230 | ---- | C] () -- C:\Users\Jason\Documents\Sat Oct 09 12;38;23 2010.mp3
    [2010/10/06 20:17:43 | 000,001,441 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/10/01 14:33:17 | 059,791,528 | ---- | C] () -- C:\Users\Jason\Desktop\Bluray Add.avi
    [2010/09/30 03:27:48 | 000,054,702 | ---- | C] () -- C:\Users\Jason\Desktop\Untitled Project.aep
    [2010/09/26 16:27:12 | 000,010,691 | ---- | C] () -- C:\Users\Jason\Documents\dvd_ripper_largeCover.jpg
    [2010/09/26 16:14:08 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\ImTOO DVD Ripper Ultimate 6.lnk
    [2010/09/25 20:02:50 | 000,000,572 | ---- | C] () -- C:\Users\Jason\Desktop\Fraps.lnk
    [2010/09/24 02:44:48 | 000,000,691 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\GetValue.vbs
    [2010/09/24 02:44:48 | 000,000,035 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\SetValue.bat
    [2010/09/24 02:31:36 | 000,002,378 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg
    [2010/09/22 13:11:20 | 000,085,294 | ---- | C] () -- C:\Users\Jason\Documents\body.c4d
    [2010/09/22 12:18:21 | 000,001,053 | ---- | C] () -- C:\Users\Jason\Desktop\CINEMA 4D.lnk
    [2010/09/17 21:44:57 | 000,068,268 | ---- | C] () -- C:\Windows\SysWow64\WS01UPh.bin
    [2010/09/17 21:44:57 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\ZDTRLib.DLL
    [2010/09/17 21:44:57 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ZD12APP.dll
    [2010/09/17 21:44:57 | 000,029,345 | ---- | C] () -- C:\Windows\SysWow64\ZDNDIS3.VXD
    [2010/09/17 21:44:57 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe
    [2010/09/17 21:44:57 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll
    [2010/09/17 21:44:57 | 000,002,200 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ZDConfig.lnk
    [2010/09/17 13:08:40 | 003,691,865 | ---- | C] () -- C:\Users\Jason\Desktop\Jasmine V - Serious.mp3
    [2010/09/07 22:36:07 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
    [2010/09/07 22:35:46 | 000,000,893 | ---- | C] () -- C:\Windows\disney.ini
    [2010/08/05 19:51:30 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
    [2010/07/19 23:02:22 | 000,000,760 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\setup_ldm.iss
    [2010/07/10 00:15:27 | 000,000,083 | ---- | C] () -- C:\Windows\SysWow64\winitn.dll
    [2010/07/10 00:15:25 | 000,000,001 | ---- | C] () -- C:\Windows\sslzdlt.dll
    [2010/07/10 00:15:24 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
    [2010/06/25 16:36:04 | 000,000,093 | ---- | C] () -- C:\Users\Jason\AppData\Local\fusioncache.dat
    [2010/06/13 22:51:43 | 000,033,134 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\UserTile.png
    [2010/05/31 13:46:08 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\cdga.dll
    [2010/04/29 10:34:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2010/04/05 19:38:58 | 000,000,034 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.log
    [2010/04/05 19:38:30 | 000,099,384 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\inst.exe
    [2010/04/05 19:38:30 | 000,007,859 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.cat
    [2010/04/05 19:38:30 | 000,001,167 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.inf
    [2010/04/02 03:59:05 | 000,883,530 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/03/29 23:49:42 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
    [2010/03/26 18:11:28 | 000,000,041 | ---- | C] () -- C:\Program Files\New Text Document.txt
    [2010/03/05 19:25:12 | 000,000,927 | ---- | C] () -- C:\Windows\ARPR.INI
    [2010/02/12 22:37:17 | 000,000,017 | ---- | C] () -- C:\Users\Jason\AppData\Local\resmon.resmoncfg
    [2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 06:31:04 | 000,089,088 | ---- | C] () -- C:\Windows\SysWow64\nvimage.dll
    [2008/10/22 06:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2007/06/28 21:54:10 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2007/06/28 21:52:18 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:FB1B13D8
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
    < End of report >







    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org
    Database version: 4855
    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385
    10/17/2010 2:17:16 PM
    mbam-log-2010-10-17 (14-17-16).txt
    Scan type: Full scan (C:\|)
    Objects scanned: 460839
    Time elapsed: 1 hour(s), 9 minute(s), 29 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    C:\Program Files (x86)\Ubisoft\Assassin's Creed II\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.







    OTL logfile created on: 10/17/2010 2:28:05 PM - Run 3
    OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\Jason\Desktop\OTL
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 77.00% Memory free
    12.00 Gb Paging File | 11.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 698.63 Gb Total Space | 61.77 Gb Free Space | 8.84% Space Free | Partition Type: NTFS
    Drive E: | 465.75 Gb Total Space | 34.69 Gb Free Space | 7.45% Space Free | Partition Type: NTFS
    Drive I: | 931.51 Gb Total Space | 17.54 Gb Free Space | 1.88% Space Free | Partition Type: NTFS

    Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Jason\Desktop\OTL\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
    PRC - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
    PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
    PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
    PRC - C:\Windows\SysWOW64\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\Billionton System Inc\Billionton USB Wireless LAN\ZDConfig.exe ()


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Jason\AppData\Local\FLVService\lib\FLVSrvLib.dll (Applian Technologies, Inc.)
    MOD - C:\Users\Jason\Desktop\OTL\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\msvcr90.dll (Microsoft Corporation)
    MOD - C:\Program Files\Logitech\SetPoint\x86\GameHook.dll (Logitech, Inc.)
    MOD - C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll (Logitech, Inc.)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
    MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
    SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
    SRV:64bit: - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
    SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
    SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
    SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (Stereo Service) -- C:\Windows\SysWOW64\nvSCPAPISvr.exe (NVIDIA Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
    DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
    DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
    DRV:64bit: - (vncmirror) -- C:\Windows\SysNative\drivers\vncmirror.sys (RealVNC Ltd.)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
    DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
    DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
    DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
    DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (vmm) -- C:\Windows\SysNative\drivers\VMM.sys (Microsoft Corporation)
    DRV:64bit: - (VPCNetS2) -- C:\Windows\SysNative\drivers\VMNetSrv.sys (Microsoft Corporation)
    DRV - (VSPerfDrv100) -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys (Microsoft Corporation)
    DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "Bing"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://apptrackr.org/"
    FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
    FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
    FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
    FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.7.1.3
    FF - prefs.js..extensions.enabledItems: [email protected]:3.1.0.12

    FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010/05/20 17:17:54 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/10/06 20:02:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/06 20:02:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/30 05:03:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/14 02:49:32 | 000,000,000 | ---D | M]

    [2010/03/30 01:43:43 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
    [2010/10/15 19:15:24 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions
    [2010/08/14 02:14:27 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    [2010/05/20 18:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/07/27 00:27:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/10/10 18:38:23 | 000,000,000 | ---D | M] (2Shared Community Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions\{ef468e5b-5b30-4136-a833-7f2e3a31afdf}
    [2010/10/10 18:38:23 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions\[email protected]
    [2010/05/19 23:12:32 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions\[email protected]
    [2010/07/27 00:13:32 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\extensions\SkipScreen@SkipScreen
    [2010/10/07 22:20:07 | 000,001,832 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\searchplugins\bing.xml
    [2010/06/08 12:30:04 | 000,000,923 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tmmg8nit.default\searchplugins\conduit.xml
    [2010/10/14 02:54:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/09/28 01:57:15 | 000,001,955 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: 127.0.0.1 practivate.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 wip3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
    O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
    O1 - Hosts: 127.0.0.1 practivate.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 wip3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
    O1 - Hosts: 7 more lines...
    O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
    O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O4 - HKCU..\Run: [BandwidthMonitor] C:\Program Files (x86)\BandwidthMonitor\BWMonitor.exe (BWMONITOR.COM)
    O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\bittorrent.exe (BitTorrent, Inc.)
    O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
    O4 - HKCU..\Run: [FireflyMini] C:\Program Files (x86)\SnapStream Media\Firefly Mini\FireflyMini.exe File not found
    O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - HKCU..\Run: [TPG] C:\Program Files (x86)\TPG LeechOmeter\TPG LeechOmeter.exe (SLOB Enterprises)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2010/10/14 02:32:17 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2010/10/14 02:32:17 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2010/10/14 02:32:17 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2010/10/14 02:32:17 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2010/10/14 02:32:17 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2010/10/14 02:32:17 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 [2010/10/17 12:58:13 | 000,000,000 | ---D | M]
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {447F8438-8124-4369-905B-A249E13CBBFC} http://pickles.liveblockauctions.com/install/new/lgbkc.cab (LgbContent Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.12.160.35 203.12.160.36
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{460a2836-559f-11df-b10b-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{460a2836-559f-11df-b10b-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Autorun.exe -- File not found
    O33 - MountPoints2\{460a2837-559f-11df-b10b-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{460a2837-559f-11df-b10b-806e6f6e6963}\Shell\AutoRun\command - "" = I:\autorun.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/10/17 13:09:21 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Medal of Honor soundtracks
    [2010/10/16 20:13:16 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jason\Desktop\mbam-setup.exe
    [2010/10/14 17:21:58 | 000,189,216 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
    [2010/10/14 17:21:58 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
    [2010/10/14 17:21:58 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
    [2010/10/14 03:03:01 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Apple
    [2010/10/14 03:02:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Apple Computer
    [2010/10/14 02:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
    [2010/10/14 02:48:25 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Jason\Desktop\ATF-Cleaner.exe
    [2010/10/14 02:47:44 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\AdbeRdrUpd940_mui
    [2010/10/14 02:40:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2010/10/14 02:33:19 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/10/12 20:17:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP
    [2010/10/12 16:56:23 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\OTL
    [2010/10/06 20:12:33 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
    [2010/10/06 20:12:33 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
    [2010/10/06 20:12:33 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
    [2010/10/06 20:12:33 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
    [2010/10/06 20:12:33 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
    [2010/10/06 20:12:32 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
    [2010/10/06 20:12:32 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
    [2010/10/06 20:12:03 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
    [2010/10/06 20:12:03 | 000,899,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2010/10/06 20:12:03 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
    [2010/10/06 20:12:03 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
    [2010/10/06 20:12:02 | 001,844,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2010/10/06 20:12:02 | 001,543,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2010/10/06 20:12:02 | 001,076,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
    [2010/10/06 20:12:02 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2010/10/06 20:11:33 | 000,466,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
    [2010/10/06 20:11:33 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
    [2010/10/06 20:11:33 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
    [2010/10/06 20:11:32 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
    [2010/10/06 20:11:00 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
    [2010/10/06 20:11:00 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
    [2010/10/06 20:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
    [2010/10/06 20:02:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
    [2010/10/06 20:01:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
    [2010/10/03 02:23:08 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Friends (iPhone)
    [2010/10/02 19:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\Video to GIF
    [2010/09/26 16:26:59 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\dvdcss
    [2010/09/24 02:54:30 | 000,521,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
    [2010/09/24 02:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2010/09/24 02:26:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Virus Solutions
    [2010/09/24 02:25:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2010/09/23 19:21:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YAMB
    [2010/09/22 21:24:29 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\storage
    [2010/09/22 19:13:38 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Cinema 4D Projects
    [2010/09/22 12:09:20 | 000,000,000 | ---D | C] -- C:\Program Files\MAXON
    [2010/09/22 12:04:11 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\MAXON
    [2010/09/17 21:44:57 | 000,086,016 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysWow64\ZDN50.dll
    [2010/09/17 21:44:57 | 000,054,656 | ---- | C] (ZyDAS Technology Corporation) -- C:\Windows\SysWow64\ZD1201U.sys
    [2010/09/17 21:44:57 | 000,015,872 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysWow64\ZDNDIS5.sys
    [2010/09/17 21:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Billionton System Inc
    [2010/04/05 19:38:30 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Jason\AppData\Roaming\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2010/10/17 14:25:41 | 000,018,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/10/17 14:25:41 | 000,018,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/10/17 14:24:50 | 000,887,274 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/10/17 14:24:50 | 000,738,374 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/10/17 14:24:50 | 000,150,630 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/10/17 14:20:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/10/17 14:20:27 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/17 12:55:11 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/16 20:13:22 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jason\Desktop\mbam-setup.exe
    [2010/10/15 08:58:36 | 3583,018,285 | ---- | M] () -- C:\Users\Jason\Desktop\Quantum of Solace (720p-Bluray).mp4
    [2010/10/14 17:21:53 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
    [2010/10/14 17:21:53 | 000,189,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
    [2010/10/14 17:21:53 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
    [2010/10/14 17:21:53 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
    [2010/10/14 08:18:30 | 069,617,944 | ---- | M] () -- C:\Users\Jason\Desktop\jdk-6u22-windows-x64.exe
    [2010/10/14 02:48:15 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Jason\Desktop\ATF-Cleaner.exe
    [2010/10/13 22:06:10 | 000,000,600 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\winscp.rnd
    [2010/10/12 20:17:37 | 000,001,793 | ---- | M] () -- C:\Users\Jason\Desktop\WinSCP.lnk
    [2010/10/12 16:42:25 | 000,001,908 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    [2010/10/12 16:31:45 | 000,000,023 | ---- | M] () -- C:\Windows\SysWow64\Error.dump
    [2010/10/12 16:12:35 | 000,812,216 | ---- | M] () -- C:\Users\Jason\Desktop\IMG_0027.PNG
    [2010/10/12 16:05:49 | 000,317,698 | ---- | M] () -- C:\Users\Jason\Desktop\IMG_0026.PNG
    [2010/10/12 16:05:15 | 000,318,959 | ---- | M] () -- C:\Users\Jason\Desktop\IMG_0025.PNG
    [2010/10/12 16:04:33 | 000,317,012 | ---- | M] () -- C:\Users\Jason\Desktop\IMG_0024.PNG
    [2010/10/12 16:04:25 | 000,319,881 | ---- | M] () -- C:\Users\Jason\Desktop\IMG_0023.PNG
    [2010/10/12 16:04:15 | 000,318,355 | ---- | M] () -- C:\Users\Jason\Desktop\IMG_0022.PNG
    [2010/10/11 22:52:29 | 000,015,706 | ---- | M] () -- C:\Users\Jason\Desktop\Macbeth Essay.docx
    [2010/10/10 23:59:27 | 000,038,400 | ---- | M] () -- C:\Users\Jason\Desktop\WRITING+AN+ESSAY+using+teel.doc
    [2010/10/10 17:49:06 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Mouse and Keyboard Settings.lnk
    [2010/10/10 17:49:06 | 000,001,053 | ---- | M] () -- C:\Users\Jason\Desktop\CINEMA 4D.lnk
    [2010/10/10 17:47:16 | 003,036,158 | ---- | M] () -- C:\Users\Jason\Desktop\IMG_0416.JPG
    [2010/10/09 17:43:22 | 001,244,429 | ---- | M] () -- C:\Users\Jason\Desktop\tears_sun1.mp3
    [2010/10/09 12:41:49 | 008,171,230 | ---- | M] () -- C:\Users\Jason\Documents\Sat Oct 09 12;38;23 2010.mp3
    [2010/10/06 20:17:47 | 000,001,441 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/10/03 02:21:31 | 000,010,691 | ---- | M] () -- C:\Users\Jason\Documents\dvd_ripper_largeCover.jpg
    [2010/10/01 14:34:54 | 059,791,528 | ---- | M] () -- C:\Users\Jason\Desktop\Bluray Add.avi
    [2010/10/01 00:51:04 | 000,054,702 | ---- | M] () -- C:\Users\Jason\Desktop\Untitled Project.aep
    [2010/09/26 16:14:08 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\ImTOO DVD Ripper Ultimate 6.lnk
    [2010/09/25 20:02:50 | 000,000,572 | ---- | M] () -- C:\Users\Jason\Desktop\Fraps.lnk
    [2010/09/24 02:44:48 | 000,002,378 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg
    [2010/09/24 02:44:48 | 000,000,691 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\GetValue.vbs
    [2010/09/24 02:44:48 | 000,000,035 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\SetValue.bat
    [2010/09/22 13:11:20 | 000,085,294 | ---- | M] () -- C:\Users\Jason\Documents\body.c4d
    [2010/09/17 21:44:57 | 000,002,200 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ZDConfig.lnk

    ========== Files Created - No Company Name ==========

    [2010/10/17 12:55:11 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/15 07:59:38 | 3583,018,285 | ---- | C] () -- C:\Users\Jason\Desktop\Quantum of Solace (720p-Bluray).mp4
    [2010/10/14 08:18:30 | 069,617,944 | ---- | C] () -- C:\Users\Jason\Desktop\jdk-6u22-windows-x64.exe
    [2010/10/12 20:17:38 | 000,000,600 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\winscp.rnd
    [2010/10/12 20:17:37 | 000,001,793 | ---- | C] () -- C:\Users\Jason\Desktop\WinSCP.lnk
    [2010/10/12 19:32:18 | 000,812,216 | ---- | C] () -- C:\Users\Jason\Desktop\IMG_0027.PNG
    [2010/10/12 19:32:18 | 000,317,698 | ---- | C] () -- C:\Users\Jason\Desktop\IMG_0026.PNG
    [2010/10/12 19:32:17 | 000,318,959 | ---- | C] () -- C:\Users\Jason\Desktop\IMG_0025.PNG
    [2010/10/12 19:32:17 | 000,317,012 | ---- | C] () -- C:\Users\Jason\Desktop\IMG_0024.PNG
    [2010/10/12 19:32:16 | 000,319,881 | ---- | C] () -- C:\Users\Jason\Desktop\IMG_0023.PNG
    [2010/10/12 19:32:16 | 000,318,355 | ---- | C] () -- C:\Users\Jason\Desktop\IMG_0022.PNG
    [2010/10/11 00:14:14 | 000,015,706 | ---- | C] () -- C:\Users\Jason\Desktop\Macbeth Essay.docx
    [2010/10/10 23:59:29 | 000,038,400 | ---- | C] () -- C:\Users\Jason\Desktop\WRITING+AN+ESSAY+using+teel.doc
    [2010/10/10 17:26:03 | 003,036,158 | ---- | C] () -- C:\Users\Jason\Desktop\IMG_0416.JPG
    [2010/10/09 17:43:16 | 001,244,429 | ---- | C] () -- C:\Users\Jason\Desktop\tears_sun1.mp3
    [2010/10/09 12:38:23 | 008,171,230 | ---- | C] () -- C:\Users\Jason\Documents\Sat Oct 09 12;38;23 2010.mp3
    [2010/10/06 20:17:43 | 000,001,441 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/10/01 14:33:17 | 059,791,528 | ---- | C] () -- C:\Users\Jason\Desktop\Bluray Add.avi
    [2010/09/30 03:27:48 | 000,054,702 | ---- | C] () -- C:\Users\Jason\Desktop\Untitled Project.aep
    [2010/09/26 16:27:12 | 000,010,691 | ---- | C] () -- C:\Users\Jason\Documents\dvd_ripper_largeCover.jpg
    [2010/09/26 16:14:08 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\ImTOO DVD Ripper Ultimate 6.lnk
    [2010/09/25 20:02:50 | 000,000,572 | ---- | C] () -- C:\Users\Jason\Desktop\Fraps.lnk
    [2010/09/24 02:44:48 | 000,000,691 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\GetValue.vbs
    [2010/09/24 02:44:48 | 000,000,035 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\SetValue.bat
    [2010/09/24 02:31:36 | 000,002,378 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg
    [2010/09/22 13:11:20 | 000,085,294 | ---- | C] () -- C:\Users\Jason\Documents\body.c4d
    [2010/09/22 12:18:21 | 000,001,053 | ---- | C] () -- C:\Users\Jason\Desktop\CINEMA 4D.lnk
    [2010/09/17 21:44:57 | 000,068,268 | ---- | C] () -- C:\Windows\SysWow64\WS01UPh.bin
    [2010/09/17 21:44:57 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\ZDTRLib.DLL
    [2010/09/17 21:44:57 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ZD12APP.dll
    [2010/09/17 21:44:57 | 000,029,345 | ---- | C] () -- C:\Windows\SysWow64\ZDNDIS3.VXD
    [2010/09/17 21:44:57 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe
    [2010/09/17 21:44:57 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll
    [2010/09/17 21:44:57 | 000,002,200 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ZDConfig.lnk
    [2010/09/07 22:36:07 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
    [2010/09/07 22:35:46 | 000,000,893 | ---- | C] () -- C:\Windows\disney.ini
    [2010/08/05 19:51:30 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
    [2010/07/19 23:02:22 | 000,000,760 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\setup_ldm.iss
    [2010/07/10 00:15:27 | 000,000,083 | ---- | C] () -- C:\Windows\SysWow64\winitn.dll
    [2010/07/10 00:15:25 | 000,000,001 | ---- | C] () -- C:\Windows\sslzdlt.dll
    [2010/07/10 00:15:24 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
    [2010/06/25 16:36:04 | 000,000,093 | ---- | C] () -- C:\Users\Jason\AppData\Local\fusioncache.dat
    [2010/06/13 22:51:43 | 000,033,134 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\UserTile.png
    [2010/05/31 13:46:08 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\cdga.dll
    [2010/04/29 10:34:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2010/04/05 19:38:58 | 000,000,034 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.log
    [2010/04/05 19:38:30 | 000,099,384 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\inst.exe
    [2010/04/05 19:38:30 | 000,007,859 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.cat
    [2010/04/05 19:38:30 | 000,001,167 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.inf
    [2010/04/02 03:59:05 | 000,883,530 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/03/29 23:49:42 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
    [2010/03/26 18:11:28 | 000,000,041 | ---- | C] () -- C:\Program Files\New Text Document.txt
    [2010/03/05 19:25:12 | 000,000,927 | ---- | C] () -- C:\Windows\ARPR.INI
    [2010/02/12 22:37:17 | 000,000,017 | ---- | C] () -- C:\Users\Jason\AppData\Local\resmon.resmoncfg
    [2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 06:31:04 | 000,089,088 | ---- | C] () -- C:\Windows\SysWow64\nvimage.dll
    [2008/10/22 06:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2007/06/28 21:54:10 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2007/06/28 21:52:18 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:FB1B13D8
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
    < End of report >



    thanks
     
  12. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Good. Any issues left?
     
  13. jasonrulz_44

    jasonrulz_44 Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    7
    No more issues, thank you so much for you help :)
     
  14. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    You're welcome :)


    THESE STEPS ARE VERY IMPORTANT

    Let's reset system restore
    Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

    A To disable the System Restore feature:

    1. Click on the Start button.
    2. Hover over the Computer option, right click on it and then click Properties.
    3. On the left hand side, click Advanced Settings.
    4. If asked to permit the action, click on Allow.
    5. Click on the System Protection tab.
    6. Select c: drive and click Configure...
    7. Select Turn off protection
    8. Press OK.
    Repeat steps 6-8 for each hard drive.

    B. Reboot.

    C Turn ON System Restore.
    Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.


    • Double-click OTL.exe.
    • Click the CleanUp! button.
    • Select Yes when the
      Begin cleanup Process?
      prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes, if not delete it by yourself.

    Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.


    UPDATING WINDOWS AND INTERNET EXPLORER

    IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

    If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

    Make your Internet Explorer more secure

    This can be done by following these simple instructions:
    From within Internet Explorer click on the Tools menu and then click on Options.
    Click once on the Security tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.



    The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

    • Download and run Secunia Personal Software Inspector (PSI) and fix its findings.
    • Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:
      Antivir
      Avast!
      Good commercial ones are from:
      Kaspersky and
      ESET


    Just a final reminder for you. I am trying to stress these two points.
    UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
    Make sure all of your security programs are up to date.
    Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


    Once again, please post and tell me how things are going with your system... problems etc.

    Have a great day,
    Blade :cool:
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/952697