[Help Help]

Just ran a MBAM updated scan.
here is the log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4018

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/21/2010 6:49:10 PM
mbam-log-2010-04-21 (18-49-10).txt

Scan type: Quick scan
Objects scanned: 110437
Time elapsed: 6 minute(s), 41 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 14
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 89

Memory Processes Infected:
c:\program files (x86)\internet explorer\wmpscfgs.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Windows\Temp\ctv4174 .exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
c:\Windows\System32\FastUv32.dll (Backdoor.Bot) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fastuserswitchingcompatibility (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zoqyivvcd9 (Rootkit.Tent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adobeupdater6 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hf8wefhuaihf8ewfydiujhfdsfdf (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87efjhdsf87f3jfsdi7fhsujfd (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\egistecliveupdate (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adobe reader speed launcher (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nortononlinebackupreminder (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lmanager (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\clistart.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\startccc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\remotecontrol8 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pdvd8languageshortcut (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\acer assist launcher (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sunjavaupdatesched (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bcssync (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\FastUv32.dll (Backdoor.Bot) -> Delete on reboot.
c:\program files (x86)\internet explorer\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Temp\ctv4174 .exe (Trojan.Downloader) -> Delete on reboot.
C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\wqmxpsuc .exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\user.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Launch Manager\lmanager.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\clistart.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CyberLink\PowerDVD8\Language\language.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Acer\Acer Assist\launcher.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Microsoft Office\Office14\bcssync.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\bnfvbt0i0t.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Internet Explorer\js.mui (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2015645204-2290736338-130079446-1001\$RVEZIRO.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\bnfvbt0i0t.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Windows\System32\diskchk.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\reader_s .exe (Trojan.Cutwail) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\zoqyivvcd9.sys (Rootkit.Tent) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\122511744.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\12400622.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\1276961910.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\1886270490.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\1944827199.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\1961479364.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\2463629597.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\2803280513.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\2994776.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\3584726968.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\3933601.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\683401587.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\699591819.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\811461440.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\9380967.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\arscnwomxe.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\avp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\avp32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\b1qypg3cbvo.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\ctv176 .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\ctv39404 .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\ctv40652 .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\debug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\drweb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\geurge .exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\geurge.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\hexdump .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\hexdump.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\iexplarer.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\install.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\login.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\mdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\notepad.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\nvsvc32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\rfyhlujh.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\rknfl.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\secnwmxaor.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\smss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\spoolsv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\system.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\taskmgr .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\uaufqma .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\user .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\user .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\win16.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\winamp .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\winamp .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\winamp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\wqmxpsuc .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\wqmxpsuc .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\wqmxpsuc .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\wqmxpsuc .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\wqmxpsuc .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\Temp\wqmxpsuc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Temp\ctv175657 .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Temp\ctv33066 .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Temp\ctv75067 .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Temp\ctv84117 .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Temp\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\services .exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\System32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Adobe\acrotray .exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\laptop\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Users\laptop\AppData\Local\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

[Advertisements]

One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.

I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?



NEXT:



Running OTS Fix
Start OTS Copy/Paste the information inside the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Processes - Safe List]
YY -> atibtmon.exe -> C:\Windows\SysWow64\atibtmon.exe
YY -> ctv4174 .exe -> C:\Windows\Temp\ctv4174 .exe
[Win32 Services - Safe List]
YY -> (Akamai) Akamai NetSession Interface [Auto | Running] -> c:\Program Files (x86)\Common Files\Akamai\rswin_3653.dll
[Driver Services - Safe List]
YY -> (zoqyivvcd9) zoqyivvcd9 [Kernel | System | Stopped] -> C:\Windows\SysWOW64\drivers\zoqyivvcd9.sys
[Registry - Safe List]
< FireFox Settings [Prefs.js] > -> C:\Users\Laptop\AppData\Roaming\Mozilla\FireFox\Profiles\5k54anb5.default\prefs.js
YN -> browser.search.defaulturl -> "http://www3.iamwired.net/websearch.php?src=tops&search="
YN -> keyword.URL -> "http://www3.iamwired.net/websearch.php?src=tops&search="
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YY -> "InnoSetupRegFile.0000000001" -> C:\Windows\is-P5449.exe ["C:\Windows\is-P5449.exe" /REG]
< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YN -> "mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe]
< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YN -> "mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe]
< Run [HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\] > -> HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "hf8wefhuaihf8ewfydiujhfdsfdf" -> C:\Users\Laptop\AppData\Local\Temp\wqmxpsuc	  .exe [C:\Users\Laptop\appdata\local\temp\wqmxpsuc	  .exe]
YY -> "hsf87efjhdsf87f3jfsdi7fhsujfd" -> C:\Users\Laptop\AppData\Local\Temp\user.exe [C:\Users\Laptop\AppData\Local\Temp\user.exe]
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
YN -> \\"NoActiveDesktop" -> [1]
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\] > -> HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\Software\Microsoft\Internet Explorer\MenuExt\
YN -> Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html]
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet
YN -> /pagefile -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet
YN -> /pagefile -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
YN -> {09DA61E3-024F-47CA-9567-62B12BF5279E} -> profile=private | protocol=17 | dir=in | action=allow | name=limewire | app=c:\program files (x86)\limewire\limewire.exe |
YN -> {4B5A1ED1-A5B7-422D-96BE-F102C2E3933C} -> profile=private | protocol=6 | dir=in | action=allow | name=limewire | app=c:\program files (x86)\limewire\limewire.exe |
YN -> {7A41E530-0B15-4C29-B355-9E06282495F0} -> protocol=6 | dir=in | action=allow | name=μtorrent (tcp-in) | app=c:\program files (x86)\utorrent\utorrent.exe |
YN -> {80657D29-2041-4416-9B86-A5916C4C8BDA} -> protocol=17 | dir=in | action=allow | name=μtorrent (udp-in) | app=c:\program files (x86)\utorrent\utorrent.exe |
YN -> TCP Query User{075CC07B-1BA9-4F16-B64D-68DA41945316}C:\users\Laptop\appdata\local\temp\qmf.exe -> profile=private | protocol=6 | dir=in | action=block | name=qmf.exe | app=c:\users\Laptop\appdata\local\temp\qmf.exe |
YN -> UDP Query User{8FE81C51-E6B0-446B-9C51-91C5977D700D}C:\users\Laptop\appdata\local\temp\qmf.exe -> profile=private | protocol=17 | dir=in | action=block | name=qmf.exe | app=c:\users\Laptop\appdata\local\temp\qmf.exe |
[Registry - Additional Scans - Safe List]
< 64bit-Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
YN -> ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
YN -> msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
YN -> wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
[Files/Folders - Modified Within 30 Days]
NY -> +Lost+1x16+Outlaws.divx -> C:\Users\Laptop\Desktop\+Lost+1x16+Outlaws.divx
NY -> The+Apprentice+9x06+.divx -> C:\Users\Laptop\Desktop\The+Apprentice+9x06+.divx
NY -> is-P5449.exe -> C:\Windows\is-P5449.exe
NY -> is-P5449.msg -> C:\Windows\is-P5449.msg
NY -> is-P5449.lst -> C:\Windows\is-P5449.lst
NY -> Breaking+Bad+3x05+Mas.divx -> C:\Users\Laptop\Desktop\Breaking+Bad+3x05+Mas.divx
NY -> +Lost+1x15+Homecoming.divx -> C:\Users\Laptop\Desktop\+Lost+1x15+Homecoming.divx
NY -> exefix.reg -> C:\Users\Laptop\Desktop\exefix.reg
NY -> IGI4W75 -> C:\Users\Laptop\AppData\Local\IGI4W75
NY -> IGI4W75 -> C:\ProgramData\IGI4W75
NY -> +Lost+1x14+Special.divx -> C:\Users\Laptop\Desktop\+Lost+1x14+Special.divx
NY -> +Lost+1x13+Hearts+and+Minds.divx -> C:\Users\Laptop\Desktop\+Lost+1x13+Hearts+and+Minds.divx
NY -> +Lost+1x10+Raised+by+Another.divx -> C:\Users\Laptop\Desktop\+Lost+1x10+Raised+by+Another.divx
NY -> regedit.vbs -> C:\Users\Laptop\Desktop\regedit.vbs
NY -> 3351340037 -> C:\Users\Laptop\AppData\Local\3351340037
NY -> 3351340037 -> C:\ProgramData\3351340037
NY -> +Lost+1x09+Solitary.divx -> C:\Users\Laptop\Desktop\+Lost+1x09+Solitary.divx
NY -> +Lost+1x08+Confidence+Man.divx -> C:\Users\Laptop\Desktop\+Lost+1x08+Confidence+Man.divx
NY -> +Lost+1x07+The+Moth.divx -> C:\Users\Laptop\Desktop\+Lost+1x07+The+Moth.divx
NY -> MRT.INI -> C:\Windows\SysNative\MRT.INI
NY -> +Lost+1x06+House+of+the+Rising+Sun.divx -> C:\Users\Laptop\Desktop\+Lost+1x06+House+of+the+Rising+Sun.divx
NY -> zoqyivvcd9.sys -> C:\Windows\SysWow64\drivers\zoqyivvcd9.sys
NY -> ave.exe -> C:\Users\Laptop\AppData\Local\ave.exe
NY -> bnfvbt0i0t.dll -> C:\Windows\SysWow64\bnfvbt0i0t.dll
NY -> +Lost+1x01+Pilot+%28Part+1%29.divx -> C:\Users\Laptop\Desktop\+Lost+1x01+Pilot+%28Part+1%29.divx
NY -> Justified+1x05+The+Lord+of+War+and+Thunder.divx -> C:\Users\Laptop\Desktop\Justified+1x05+The+Lord+of+War+and+Thunder.divx
NY -> The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+2%29.divx -> C:\Users\Laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+2%29.divx
NY -> The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+1%29.divx -> C:\Users\Laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+1%29.divx
NY -> National+Geographic+-+Megafactories%3A+Lamborghini.divx -> C:\Users\Laptop\Desktop\National+Geographic+-+Megafactories%3A+Lamborghini.divx
NY -> 363 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp
NY -> 328 C:\Users\Laptop\AppData\Local\Temp\*.tmp files -> C:\Users\Laptop\AppData\Local\Temp\*.tmp
[Files - No Company Name]
NY -> The+Apprentice+9x06+.divx -> C:\Users\Laptop\Desktop\The+Apprentice+9x06+.divx
NY -> +Lost+1x14+Special.divx -> C:\Users\Laptop\Desktop\+Lost+1x14+Special.divx
NY -> +Lost+1x09+Solitary.divx -> C:\Users\Laptop\Desktop\+Lost+1x09+Solitary.divx
NY -> +Lost+1x08+Confidence+Man.divx -> C:\Users\Laptop\Desktop\+Lost+1x08+Confidence+Man.divx
NY -> +Lost+1x07+The+Moth.divx -> C:\Users\Laptop\Desktop\+Lost+1x07+The+Moth.divx
NY -> +Lost+1x06+House+of+the+Rising+Sun.divx -> C:\Users\Laptop\Desktop\+Lost+1x06+House+of+the+Rising+Sun.divx
NY -> zoqyivvcd9.sys -> C:\Windows\SysWow64\drivers\zoqyivvcd9.sys
NY -> +Lost+1x01+Pilot+%28Part+1%29.divx -> C:\Users\Laptop\Desktop\+Lost+1x01+Pilot+%28Part+1%29.divx
NY -> Justified+1x05+The+Lord+of+War+and+Thunder.divx -> C:\Users\Laptop\Desktop\Justified+1x05+The+Lord+of+War+and+Thunder.divx
NY -> The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+2%29.divx -> C:\Users\Laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+2%29.divx
NY -> The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+1%29.divx -> C:\Users\Laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+1%29.divx
NY -> National+Geographic+-+Megafactories%3A+Lamborghini.divx -> C:\Users\Laptop\Desktop\National+Geographic+-+Megafactories%3A+Lamborghini.divx
[Custom Scans]
NY -> zoqyivvcd9.sys -> C:\Windows\SysWOW64\drivers\zoqyivvcd9.sys
[Alternate Data Streams]
NY -> @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:C8B8CEBD
[Custom Items]
:files
C:\Windows\tasks\At*.job
:end
[Empty Temp Folders]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Make sure that the option "Remove found threats" is Unchecked
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin
  scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as
  ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

NEXT:



Re-Running OTS

• On your Desktop double-click on OTS.exe to start the program. Make sure you close all other programs.
• Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Post the new OTS log in your next reply.



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the OTS fix.
3. The log that was produced after running the ESET Online Scanner.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

[SweetTech]

One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.

I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?



NEXT:



Running OTS Fix
Start OTS Copy/Paste the information inside the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Processes - Safe List]
YY -> atibtmon.exe -> C:\Windows\SysWow64\atibtmon.exe
YY -> ctv4174 .exe -> C:\Windows\Temp\ctv4174 .exe
[Win32 Services - Safe List]
YY -> (Akamai) Akamai NetSession Interface [Auto | Running] -> c:\Program Files (x86)\Common Files\Akamai\rswin_3653.dll
[Driver Services - Safe List]
YY -> (zoqyivvcd9) zoqyivvcd9 [Kernel | System | Stopped] -> C:\Windows\SysWOW64\drivers\zoqyivvcd9.sys
[Registry - Safe List]
< FireFox Settings [Prefs.js] > -> C:\Users\Laptop\AppData\Roaming\Mozilla\FireFox\Profiles\5k54anb5.default\prefs.js
YN -> browser.search.defaulturl -> "http://www3.iamwired.net/websearch.php?src=tops&search="
YN -> keyword.URL -> "http://www3.iamwired.net/websearch.php?src=tops&search="
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YY -> "InnoSetupRegFile.0000000001" -> C:\Windows\is-P5449.exe ["C:\Windows\is-P5449.exe" /REG]
< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YN -> "mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe]
< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YN -> "mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe]
< Run [HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\] > -> HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "hf8wefhuaihf8ewfydiujhfdsfdf" -> C:\Users\Laptop\AppData\Local\Temp\wqmxpsuc	  .exe [C:\Users\Laptop\appdata\local\temp\wqmxpsuc	  .exe]
YY -> "hsf87efjhdsf87f3jfsdi7fhsujfd" -> C:\Users\Laptop\AppData\Local\Temp\user.exe [C:\Users\Laptop\AppData\Local\Temp\user.exe]
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
YN -> \\"NoActiveDesktop" -> [1]
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\] > -> HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\Software\Microsoft\Internet Explorer\MenuExt\
YN -> Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html]
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet
YN -> /pagefile -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet
YN -> /pagefile -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
YN -> {09DA61E3-024F-47CA-9567-62B12BF5279E} -> profile=private | protocol=17 | dir=in | action=allow | name=limewire | app=c:\program files (x86)\limewire\limewire.exe |
YN -> {4B5A1ED1-A5B7-422D-96BE-F102C2E3933C} -> profile=private | protocol=6 | dir=in | action=allow | name=limewire | app=c:\program files (x86)\limewire\limewire.exe |
YN -> {7A41E530-0B15-4C29-B355-9E06282495F0} -> protocol=6 | dir=in | action=allow | name=μtorrent (tcp-in) | app=c:\program files (x86)\utorrent\utorrent.exe |
YN -> {80657D29-2041-4416-9B86-A5916C4C8BDA} -> protocol=17 | dir=in | action=allow | name=μtorrent (udp-in) | app=c:\program files (x86)\utorrent\utorrent.exe |
YN -> TCP Query User{075CC07B-1BA9-4F16-B64D-68DA41945316}C:\users\Laptop\appdata\local\temp\qmf.exe -> profile=private | protocol=6 | dir=in | action=block | name=qmf.exe | app=c:\users\Laptop\appdata\local\temp\qmf.exe |
YN -> UDP Query User{8FE81C51-E6B0-446B-9C51-91C5977D700D}C:\users\Laptop\appdata\local\temp\qmf.exe -> profile=private | protocol=17 | dir=in | action=block | name=qmf.exe | app=c:\users\Laptop\appdata\local\temp\qmf.exe |
[Registry - Additional Scans - Safe List]
< 64bit-Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
YN -> ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
YN -> msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
YN -> wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
[Files/Folders - Modified Within 30 Days]
NY -> +Lost+1x16+Outlaws.divx -> C:\Users\Laptop\Desktop\+Lost+1x16+Outlaws.divx
NY -> The+Apprentice+9x06+.divx -> C:\Users\Laptop\Desktop\The+Apprentice+9x06+.divx
NY -> is-P5449.exe -> C:\Windows\is-P5449.exe
NY -> is-P5449.msg -> C:\Windows\is-P5449.msg
NY -> is-P5449.lst -> C:\Windows\is-P5449.lst
NY -> Breaking+Bad+3x05+Mas.divx -> C:\Users\Laptop\Desktop\Breaking+Bad+3x05+Mas.divx
NY -> +Lost+1x15+Homecoming.divx -> C:\Users\Laptop\Desktop\+Lost+1x15+Homecoming.divx
NY -> exefix.reg -> C:\Users\Laptop\Desktop\exefix.reg
NY -> IGI4W75 -> C:\Users\Laptop\AppData\Local\IGI4W75
NY -> IGI4W75 -> C:\ProgramData\IGI4W75
NY -> +Lost+1x14+Special.divx -> C:\Users\Laptop\Desktop\+Lost+1x14+Special.divx
NY -> +Lost+1x13+Hearts+and+Minds.divx -> C:\Users\Laptop\Desktop\+Lost+1x13+Hearts+and+Minds.divx
NY -> +Lost+1x10+Raised+by+Another.divx -> C:\Users\Laptop\Desktop\+Lost+1x10+Raised+by+Another.divx
NY -> regedit.vbs -> C:\Users\Laptop\Desktop\regedit.vbs
NY -> 3351340037 -> C:\Users\Laptop\AppData\Local\3351340037
NY -> 3351340037 -> C:\ProgramData\3351340037
NY -> +Lost+1x09+Solitary.divx -> C:\Users\Laptop\Desktop\+Lost+1x09+Solitary.divx
NY -> +Lost+1x08+Confidence+Man.divx -> C:\Users\Laptop\Desktop\+Lost+1x08+Confidence+Man.divx
NY -> +Lost+1x07+The+Moth.divx -> C:\Users\Laptop\Desktop\+Lost+1x07+The+Moth.divx
NY -> MRT.INI -> C:\Windows\SysNative\MRT.INI
NY -> +Lost+1x06+House+of+the+Rising+Sun.divx -> C:\Users\Laptop\Desktop\+Lost+1x06+House+of+the+Rising+Sun.divx
NY -> zoqyivvcd9.sys -> C:\Windows\SysWow64\drivers\zoqyivvcd9.sys
NY -> ave.exe -> C:\Users\Laptop\AppData\Local\ave.exe
NY -> bnfvbt0i0t.dll -> C:\Windows\SysWow64\bnfvbt0i0t.dll
NY -> +Lost+1x01+Pilot+%28Part+1%29.divx -> C:\Users\Laptop\Desktop\+Lost+1x01+Pilot+%28Part+1%29.divx
NY -> Justified+1x05+The+Lord+of+War+and+Thunder.divx -> C:\Users\Laptop\Desktop\Justified+1x05+The+Lord+of+War+and+Thunder.divx
NY -> The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+2%29.divx -> C:\Users\Laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+2%29.divx
NY -> The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+1%29.divx -> C:\Users\Laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+1%29.divx
NY -> National+Geographic+-+Megafactories%3A+Lamborghini.divx -> C:\Users\Laptop\Desktop\National+Geographic+-+Megafactories%3A+Lamborghini.divx
NY -> 363 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp
NY -> 328 C:\Users\Laptop\AppData\Local\Temp\*.tmp files -> C:\Users\Laptop\AppData\Local\Temp\*.tmp
[Files - No Company Name]
NY -> The+Apprentice+9x06+.divx -> C:\Users\Laptop\Desktop\The+Apprentice+9x06+.divx
NY -> +Lost+1x14+Special.divx -> C:\Users\Laptop\Desktop\+Lost+1x14+Special.divx
NY -> +Lost+1x09+Solitary.divx -> C:\Users\Laptop\Desktop\+Lost+1x09+Solitary.divx
NY -> +Lost+1x08+Confidence+Man.divx -> C:\Users\Laptop\Desktop\+Lost+1x08+Confidence+Man.divx
NY -> +Lost+1x07+The+Moth.divx -> C:\Users\Laptop\Desktop\+Lost+1x07+The+Moth.divx
NY -> +Lost+1x06+House+of+the+Rising+Sun.divx -> C:\Users\Laptop\Desktop\+Lost+1x06+House+of+the+Rising+Sun.divx
NY -> zoqyivvcd9.sys -> C:\Windows\SysWow64\drivers\zoqyivvcd9.sys
NY -> +Lost+1x01+Pilot+%28Part+1%29.divx -> C:\Users\Laptop\Desktop\+Lost+1x01+Pilot+%28Part+1%29.divx
NY -> Justified+1x05+The+Lord+of+War+and+Thunder.divx -> C:\Users\Laptop\Desktop\Justified+1x05+The+Lord+of+War+and+Thunder.divx
NY -> The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+2%29.divx -> C:\Users\Laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+2%29.divx
NY -> The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+1%29.divx -> C:\Users\Laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+1%29.divx
NY -> National+Geographic+-+Megafactories%3A+Lamborghini.divx -> C:\Users\Laptop\Desktop\National+Geographic+-+Megafactories%3A+Lamborghini.divx
[Custom Scans]
NY -> zoqyivvcd9.sys -> C:\Windows\SysWOW64\drivers\zoqyivvcd9.sys
[Alternate Data Streams]
NY -> @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:C8B8CEBD
[Custom Items]
:files
C:\Windows\tasks\At*.job
:end
[Empty Temp Folders]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Make sure that the option "Remove found threats" is Unchecked
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin
  scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as
  ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

NEXT:



Re-Running OTS

• On your Desktop double-click on OTS.exe to start the program. Make sure you close all other programs.
• Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Post the new OTS log in your next reply.



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the OTS fix.
3. The log that was produced after running the ESET Online Scanner.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

[Help Help]

****..I'll get right on contacting my bank/etc.

Here's the OTS fix log:

All Processes Killed
[Processes - Safe List]
No active process named atibtmon.exe was found!
File C:\Windows\SysWow64\atibtmon.exe not found.
No active process named ctv4174 .exe was found!
File C:\Windows\Temp\ctv4174 .exe not found.
[Win32 Services - Safe List]
Service Akamai stopped successfully!
Service Akamai deleted successfully!
DllUnregisterServer procedure not found in c:\Program Files (x86)\Common Files\Akamai\rswin_3653.dll
c:\Program Files (x86)\Common Files\Akamai\rswin_3653.dll moved successfully.
[Driver Services - Safe List]
Error: No service named zoqyivvcd9 was found to stop!
Service\Driver key zoqyivvcd9 not found.
File C:\Windows\SysWOW64\drivers\zoqyivvcd9.sys not found.
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\InnoSetupRegFile.0000000001 not found.
File C:\Windows\is-P5449.exe not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\hf8wefhuaihf8ewfydiujhfdsfdf not found.
File C:\Users\Laptop\AppData\Local\Temp\wqmxpsuc .exe not found.
Registry value HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\hsf87efjhdsf87f3jfsdi7fhsujfd not found.
File C:\Users\Laptop\AppData\Local\Temp\user.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\/pagefile not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{09DA61E3-024F-47CA-9567-62B12BF5279E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09DA61E3-024F-47CA-9567-62B12BF5279E}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4B5A1ED1-A5B7-422D-96BE-F102C2E3933C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B5A1ED1-A5B7-422D-96BE-F102C2E3933C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7A41E530-0B15-4C29-B355-9E06282495F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A41E530-0B15-4C29-B355-9E06282495F0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{80657D29-2041-4416-9B86-A5916C4C8BDA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80657D29-2041-4416-9B86-A5916C4C8BDA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{075CC07B-1BA9-4F16-B64D-68DA41945316}C:\users\Laptop\appdata\local\temp\qmf.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8FE81C51-E6B0-446B-9C51-91C5977D700D}C:\users\Laptop\appdata\local\temp\qmf.exe not found.
[Registry - Additional Scans - Safe List]
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
[Files/Folders - Modified Within 30 Days]
File C:\Users\Laptop\Desktop\+Lost+1x16+Outlaws.divx not found!
File C:\Users\Laptop\Desktop\The+Apprentice+9x06+.divx not found!
File C:\Windows\is-P5449.exe not found!
File C:\Windows\is-P5449.msg not found!
File C:\Windows\is-P5449.lst not found!
File C:\Users\Laptop\Desktop\Breaking+Bad+3x05+Mas.divx not found!
File C:\Users\Laptop\Desktop\+Lost+1x15+Homecoming.divx not found!
File C:\Users\Laptop\Desktop\exefix.reg not found!
File C:\Users\Laptop\AppData\Local\IGI4W75 not found!
C:\ProgramData\IGI4W75 moved successfully.
File C:\Users\Laptop\Desktop\+Lost+1x14+Special.divx not found!
File C:\Users\Laptop\Desktop\+Lost+1x13+Hearts+and+Minds.divx not found!
File C:\Users\Laptop\Desktop\+Lost+1x10+Raised+by+Another.divx not found!
File C:\Users\Laptop\Desktop\regedit.vbs not found!
File C:\Users\Laptop\AppData\Local\3351340037 not found!
C:\ProgramData\3351340037 moved successfully.
File C:\Users\Laptop\Desktop\+Lost+1x09+Solitary.divx not found!
File C:\Users\Laptop\Desktop\+Lost+1x08+Confidence+Man.divx not found!
File C:\Users\Laptop\Desktop\+Lost+1x07+The+Moth.divx not found!
C:\Windows\SysNative\MRT.INI moved successfully.
File C:\Users\Laptop\Desktop\+Lost+1x06+House+of+the+Rising+Sun.divx not found!
File C:\Windows\SysWow64\drivers\zoqyivvcd9.sys not found!
File C:\Users\Laptop\AppData\Local\ave.exe not found!
File C:\Windows\SysWow64\bnfvbt0i0t.dll not found!
File C:\Users\Laptop\Desktop\+Lost+1x01+Pilot+%28Part+1%29.divx not found!
File C:\Users\Laptop\Desktop\Justified+1x05+The+Lord+of+War+and+Thunder.divx not found!
File C:\Users\Laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+2%29.divx not found!
File C:\Users\Laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+1%29.divx not found!
File C:\Users\Laptop\Desktop\National+Geographic+-+Megafactories%3A+Lamborghini.divx not found!
C:\Windows\Temp\BIT981A.tmp deleted successfully.
C:\Windows\Temp\fla8791.tmp deleted successfully.
C:\Windows\Temp\flaB0F5.tmp deleted successfully.
C:\Windows\Temp\GUR6A46.tmp deleted successfully.
C:\Windows\Temp\HTT115E.tmp deleted successfully.
C:\Windows\Temp\HTT121B.tmp deleted successfully.
C:\Windows\Temp\HTT1239.tmp deleted successfully.
C:\Windows\Temp\HTT1302.tmp deleted successfully.
C:\Windows\Temp\HTT14C6.tmp deleted successfully.
C:\Windows\Temp\HTT14CF.tmp deleted successfully.
C:\Windows\Temp\HTT15B4.tmp deleted successfully.
C:\Windows\Temp\HTT16B6.tmp deleted successfully.
C:\Windows\Temp\HTT177D.tmp deleted successfully.
C:\Windows\Temp\HTT1814.tmp deleted successfully.
C:\Windows\Temp\HTT183D.tmp deleted successfully.
C:\Windows\Temp\HTT1C03.tmp deleted successfully.
C:\Windows\Temp\HTT1C68.tmp deleted successfully.
C:\Windows\Temp\HTT1CCB.tmp deleted successfully.
C:\Windows\Temp\HTT1E51.tmp deleted successfully.
C:\Windows\Temp\HTT1EA4.tmp deleted successfully.
C:\Windows\Temp\HTT1FC9.tmp deleted successfully.
C:\Windows\Temp\HTT2003.tmp deleted successfully.
C:\Windows\Temp\HTT204F.tmp deleted successfully.
C:\Windows\Temp\HTT20F9.tmp deleted successfully.
C:\Windows\Temp\HTT211.tmp deleted successfully.
C:\Windows\Temp\HTT225C.tmp deleted successfully.
C:\Windows\Temp\HTT230E.tmp deleted successfully.
C:\Windows\Temp\HTT231D.tmp deleted successfully.
C:\Windows\Temp\HTT243B.tmp deleted successfully.
C:\Windows\Temp\HTT25C8.tmp deleted successfully.
C:\Windows\Temp\HTT286C.tmp deleted successfully.
C:\Windows\Temp\HTT2875.tmp deleted successfully.
C:\Windows\Temp\HTT28A6.tmp deleted successfully.
C:\Windows\Temp\HTT293B.tmp deleted successfully.
C:\Windows\Temp\HTT295E.tmp deleted successfully.
C:\Windows\Temp\HTT2985.tmp deleted successfully.
C:\Windows\Temp\HTT2998.tmp deleted successfully.
C:\Windows\Temp\HTT2BAF.tmp deleted successfully.
C:\Windows\Temp\HTT2DD8.tmp deleted successfully.
C:\Windows\Temp\HTT311D.tmp deleted successfully.
C:\Windows\Temp\HTT37.tmp deleted successfully.
C:\Windows\Temp\HTT3850.tmp deleted successfully.
C:\Windows\Temp\HTT3879.tmp deleted successfully.
C:\Windows\Temp\HTT38E5.tmp deleted successfully.
C:\Windows\Temp\HTT394D.tmp deleted successfully.
C:\Windows\Temp\HTT3964.tmp deleted successfully.
C:\Windows\Temp\HTT39C5.tmp deleted successfully.
C:\Windows\Temp\HTT3D52.tmp deleted successfully.
C:\Windows\Temp\HTT3EE5.tmp deleted successfully.
C:\Windows\Temp\HTT3FB3.tmp deleted successfully.
C:\Windows\Temp\HTT40E7.tmp deleted successfully.
C:\Windows\Temp\HTT412A.tmp deleted successfully.
C:\Windows\Temp\HTT41CA.tmp deleted successfully.
C:\Windows\Temp\HTT44AC.tmp deleted successfully.
C:\Windows\Temp\HTT44B.tmp deleted successfully.
C:\Windows\Temp\HTT4568.tmp deleted successfully.
C:\Windows\Temp\HTT462A.tmp deleted successfully.
C:\Windows\Temp\HTT4689.tmp deleted successfully.
C:\Windows\Temp\HTT470B.tmp deleted successfully.
C:\Windows\Temp\HTT48.tmp deleted successfully.
C:\Windows\Temp\HTT486A.tmp deleted successfully.
C:\Windows\Temp\HTT486F.tmp deleted successfully.
C:\Windows\Temp\HTT496A.tmp deleted successfully.
C:\Windows\Temp\HTT4AD9.tmp deleted successfully.
C:\Windows\Temp\HTT4B0D.tmp deleted successfully.
C:\Windows\Temp\HTT4BD2.tmp deleted successfully.
C:\Windows\Temp\HTT4C96.tmp deleted successfully.
C:\Windows\Temp\HTT4CCB.tmp deleted successfully.
C:\Windows\Temp\HTT4CF.tmp deleted successfully.
C:\Windows\Temp\HTT4ED2.tmp deleted successfully.
C:\Windows\Temp\HTT4EF.tmp deleted successfully.
C:\Windows\Temp\HTT4F6D.tmp deleted successfully.
C:\Windows\Temp\HTT4FB8.tmp deleted successfully.
C:\Windows\Temp\HTT513A.tmp deleted successfully.
C:\Windows\Temp\HTT5180.tmp deleted successfully.
C:\Windows\Temp\HTT54A0.tmp deleted successfully.
C:\Windows\Temp\HTT55E4.tmp deleted successfully.
C:\Windows\Temp\HTT5698.tmp deleted successfully.
C:\Windows\Temp\HTT57CE.tmp deleted successfully.
C:\Windows\Temp\HTT5839.tmp deleted successfully.
C:\Windows\Temp\HTT5A1F.tmp deleted successfully.
C:\Windows\Temp\HTT5AA2.tmp deleted successfully.
C:\Windows\Temp\HTT5BB7.tmp deleted successfully.
C:\Windows\Temp\HTT5E79.tmp deleted successfully.
C:\Windows\Temp\HTT5E7F.tmp deleted successfully.
C:\Windows\Temp\HTT5F3F.tmp deleted successfully.
C:\Windows\Temp\HTT6060.tmp deleted successfully.
C:\Windows\Temp\HTT606D.tmp deleted successfully.
C:\Windows\Temp\HTT63B1.tmp deleted successfully.
C:\Windows\Temp\HTT6443.tmp deleted successfully.
C:\Windows\Temp\HTT6606.tmp deleted successfully.
C:\Windows\Temp\HTT671B.tmp deleted successfully.
C:\Windows\Temp\HTT6750.tmp deleted successfully.
C:\Windows\Temp\HTT68.tmp deleted successfully.
C:\Windows\Temp\HTT691.tmp deleted successfully.
C:\Windows\Temp\HTT6B1B.tmp deleted successfully.
C:\Windows\Temp\HTT6B6F.tmp deleted successfully.
C:\Windows\Temp\HTT6C67.tmp deleted successfully.
C:\Windows\Temp\HTT6D1F.tmp deleted successfully.
C:\Windows\Temp\HTT6D79.tmp deleted successfully.
C:\Windows\Temp\HTT6DA8.tmp deleted successfully.
C:\Windows\Temp\HTT6E28.tmp deleted successfully.
C:\Windows\Temp\HTT6E3E.tmp deleted successfully.
C:\Windows\Temp\HTT6E40.tmp deleted successfully.
C:\Windows\Temp\HTT6F8B.tmp deleted successfully.
C:\Windows\Temp\HTT7020.tmp deleted successfully.
C:\Windows\Temp\HTT73CE.tmp deleted successfully.
C:\Windows\Temp\HTT744C.tmp deleted successfully.
C:\Windows\Temp\HTT7459.tmp deleted successfully.
C:\Windows\Temp\HTT752A.tmp deleted successfully.
C:\Windows\Temp\HTT75C1.tmp deleted successfully.
C:\Windows\Temp\HTT78FD.tmp deleted successfully.
C:\Windows\Temp\HTT790F.tmp deleted successfully.
C:\Windows\Temp\HTT7958.tmp deleted successfully.
C:\Windows\Temp\HTT79E6.tmp deleted successfully.
C:\Windows\Temp\HTT79F3.tmp deleted successfully.
C:\Windows\Temp\HTT7B48.tmp deleted successfully.
C:\Windows\Temp\HTT7BC3.tmp deleted successfully.
C:\Windows\Temp\HTT7C5C.tmp deleted successfully.
C:\Windows\Temp\HTT7D8B.tmp deleted successfully.
C:\Windows\Temp\HTT7DDC.tmp deleted successfully.
C:\Windows\Temp\HTT7E93.tmp deleted successfully.
C:\Windows\Temp\HTT7F1C.tmp deleted successfully.
C:\Windows\Temp\HTT8165.tmp deleted successfully.
C:\Windows\Temp\HTT8234.tmp deleted successfully.
C:\Windows\Temp\HTT833A.tmp deleted successfully.
C:\Windows\Temp\HTT83A9.tmp deleted successfully.
C:\Windows\Temp\HTT8433.tmp deleted successfully.
C:\Windows\Temp\HTT855D.tmp deleted successfully.
C:\Windows\Temp\HTT85DC.tmp deleted successfully.
C:\Windows\Temp\HTT87E7.tmp deleted successfully.
C:\Windows\Temp\HTT881E.tmp deleted successfully.
C:\Windows\Temp\HTT885.tmp deleted successfully.
C:\Windows\Temp\HTT8A20.tmp deleted successfully.
C:\Windows\Temp\HTT8ACE.tmp deleted successfully.
C:\Windows\Temp\HTT8B43.tmp deleted successfully.
C:\Windows\Temp\HTT8D42.tmp deleted successfully.
C:\Windows\Temp\HTT8D63.tmp deleted successfully.
C:\Windows\Temp\HTT8F91.tmp deleted successfully.
C:\Windows\Temp\HTT8FBA.tmp deleted successfully.
C:\Windows\Temp\HTT8FC1.tmp deleted successfully.
C:\Windows\Temp\HTT905B.tmp deleted successfully.
C:\Windows\Temp\HTT90C3.tmp deleted successfully.
C:\Windows\Temp\HTT9189.tmp deleted successfully.
C:\Windows\Temp\HTT9190.tmp deleted successfully.
C:\Windows\Temp\HTT9369.tmp deleted successfully.
C:\Windows\Temp\HTT93EA.tmp deleted successfully.
C:\Windows\Temp\HTT942C.tmp deleted successfully.
C:\Windows\Temp\HTT94CC.tmp deleted successfully.
C:\Windows\Temp\HTT954C.tmp deleted successfully.
C:\Windows\Temp\HTT9590.tmp deleted successfully.
C:\Windows\Temp\HTT9672.tmp deleted successfully.
C:\Windows\Temp\HTT969B.tmp deleted successfully.
C:\Windows\Temp\HTT981A.tmp deleted successfully.
C:\Windows\Temp\HTT9960.tmp deleted successfully.
C:\Windows\Temp\HTT99F.tmp deleted successfully.
C:\Windows\Temp\HTT9A09.tmp deleted successfully.
C:\Windows\Temp\HTT9DDE.tmp deleted successfully.
C:\Windows\Temp\HTT9DEB.tmp deleted successfully.
C:\Windows\Temp\HTT9E3C.tmp deleted successfully.
C:\Windows\Temp\HTTA07E.tmp deleted successfully.
C:\Windows\Temp\HTTA0A9.tmp deleted successfully.
C:\Windows\Temp\HTTA0C4.tmp deleted successfully.
C:\Windows\Temp\HTTA249.tmp deleted successfully.
C:\Windows\Temp\HTTA2A8.tmp deleted successfully.
C:\Windows\Temp\HTTA2CE.tmp deleted successfully.
C:\Windows\Temp\HTTA46E.tmp deleted successfully.
C:\Windows\Temp\HTTA548.tmp deleted successfully.
C:\Windows\Temp\HTTA5F4.tmp deleted successfully.
C:\Windows\Temp\HTTA615.tmp deleted successfully.
C:\Windows\Temp\HTTA6EB.tmp deleted successfully.
C:\Windows\Temp\HTTA8C2.tmp deleted successfully.
C:\Windows\Temp\HTTA8FD.tmp deleted successfully.
C:\Windows\Temp\HTTA91F.tmp deleted successfully.
C:\Windows\Temp\HTTAA0E.tmp deleted successfully.
C:\Windows\Temp\HTTAA8C.tmp deleted successfully.
C:\Windows\Temp\HTTAB10.tmp deleted successfully.
C:\Windows\Temp\HTTAB3D.tmp deleted successfully.
C:\Windows\Temp\HTTAC5F.tmp deleted successfully.
C:\Windows\Temp\HTTACF3.tmp deleted successfully.
C:\Windows\Temp\HTTADCB.tmp deleted successfully.
C:\Windows\Temp\HTTADDA.tmp deleted successfully.
C:\Windows\Temp\HTTAE34.tmp deleted successfully.
C:\Windows\Temp\HTTAE8D.tmp deleted successfully.
C:\Windows\Temp\HTTAFA9.tmp deleted successfully.
C:\Windows\Temp\HTTB021.tmp deleted successfully.
C:\Windows\Temp\HTTB062.tmp deleted successfully.
C:\Windows\Temp\HTTB16A.tmp deleted successfully.
C:\Windows\Temp\HTTB18F.tmp deleted successfully.
C:\Windows\Temp\HTTB1E7.tmp deleted successfully.
C:\Windows\Temp\HTTB370.tmp deleted successfully.
C:\Windows\Temp\HTTB423.tmp deleted successfully.
C:\Windows\Temp\HTTB469.tmp deleted successfully.
C:\Windows\Temp\HTTB46A.tmp deleted successfully.
C:\Windows\Temp\HTTB4FF.tmp deleted successfully.
C:\Windows\Temp\HTTB589.tmp deleted successfully.
C:\Windows\Temp\HTTB610.tmp deleted successfully.
C:\Windows\Temp\HTTB911.tmp deleted successfully.
C:\Windows\Temp\HTTB934.tmp deleted successfully.
C:\Windows\Temp\HTTB985.tmp deleted successfully.
C:\Windows\Temp\HTTBACF.tmp deleted successfully.
C:\Windows\Temp\HTTBAE7.tmp deleted successfully.
C:\Windows\Temp\HTTBB5F.tmp deleted successfully.
C:\Windows\Temp\HTTBB9.tmp deleted successfully.
C:\Windows\Temp\HTTBCF0.tmp deleted successfully.
C:\Windows\Temp\HTTBD55.tmp deleted successfully.
C:\Windows\Temp\HTTBDAC.tmp deleted successfully.
C:\Windows\Temp\HTTBE4D.tmp deleted successfully.
C:\Windows\Temp\HTTBE85.tmp deleted successfully.
C:\Windows\Temp\HTTBF8.tmp deleted successfully.
C:\Windows\Temp\HTTC023.tmp deleted successfully.
C:\Windows\Temp\HTTC06D.tmp deleted successfully.
C:\Windows\Temp\HTTC0B6.tmp deleted successfully.
C:\Windows\Temp\HTTC0DB.tmp deleted successfully.
C:\Windows\Temp\HTTC103.tmp deleted successfully.
C:\Windows\Temp\HTTC1D6.tmp deleted successfully.
C:\Windows\Temp\HTTC247.tmp deleted successfully.
C:\Windows\Temp\HTTC24D.tmp deleted successfully.
C:\Windows\Temp\HTTC287.tmp deleted successfully.
C:\Windows\Temp\HTTC2E8.tmp deleted successfully.
C:\Windows\Temp\HTTC461.tmp deleted successfully.
C:\Windows\Temp\HTTC532.tmp deleted successfully.
C:\Windows\Temp\HTTC620.tmp deleted successfully.
C:\Windows\Temp\HTTC635.tmp deleted successfully.
C:\Windows\Temp\HTTC888.tmp deleted successfully.
C:\Windows\Temp\HTTC89A.tmp deleted successfully.
C:\Windows\Temp\HTTC8F4.tmp deleted successfully.
C:\Windows\Temp\HTTC9EA.tmp deleted successfully.
C:\Windows\Temp\HTTCAB4.tmp deleted successfully.
C:\Windows\Temp\HTTCB44.tmp deleted successfully.
C:\Windows\Temp\HTTCB7C.tmp deleted successfully.
C:\Windows\Temp\HTTCD92.tmp deleted successfully.
C:\Windows\Temp\HTTCD99.tmp deleted successfully.
C:\Windows\Temp\HTTCE45.tmp deleted successfully.
C:\Windows\Temp\HTTD037.tmp deleted successfully.
C:\Windows\Temp\HTTD062.tmp deleted successfully.
C:\Windows\Temp\HTTD19D.tmp deleted successfully.
C:\Windows\Temp\HTTD258.tmp deleted successfully.
C:\Windows\Temp\HTTD331.tmp deleted successfully.
C:\Windows\Temp\HTTD352.tmp deleted successfully.
C:\Windows\Temp\HTTD3F1.tmp deleted successfully.
C:\Windows\Temp\HTTD486.tmp deleted successfully.
C:\Windows\Temp\HTTD4F8.tmp deleted successfully.
C:\Windows\Temp\HTTD61.tmp deleted successfully.
C:\Windows\Temp\HTTD66E.tmp deleted successfully.
C:\Windows\Temp\HTTD69B.tmp deleted successfully.
C:\Windows\Temp\HTTD76D.tmp deleted successfully.
C:\Windows\Temp\HTTD7AC.tmp deleted successfully.
C:\Windows\Temp\HTTD8EF.tmp deleted successfully.
C:\Windows\Temp\HTTD999.tmp deleted successfully.
C:\Windows\Temp\HTTDA53.tmp deleted successfully.
C:\Windows\Temp\HTTDB8E.tmp deleted successfully.
C:\Windows\Temp\HTTDC29.tmp deleted successfully.
C:\Windows\Temp\HTTDCD6.tmp deleted successfully.
C:\Windows\Temp\HTTDE8C.tmp deleted successfully.
C:\Windows\Temp\HTTDF36.tmp deleted successfully.
C:\Windows\Temp\HTTDFD3.tmp deleted successfully.
C:\Windows\Temp\HTTE15D.tmp deleted successfully.
C:\Windows\Temp\HTTE1D4.tmp deleted successfully.
C:\Windows\Temp\HTTE2FB.tmp deleted successfully.
C:\Windows\Temp\HTTE32D.tmp deleted successfully.
C:\Windows\Temp\HTTE358.tmp deleted successfully.
C:\Windows\Temp\HTTE35B.tmp deleted successfully.
C:\Windows\Temp\HTTE3C4.tmp deleted successfully.
C:\Windows\Temp\HTTE3E8.tmp deleted successfully.
C:\Windows\Temp\HTTE4D9.tmp deleted successfully.
C:\Windows\Temp\HTTE55C.tmp deleted successfully.
C:\Windows\Temp\HTTE5ED.tmp deleted successfully.
C:\Windows\Temp\HTTE6F3.tmp deleted successfully.
C:\Windows\Temp\HTTE888.tmp deleted successfully.
C:\Windows\Temp\HTTE959.tmp deleted successfully.
C:\Windows\Temp\HTTE992.tmp deleted successfully.
C:\Windows\Temp\HTTEA81.tmp deleted successfully.
C:\Windows\Temp\HTTEACB.tmp deleted successfully.
C:\Windows\Temp\HTTEB22.tmp deleted successfully.
C:\Windows\Temp\HTTECF6.tmp deleted successfully.
C:\Windows\Temp\HTTED6E.tmp deleted successfully.
C:\Windows\Temp\HTTED7F.tmp deleted successfully.
C:\Windows\Temp\HTTEF09.tmp deleted successfully.
C:\Windows\Temp\HTTEF21.tmp deleted successfully.
C:\Windows\Temp\HTTEF33.tmp deleted successfully.
C:\Windows\Temp\HTTEFE.tmp deleted successfully.
C:\Windows\Temp\HTTF043.tmp deleted successfully.
C:\Windows\Temp\HTTF084.tmp deleted successfully.
C:\Windows\Temp\HTTF15E.tmp deleted successfully.
C:\Windows\Temp\HTTF16F.tmp deleted successfully.
C:\Windows\Temp\HTTF33C.tmp deleted successfully.
C:\Windows\Temp\HTTF3FD.tmp deleted successfully.
C:\Windows\Temp\HTTF4A9.tmp deleted successfully.
C:\Windows\Temp\HTTF51.tmp deleted successfully.
C:\Windows\Temp\HTTF5EF.tmp deleted successfully.
C:\Windows\Temp\HTTF678.tmp deleted successfully.
C:\Windows\Temp\HTTF798.tmp deleted successfully.
C:\Windows\Temp\HTTFA6A.tmp deleted successfully.
C:\Windows\Temp\HTTFB3C.tmp deleted successfully.
C:\Windows\Temp\HTTFC6D.tmp deleted successfully.
C:\Windows\Temp\HTTFCC8.tmp deleted successfully.
C:\Windows\Temp\HTTFCFF.tmp deleted successfully.
C:\Windows\Temp\HTTFEE.tmp deleted successfully.
C:\Windows\Temp\HTTFF9F.tmp deleted successfully.
C:\Windows\Temp\HTTFFEC.tmp deleted successfully.
C:\Windows\Temp\HTTFFFE.tmp deleted successfully.
C:\Windows\Temp\is199C.tmp deleted successfully.
C:\Windows\Temp\is1D9E.tmp deleted successfully.
C:\Windows\Temp\is4054.tmp deleted successfully.
C:\Windows\Temp\is8447.tmp deleted successfully.
C:\Windows\Temp\isD3E1.tmp deleted successfully.
C:\Windows\Temp\isD6B2.tmp deleted successfully.
C:\Windows\Temp\TS_1DD6.tmp deleted successfully.
C:\Windows\Temp\TS_321.tmp deleted successfully.
C:\Windows\Temp\TS_67C.tmp deleted successfully.
C:\Windows\Temp\TS_A25.tmp deleted successfully.
C:\Windows\Temp\TS_CF02.tmp deleted successfully.
C:\Windows\Temp\TS_D55A.tmp deleted successfully.
C:\Windows\Temp\TS_DECD.tmp deleted successfully.
C:\Windows\Temp\TS_DF.tmp deleted successfully.
C:\Windows\Temp\TS_F950.tmp deleted successfully.
C:\Windows\Temp\~DF068784DC8AF0C551.TMP deleted successfully.
C:\Windows\Temp\~DF0CD8D6579D0DDFE5.TMP deleted successfully.
C:\Windows\Temp\~DF117A0AA1AE00B74E.TMP deleted successfully.
C:\Windows\Temp\~DF1660A6DF7ECA7A0D.TMP deleted successfully.
C:\Windows\Temp\~DF16DE8D00ADEBA4FF.TMP deleted successfully.
C:\Windows\Temp\~DF1C75FFE70DA4A276.TMP deleted successfully.
C:\Windows\Temp\~DF1CFD3E62DBB1ACB2.TMP deleted successfully.
C:\Windows\Temp\~DF22A0A08F1023B619.TMP deleted successfully.
C:\Windows\Temp\~DF2516BBDBCF755332.TMP deleted successfully.
C:\Windows\Temp\~DF2763C276AECE4FA7.TMP deleted successfully.
C:\Windows\Temp\~DF300119DA4B39F663.TMP deleted successfully.
C:\Windows\Temp\~DF327D6CD00F102219.TMP deleted successfully.
C:\Windows\Temp\~DF3529F999778769BF.TMP deleted successfully.
C:\Windows\Temp\~DF4C2D66AE372AA8E7.TMP deleted successfully.
C:\Windows\Temp\~DF5045550EA13974D3.TMP deleted successfully.
C:\Windows\Temp\~DF5B2F8123D08C3555.TMP deleted successfully.
C:\Windows\Temp\~DF684406EA9CF1778F.TMP deleted successfully.
C:\Windows\Temp\~DF735CEEC3F9BB3E30.TMP deleted successfully.
C:\Windows\Temp\~DF7511A49DCCDEE76E.TMP deleted successfully.
C:\Windows\Temp\~DF765E4153E40AB522.TMP deleted successfully.
C:\Windows\Temp\~DF7E1A2201F1DCDB85.TMP deleted successfully.
C:\Windows\Temp\~DF7E71C25715B27A11.TMP deleted successfully.
C:\Windows\Temp\~DF8100BA01C4F358F6.TMP deleted successfully.
C:\Windows\Temp\~DF88D8AE1156205C11.TMP deleted successfully.
C:\Windows\Temp\~DF8CA616ADB56A3021.TMP deleted successfully.
C:\Windows\Temp\~DF9012EC1AD3D69FB6.TMP deleted successfully.
C:\Windows\Temp\~DF933F047C1E56D611.TMP deleted successfully.
C:\Windows\Temp\~DF93DB0A8B39972075.TMP deleted successfully.
C:\Windows\Temp\~DF9F8AC2342A34E46B.TMP deleted successfully.
C:\Windows\Temp\~DF9FE30578C27B1C07.TMP deleted successfully.
C:\Windows\Temp\~DFABBD1E8E33AFDA74.TMP deleted successfully.
C:\Windows\Temp\~DFBB56FCFA0C92A639.TMP deleted successfully.
C:\Windows\Temp\~DFBCB551593BDAEB3E.TMP deleted successfully.
C:\Windows\Temp\~DFBEF79B8D13B45FF5.TMP deleted successfully.
C:\Windows\Temp\~DFCAB497ECDBE21813.TMP deleted successfully.
C:\Windows\Temp\~DFCBEDF794C88859BD.TMP deleted successfully.
C:\Windows\Temp\~DFCD3253E4051A31B4.TMP deleted successfully.
C:\Windows\Temp\~DFD5D05A5CC560B444.TMP deleted successfully.
C:\Windows\Temp\~DFD5F8D9320EDB800C.TMP deleted successfully.
C:\Windows\Temp\~DFE3105CAA8F78F3C0.TMP deleted successfully.
C:\Windows\Temp\~DFE67AEFD5A2CA528F.TMP deleted successfully.
C:\Windows\Temp\~DFEA981A3EE7B7E36E.TMP deleted successfully.
C:\Windows\Temp\~DFEE8E2766D9C98484.TMP deleted successfully.
C:\Windows\Temp\~DFF23FCBA30104BA09.TMP deleted successfully.
C:\Windows\Temp\~DFF687C9E0CE4ED869.TMP deleted successfully.
[Files - No Company Name]
File C:\Users\Laptop\Desktop\The+Apprentice+9x06+.divx not found!
File C:\Users\Laptop\Desktop\+Lost+1x14+Special.divx not found!
File C:\Users\Laptop\Desktop\+Lost+1x09+Solitary.divx not found!
File C:\Users\Laptop\Desktop\+Lost+1x08+Confidence+Man.divx not found!
File C:\Users\Laptop\Desktop\+Lost+1x07+The+Moth.divx not found!
File C:\Users\Laptop\Desktop\+Lost+1x06+House+of+the+Rising+Sun.divx not found!
File C:\Windows\SysWow64\drivers\zoqyivvcd9.sys not found!
File C:\Users\Laptop\Desktop\+Lost+1x01+Pilot+%28Part+1%29.divx not found!
File C:\Users\Laptop\Desktop\Justified+1x05+The+Lord+of+War+and+Thunder.divx not found!
File C:\Users\Laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+2%29.divx not found!
File C:\Users\Laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+1%29.divx not found!
File C:\Users\Laptop\Desktop\National+Geographic+-+Megafactories%3A+Lamborghini.divx not found!
[Custom Scans]
File/Folder C:\Windows\SysWOW64\drivers\zoqyivvcd9.sys not found.
[Alternate Data Streams]
ADS C:\ProgramData\Temp:C8B8CEBD deleted successfully.
[Custom Items]
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At206.job moved successfully.
C:\Windows\tasks\At207.job moved successfully.
C:\Windows\tasks\At208.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At22.job moved successfully.
C:\Windows\tasks\At23.job moved successfully.
C:\Windows\tasks\At24.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
C:\Windows\tasks\At916.job moved successfully.
C:\Windows\tasks\At917.job moved successfully.
C:\Windows\tasks\At918.job moved successfully.
C:\Windows\tasks\At919.job moved successfully.
C:\Windows\tasks\At920.job moved successfully.
C:\Windows\tasks\At921.job moved successfully.
C:\Windows\tasks\At922.job moved successfully.
C:\Windows\tasks\At923.job moved successfully.
C:\Windows\tasks\At924.job moved successfully.
C:\Windows\tasks\At925.job moved successfully.
C:\Windows\tasks\At926.job moved successfully.
C:\Windows\tasks\At927.job moved successfully.
C:\Windows\tasks\At928.job moved successfully.
C:\Windows\tasks\At929.job moved successfully.
C:\Windows\tasks\At930.job moved successfully.
C:\Windows\tasks\At931.job moved successfully.
C:\Windows\tasks\At932.job moved successfully.
C:\Windows\tasks\At933.job moved successfully.
C:\Windows\tasks\At934.job moved successfully.
C:\Windows\tasks\At935.job moved successfully.
C:\Windows\tasks\At936.job moved successfully.
C:\Windows\tasks\At937.job moved successfully.
C:\Windows\tasks\At938.job moved successfully.
C:\Windows\tasks\At939.job moved successfully.
[Empty Temp Folders]


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Laptop
->Temp folder emptied: 822699302 bytes
->Temporary Internet Files folder emptied: 47647429 bytes
->Java cache emptied: 46926982 bytes
->FireFox cache emptied: 101760422 bytes
->Flash cache emptied: 116367 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 699904 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 80708426 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 738426717 bytes

Total Files Cleaned = 1,754.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.28.3 fix logfile created on 04212010_230552

Files\Folders moved on Reboot...
C:\Users\Laptop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Edited by Help Help, 21 April 2010 - 11:22 PM.

[Help Help]

Here is the ESET:

C:\Program Files (x86)\AIM\aim .exe a variant of Win32/Kryptik.DSY trojan
C:\Program Files (x86)\AIM\aim .exe a variant of Win32/Kryptik.DSY trojan
C:\Program Files (x86)\AIM\aim .exe a variant of Win32/Kryptik.DSY trojan
C:\Program Files (x86)\AIM\aim .exe a variant of Win32/Kryptik.DSY trojan
C:\Program Files (x86)\AIM\aim .exe a variant of Win32/Kryptik.DSY trojan
C:\Program Files (x86)\AIM\aim.exe a variant of Win32/Kryptik.DSY trojan
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Explorer\DaRK BOT.exe a variant of Win32/PSW.VB.NCI trojan
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Explorer\DaRK DDoSeR(2).exe a variant of Win32/PSW.VB.NCI trojan
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Explorer\DaRK DDoSeR.exe a variant of Win32/PSW.VB.NCI trojan
C:\Users\Laptop\Downloads\DaRK BOT.exe a variant of Win32/PSW.VB.NCI trojan
C:\Users\Laptop\Downloads\DaRK DDoSeR(2).exe a variant of Win32/PSW.VB.NCI trojan
C:\Users\Laptop\Downloads\DaRK DDoSeR.exe a variant of Win32/PSW.VB.NCI trojan
C:\Users\Laptop\Downloads\scac7402.exe Win32/Adware.RK.AB application
C:\Windows\System32\spool\prtprocs\x64\00003928.tmp Win32/Olmarik.WW trojan

The computer has been running flawlessly ever since running MBAM a second time with its updated virus database. Computer rebooted after MBAM and all files work and nothing suspicious showing up under taskmanager. But I guess there are still those that ESET found that are lingering.

[Help Help]

And here is the OTS scan:

OTS logfile created on: 4/22/2010 2:09:49 AM - Run 2
OTS by OldTimer - Version 3.1.28.3	 Folder = C:\Users\Laptop\MALWARE FIXES
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.99 Gb Total Space | 222.94 Gb Free Space | 77.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: Laptop-PC
Current User Name: Laptop
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\Laptop\MALWARE FIXES\OTS.exe -> [2010/04/20 15:45:14 | 000,638,464 | ---- | M] (OldTimer Tools)
firefox.exe -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> [2010/04/01 13:11:10 | 000,908,248 | ---- | M] (Mozilla Corporation)
aim	  .exe -> C:\Program Files (x86)\AIM\aim	  .exe -> [2010/03/08 17:04:49 | 003,972,440 | ---- | M] (AOL Inc.)
vlc.exe -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -> [2009/10/30 07:28:54 | 000,135,592 | ---- | M] ()
officesas.exe -> C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe -> [2009/09/26 05:00:52 | 000,429,448 | ---- | M] (Microsoft Corporation)
officesasscheduler.exe -> C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe -> [2009/09/26 05:00:52 | 000,202,648 | ---- | M] (Microsoft Corporation)
dsiwmis.exe -> C:\Program Files (x86)\Launch Manager\dsiwmis.exe -> [2009/08/23 22:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.)
mwlservice.exe -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe -> [2009/08/06 13:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.)
mwldaemon.exe -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe -> [2009/08/06 13:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.)
updaterservice.exe -> C:\Program Files\Acer\Acer Updater\UpdaterService.exe -> [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer)
schedulersvc.exe -> C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -> [2009/06/17 20:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.)
greghsrw.exe -> C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -> [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated)
 
[Modules - Safe List]
ots.exe -> C:\Users\Laptop\MALWARE FIXES\OTS.exe -> [2010/04/20 15:45:14 | 000,638,464 | ---- | M] (OldTimer Tools)
comdlg32.dll -> C:\Windows\SysWOW64\comdlg32.dll -> [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll -> [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
64bit-(WatAdminSvc)  [Unknown | Stopped] -> C:\Windows\SysNative\Wat\WatAdminSvc.exe -> [2010/04/14 03:00:50 | 001,255,736 | ---- | M] (Microsoft Corporation)
64bit-(osppsvc)  [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -> [2009/09/26 04:28:30 | 004,924,336 | ---- | M] (Microsoft Corporation)
64bit-(ePowerSvc)  [Auto | Running] -> C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -> [2009/08/06 00:30:58 | 000,844,320 | ---- | M] (Acer Incorporated)
64bit-(AMD External Events Utility)  [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2009/07/29 08:03:42 | 000,203,264 | ---- | M] (AMD)
64bit-(WwanSvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\wwansvc.dll -> [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation)
64bit-(WbioSrvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\wbiosrvc.dll -> [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation)
64bit-(Power)  [Auto | Running] -> C:\Windows\SysNative\umpo.dll -> [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation)
64bit-(Themes)  [Auto | Running] -> C:\Windows\SysNative\themeservice.dll -> [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation)
64bit-(sppuinotify)  [On_Demand | Stopped] -> C:\Windows\SysNative\sppuinotify.dll -> [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation)
64bit-(SensrSvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\sensrsvc.dll -> [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation)
64bit-(PNRPsvc)  [On_Demand | Running] -> C:\Windows\SysNative\pnrpsvc.dll -> [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation)
64bit-(p2pimsvc)  [On_Demand | Running] -> C:\Windows\SysNative\pnrpsvc.dll -> [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation)
64bit-(HomeGroupProvider)  [On_Demand | Running] -> C:\Windows\SysNative\provsvc.dll -> [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation)
64bit-(RpcEptMapper)  [Unknown | Running] -> C:\Windows\SysNative\RpcEpMap.dll -> [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation)
64bit-(PNRPAutoReg)  [On_Demand | Stopped] -> C:\Windows\SysNative\pnrpauto.dll -> [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation)
64bit-(WinDefend)  [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
64bit-(HomeGroupListener)  [On_Demand | Running] -> C:\Windows\SysNative\ListSvc.dll -> [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation)
64bit-(FontCache)  [On_Demand | Stopped] -> C:\Windows\SysNative\FntCache.dll -> [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation)
64bit-(Dhcp)  [Auto | Running] -> C:\Windows\SysNative\dhcpcore.dll -> [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation)
64bit-(defragsvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\defragsvc.dll -> [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation)
64bit-(bthserv)  [On_Demand | Stopped] -> C:\Windows\SysNative\bthserv.dll -> [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation)
64bit-(BDESVC)  [Unknown | Stopped] -> C:\Windows\SysNative\bdesvc.dll -> [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation)
64bit-(AxInstSV)  [On_Demand | Stopped] -> C:\Windows\SysNative\AxInstSv.dll -> [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation)
64bit-(AppIDSvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\appidsvc.dll -> [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation)
64bit-(wbengine)  [On_Demand | Stopped] -> C:\Windows\SysNative\wbengine.exe -> [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation)
64bit-(sppsvc)  [Auto | Stopped] -> C:\Windows\SysNative\sppsvc.exe -> [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation)
64bit-(Fax)  [On_Demand | Stopped] -> C:\Windows\SysNative\FXSSVC.exe -> [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation)
64bit-(Updater Service)  [Auto | Running] -> C:\Program Files\Acer\Acer Updater\UpdaterService.exe -> [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer)
(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2010/01/10 22:44:32 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.)
(Microsoft SharePoint Workspace Audit Service) Microsoft SharePoint Workspace Audit Service [On_Demand | Stopped] -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -> [2009/10/29 10:22:50 | 030,603,640 | ---- | M] (Microsoft Corporation)
(DsiWMIService) Dritek WMI Service [Auto | Running] -> C:\Program Files (x86)\Launch Manager\dsiwmis.exe -> [2009/08/23 22:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.)
(MWLService) MyWinLocker Service [Auto | Running] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -> [2009/08/06 13:18:54 | 000,311,592 | ---- | M] ()
(VSS) Volume Shadow Copy [On_Demand | Stopped] -> C:\Windows\Vss -> [2009/07/13 23:20:14 | 000,000,000 | ---D | M]
(MSDTC) Distributed Transaction Coordinator [Unknown | Stopped] -> C:\Windows\SysWOW64\Msdtc -> [2009/07/13 23:20:14 | 000,000,000 | ---D | M]
(HomeGroupProvider) HomeGroup Provider [On_Demand | Running] -> C:\Windows\SysWOW64\provsvc.dll -> [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation)
(Dhcp) DHCP Client [Auto | Running] -> C:\Windows\SysWOW64\dhcpcore.dll -> [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation)
(vds) Virtual Disk [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vds.mof -> [2009/07/13 16:30:11 | 000,061,056 | ---- | M] ()
(NTISchedulerSvc) NTI Backup Now 5 Scheduler Service [Auto | Running] -> C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -> [2009/06/17 20:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.)
(NTIBackupSvc) NTI Backup Now 5 Backup Service [On_Demand | Stopped] -> C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -> [2009/06/17 20:31:46 | 000,050,432 | ---- | M] (NewTech InfoSystems, Inc.)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation)
(Greg_Service) GRegService [Auto | Running] -> C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -> [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated)
 
[Driver Services - Safe List]
64bit-(RSUSBSTOR) RtsUStor.Sys Realtek USB Card Reader [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\RtsUStor.sys -> [2009/08/09 23:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.)
64bit-(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2009/07/29 18:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.)
64bit-(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\athrx.sys -> [2009/07/16 07:33:44 | 001,488,384 | ---- | M] (Atheros Communications, Inc.)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(KSecPkg) KSecPkg [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\ksecpkg.sys -> [2009/07/13 21:48:04 | 000,153,152 | ---- | M] (Microsoft Corporation)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(hwpolicy) Hardware Policy Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\hwpolicy.sys -> [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation)
64bit-(FsDepends) File System Dependency Minifilter [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\fsdepends.sys -> [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company)
64bit-(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\wimmount.sys -> [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation)
64bit-(vhdmp) vhdmp [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\vhdmp.sys -> [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation)
64bit-(vdrvroot) Microsoft Virtual Drive Enumerator Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\vdrvroot.sys -> [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(rdyboost) ReadyBoost [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\rdyboost.sys -> [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation)
64bit-(pcw) Performance Counters for Windows Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\pcw.sys -> [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation)
64bit-(CNG) CNG [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\cng.sys -> [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation)
64bit-(fvevol) Bitlocker Drive Encryption Filter Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\fvevol.sys -> [2009/07/13 21:43:13 | 000,223,448 | ---- | M] (Microsoft Corporation)
64bit-(rdpbus) Remote Desktop Device Redirector Bus Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\rdpbus.sys -> [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation)
64bit-(RDPREFMP) Reflector Display Driver used to gain access to graphics data [Kernel | System | Running] -> C:\Windows\SysNative\drivers\RDPREFMP.sys -> [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation)
64bit-(RasAgileVpn) WAN Miniport (IKEv2) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\agilevpn.sys -> [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation)
64bit-(WfpLwf) WFP Lightweight Filter [Kernel | System | Running] -> C:\Windows\SysNative\drivers\wfplwf.sys -> [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation)
64bit-(NdisCap) NDIS Capture LightWeight Filter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ndiscap.sys -> [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation)
64bit-(vwififlt) Virtual WiFi Filter Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\vwififlt.sys -> [2009/07/13 20:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation)
64bit-(vwifibus) Virtual WiFi Bus Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\vwifibus.sys -> [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation)
64bit-(1394ohci) 1394 OHCI Compliant Host Controller [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\1394ohci.sys -> [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation)
64bit-(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HdAudio.sys -> [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation)
64bit-(usbvideo) USB Video Device (WDM) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\usbvideo.sys -> [2009/07/13 20:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation)
64bit-(UmPass) Microsoft UMPass Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\umpass.sys -> [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation)
64bit-(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\USBAUDIO.sys -> [2009/07/13 20:06:32 | 000,109,568 | ---- | M] (Microsoft Corporation)
64bit-(mshidkmdf) Pass-through HID to KMDF Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\mshidkmdf.sys -> [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation)
64bit-(WudfPf) User Mode Driver Frameworks Platform Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\WUDFPf.sys -> [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation)
64bit-(MTConfig) Microsoft Input Configuration Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\MTConfig.sys -> [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation)
64bit-(CompositeBus) Composite Bus Enumerator Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CompositeBus.sys -> [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation)
64bit-(Beep) Beep [Kernel | System | Running] -> C:\Windows\SysNative\drivers\beep.sys -> [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation)
64bit-(AppID) AppID Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\appid.sys -> [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation)
64bit-(scfilter) Smart card PnP Class Filter Driver [Kernel | Unknown | Stopped] -> C:\Windows\SysNative\drivers\scfilter.sys -> [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation)
64bit-(discache) System Attribute Cache [Kernel | System | Running] -> C:\Windows\SysNative\drivers\discache.sys -> [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation)
64bit-(HidBatt) HID UPS Battery Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hidbatt.sys -> [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation)
64bit-(CmBatt) Microsoft ACPI Control Method Battery Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CmBatt.sys -> [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation)
64bit-(AcpiPmi) ACPI Power Meter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\acpipmi.sys -> [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation)
64bit-(AmdPPM) AMD Processor Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdppm.sys -> [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation)
64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SynTP.sys -> [2009/06/18 08:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(mwlPSDVDisk) mwlPSDVDisk [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -> [2009/06/02 07:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.)
64bit-(mwlPSDFilter) mwlPSDFilter [File_System | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDFilter.sys -> [2009/06/02 07:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.)
64bit-(mwlPSDNServ) mwlPSDNServ [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDNserv.sys -> [2009/06/02 07:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.)
64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2009/05/22 10:52:30 | 000,215,040 | ---- | M] (Realtek											)
64bit-(NTIDrvr) NTIDrvr [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\NTIDrvr.sys -> [2009/05/05 04:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.)
64bit-(UBHelper) UBHelper [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\UBHelper.sys -> [2009/05/05 04:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation)
64bit-(AtiPcie) AMD PCI Express (3GIO) Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\AtiPcie.sys -> [2009/05/04 09:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.)
64bit-(usbfilter) AMD USB Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\usbfilter.sys -> [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices)
64bit-(adfs) adfs [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\adfs.sys -> [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.)
64bit-(FTDIBUS) USB Serial Converter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ftdibus.sys -> [2007/06/27 09:05:10 | 000,063,808 | ---- | M] (FTDI Ltd.)
64bit-(FTSER2K) USB Serial Port Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ftser2k.sys -> [2007/06/27 09:03:54 | 000,083,776 | ---- | M] (FTDI Ltd.)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
(NetBIOS) NetBIOS Interface [File_System | System | Running] -> C:\Windows\SysWOW64\netbios.dll -> [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation)
(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\wbem\mpsdrv.mof -> [2009/06/10 17:28:14 | 000,001,088 | ---- | M] ()
(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> C:\Windows\SysWOW64\wbem\tcpip.mof -> [2009/06/10 17:15:18 | 000,003,066 | ---- | M] ()
(mwlPSDVDisk) mwlPSDVDisk [Kernel | System | Running] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDVdisk.sys -> [2009/06/02 07:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.)
(mwlPSDNServ) mwlPSDNServ [Kernel | System | Running] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDNServ.sys -> [2009/06/02 07:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.)
(mwlPSDFilter) mwlPSDFilter [File_System | System | Running] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDFilter.sys -> [2009/06/02 07:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.)
(DKbFltr) Dritek Keyboard Filter Driver (64-bit) [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\drivers\DKbFltr.sys -> [2009/03/25 23:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361209a645l0334z1l5t48l2a24n -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361209a645l0334z1l5t48l2a24n -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361209a645l0334z1l5t48l2a24n -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361209a645l0334z1l5t48l2a24n -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361209a645l0334z1l5t48l2a24n -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> about:blank -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Laptop\AppData\Roaming\Mozilla\FireFox\Profiles\5k54anb5.default\prefs.js -> 
browser.search.defaultenginename -> "Search" ->
browser.search.defaulturl -> "http://www3.iamwired.net/websearch.php?src=tops&search=" ->
browser.startup.homepage -> "http://us.mc551.mail.yahoo.com/mc/welcome?.gx=1&.tm=1262230232&.rand=5tgkqcl6adcf0" ->
extensions.enabledItems -> {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0 ->
keyword.URL -> "http://www3.iamwired.net/websearch.php?src=tops&search=" ->
< FireFox Settings [User.js] > -> C:\Users\Laptop\AppData\Roaming\Mozilla\FireFox\Profiles\5k54anb5.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Eudora 8.0b9\extensions ->  -> 
HKLM\software\mozilla\Eudora 8.0b9\extensions\\Components -> C:\Program Files (x86)\Eudora 8.0 Beta 9\components [C:\PROGRAM FILES (X86)\EUDORA 8.0 BETA 9\COMPONENTS] -> [2010/03/13 16:38:50 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Eudora 8.0b9\extensions\\Plugins -> C:\PROGRAM FILES (X86)\EUDORA 8.0 BETA 9\PLUGINS -> 
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/04/01 14:43:29 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/04/01 13:11:12 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Thunderbird\Extensions ->  -> 
HKLM\software\mozilla\Thunderbird\Extensions\\[email protected] -> C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\Laptop\AppData\Roaming\Mozilla\Extensions -> [2010/03/13 16:38:51 | 000,000,000 | ---D | M]
No name found   -> C:\Users\Laptop\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} -> [2010/03/13 16:38:51 | 000,000,000 | ---D | M]
  -> C:\Users\Laptop\AppData\Roaming\Mozilla\Extensions\[email protected] -> [2009/12/08 19:48:23 | 000,000,000 | ---D | M]
  -> C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\5k54anb5.default\extensions -> [2010/04/21 12:19:53 | 000,000,000 | ---D | M]
TradeManager-Plugin   -> C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\5k54anb5.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF} -> [2009/12/30 11:13:18 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/04/21 12:19:53 | 000,000,000 | ---D | M]
< HOSTS File > ([2009/06/10 17:00:26 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Browser Helper] -> [2009/10/29 10:32:58 | 006,652,816 | ---- | M] (Microsoft Corporation)
{B4F3A835-0E21-4959-BA22-42B3008E02FF} [HKLM] -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [Office Document Cache Handler] -> [2009/11/03 21:19:14 | 000,683,392 | ---- | M] (Microsoft Corporation)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 18:41:30 | 000,408,448 | ---- | M] (Microsoft Corporation)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Acer ePower Management" -> C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe] -> [2009/08/06 00:30:58 | 000,828,960 | ---- | M] (Acer Incorporated)
"mwlDaemon" -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe] -> [2009/08/06 13:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.)
"RtHDVCpl" -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe] -> [2009/07/06 05:52:00 | 007,940,128 | ---- | M] (Realtek Semiconductor)
"Skytel" -> C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [C:\Program Files\Realtek\Audio\HDA\Skytel.exe] -> [2009/07/06 05:52:54 | 001,833,504 | ---- | M] (Realtek Semiconductor Corp.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Aim" -> C:\Program Files (x86)\AIM\aim	  .exe ["C:\Program Files (x86)\AIM\aim	  .exe" /d locale=en-US] -> [2010/03/08 17:04:49 | 003,972,440 | ---- | M] (AOL Inc.)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [0] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
\\"EnableLUA" ->  [0] -> File not found
\\"PromptOnSecureDesktop" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE [res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000] -> [2009/09/26 23:20:02 | 020,800,336 | ---- | M] (Microsoft Corporation)
Se&nd to OneNote -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105] -> [2009/10/28 23:28:50 | 000,633,760 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE [res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000] -> [2009/09/26 23:20:02 | 020,800,336 | ---- | M] (Microsoft Corporation)
Se&nd to OneNote -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105] -> [2009/10/28 23:28:50 | 000,633,760 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [Button: Send to OneNote] -> [2009/10/28 23:47:48 | 000,788,896 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [Menu: Se&nd to OneNote] -> [2009/10/28 23:47:48 | 000,788,896 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Button: OneNote Lin&ked Notes] -> [2009/10/28 23:47:46 | 000,592,288 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Menu: OneNote Lin&ked Notes] -> [2009/10/28 23:47:46 | 000,592,288 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009/02/06 21:07:54 | 000,187,248 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2009/02/06 21:07:54 | 000,187,248 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [Button: Send to OneNote] -> [2009/10/28 23:28:50 | 000,633,760 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [Menu: Se&nd to OneNote] -> [2009/10/28 23:28:50 | 000,633,760 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Button: OneNote Lin&ked Notes] -> [2009/10/28 23:28:48 | 000,493,984 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Menu: OneNote Lin&ked Notes] -> [2009/10/28 23:28:48 | 000,493,984 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{628F5436-45B1-426D-81CE-C6C96C13A0AC}\\DhcpNameServer -> 10.1.10.1   (Realtek PCIe GBE Family Controller) -> 
{EB27D864-ECA0-46C5-B729-6E747DDE5247}\\DhcpNameServer -> 192.168.1.1   (Atheros AR5B93 Wireless Network Adapter) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 21:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
systempropertiesperformance.exe -> C:\Windows\SysWow64\SystemPropertiesPerformance.exe -> [2009/07/13 21:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< 64bit-ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Stub Execution Hook] -> [2009/10/29 10:32:58 | 006,652,816 | ---- | M] (Microsoft Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Stub Execution Hook] -> [2009/10/29 10:22:48 | 004,150,160 | ---- | M] (Microsoft Corporation)
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
64bit-*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
pku2u -> C:\Windows\SysNative\pku2u.dll -> [2009/07/13 21:41:53 | 000,240,640 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
pku2u -> C:\Windows\SysWow64\pku2u.dll -> [2009/07/13 21:16:12 | 000,186,880 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{091F0DCC-D1E8-4F63-B422-7B49A8FF5994} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28503 | app=system | 
{1082A977-173C-459E-B8C7-437B612CC4CF} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28511 | app=system | 
{273A8A6A-B073-450C-A086-4108E8D307A7} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | 
{2BA41291-A795-4D33-8614-88863A456ED1} -> lport=5000 | profile=private | protocol=17 | dir=in | action=allow | name=akamai netsession interface | 
{2C3CDCA6-7454-414A-BC6C-5E9D89AF3C94} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28527 | app=system | 
{318D42DD-9291-40F8-A6AC-DFF0FA559B33} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{3BFF0F97-C5CD-426B-804D-EFB78541FF2E} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{3CCFB4E6-7AB6-4103-84D3-0E1DA6BCEF59} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{4695775E-C37F-4EEC-89D5-5662F699A375} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31277 | app=system | 
{48F6133A-D855-44E8-994F-D077D5305698} -> lport=49165 | profile=private | protocol=6 | dir=in | action=allow | name=akamai netsession interface | 
{51D873DE-0F03-41E8-BFA1-625B697ACB7F} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{583F8413-EF21-493A-AEA9-AF4DEB80F787} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{66555C0D-9DBE-4F1D-AE49-53CAF73EA875} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{75C6F8AD-24E6-4DA9-9948-CFF178FF2146} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28515 | app=system | 
{7759348A-1CAC-4635-94E0-3D051774BE05} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31285 | app=system | 
{7802BE22-D43A-4BB5-88DB-052708602D0D} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{7F3D8230-80B2-45E7-B669-D76D1698384A} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28531 | app=system | 
{80D76CC2-F801-4051-B3D8-6F6DDAD2062C} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
{8854D437-448C-4887-B068-84251C9FF8B0} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28539 | svc=rpcss | 
{9A351858-1B2C-4B3B-AC3D-562292CC52FF} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | 
{9EA40CBA-1B60-4CE5-A04C-D7F1F6134CDD} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28507 | app=system | 
{AF0E6183-D1A7-429B-BE9D-CAD2367AAB4B} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{B7858861-ADF0-4BDC-8009-B1ED60A361C3} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{C0015557-1356-4D10-88CB-430CF4275F35} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31289 | app=system | 
{C2B2D0ED-56E0-4CAD-A96B-C3D14355BE75} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{D346727C-8506-4BC0-A54E-3F877BFD30FE} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28519 | app=system | 
{D6066914-D530-47E8-AFC5-D3A5BA15C034} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{ECA2C314-6BDA-41D1-8E56-4A3A319FF495} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28523 | app=system | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{064C2CB8-3ABA-4C41-A2F6-EF4100A82E56} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31007 | app=%programfiles%\windows media player\wmplayer.exe | 
{0AE4E151-7A00-47F7-B28F-11C3379ABF29} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
{13F05C89-373E-4721-B98E-D63259D30787} -> profile=private | protocol=6 | dir=in | action=allow | name=services.exe | app=c:\windows\services.exe | 
{14435599-C76F-403B-BC08-7FBDCBCCEB25} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
{14BB2555-704D-4F9B-8122-2FDCE51B1A31} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{1CE3EA6B-E0EC-4D31-AA57-D7BBB38D515C} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31297 | app=%programfiles%\windows media player\wmplayer.exe | 
{20ADD131-1481-439C-B6D3-5583E41BA5A0} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31003 | app=%programfiles%\windows media player\wmplayer.exe | 
{27B287DE-37F9-4320-8D28-27118E254091} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{2867F456-D6D5-4624-B843-8BA50FC910A3} -> profile=public | protocol=6 | dir=in | action=allow | name=schedulersvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
{30180EDF-D509-4777-9180-DC14E2B0178E} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{30F62540-6477-4DDF-935D-9D6151B687B6} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
{3CAC5310-848F-4935-8D98-926C2C0D0F0F} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{4ED387D2-0091-4077-B613-7BFA5FBA0230} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{52F70010-E62A-48E8-9A7C-296446F9C7CB} -> profile=public | protocol=17 | dir=in | action=allow | name=backupsvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
{53474344-6DA8-400A-A657-9FF3B8B5AE3F} -> profile=public | protocol=17 | dir=in | action=allow | name=schedulersvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
{53FFD7DC-B4FA-47BC-A732-D8ECA2151029} -> profile=private | protocol=6 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim\aim.exe | 
{54E5E36A-C31B-437B-8170-63504F2663CF} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31301 | app=%programfiles%\windows media player\wmplayer.exe | 
{5BFB2FE4-8DC1-457E-AC2E-2AB37C0D8724} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{673E69AE-717E-4664-B44A-D9F76DC45BFA} -> dir=in | action=allow | name=cyberlink powerdvd 8.0 | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
{6FD38A2C-3C82-4886-B069-2CA05622873F} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{705A66FC-AF59-4FA6-BCDF-B20C5A160FFE} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31281 | app=system | 
{9EA74C80-B1DA-4E66-BF63-1E9E8D53193B} -> profile=private | protocol=1 | dir=in | action=allow | [email protected],-28543 | 
{9FF9E113-F0B2-4B4F-B86C-B4725E9E0C53} -> profile=public | protocol=6 | dir=in | action=allow | name=backupsvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
{A14419A2-8B41-483C-8D56-736D32EB577A} -> profile=private | protocol=17 | dir=in | action=allow | name=services.exe | app=c:\windows\services.exe | 
{AC1C37D2-0728-46DD-B664-DCABEB54C6AF} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{AF8AF79D-3944-47BC-B1CA-89BEFCA68229} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
{B2BBE44F-584D-4E68-892C-21B2FAD4BE86} -> profile=private | protocol=1 | dir=out | action=allow | [email protected],-28544 | 
{B83629B9-90EF-4EBF-9BC6-64766FB78046} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31011 | app=%programfiles%\windows media player\wmplayer.exe | 
{C1E2C783-60E5-44E1-B978-B5FDBDD9B8E3} -> profile=private | protocol=58 | dir=in | action=allow | [email protected],-28545 | 
{DB8D9BC3-BEFD-4EA4-AD5A-F8BE0A8B8951} -> profile=private | protocol=58 | dir=out | action=allow | [email protected],-28546 | 
{E2E387D7-8665-4E2B-A62E-2F30695C2FF7} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
{E7E4C252-184C-4A62-8044-9DAF2130EE9F} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
{F2426A15-62F2-49B4-A499-915FA48CF503} -> profile=private | protocol=17 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim\aim.exe | 
{F447B1C9-277D-4689-A324-484EAB2E7CFD} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
{FAEF2E6D-ECED-4406-9F4E-A135CC7E2513} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31293 | app=%programfiles%\windows media player\wmplayer.exe | 
{FC88EE31-B487-4EFB-8105-B18A3ED857E3} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{FFFDA5EB-9EA2-444B-94F2-AD6A781DFCA0} -> profile=private | protocol=6 | dir=in | action=allow | [email protected],-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | 
TCP Query User{075CC07B-1BA9-4F16-B64D-68DA41945316}C:\users\Laptop\appdata\local\temp\qmf.exe -> profile=private | protocol=6 | dir=in | action=block | name=qmf.exe | app=c:\users\Laptop\appdata\local\temp\qmf.exe | 
TCP Query User{5C9E1FCF-77AA-4460-BF38-BC7F354338CA}C:\program files (x86)\java\jre6\bin\java.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe | 
TCP Query User{603CBCDA-BCD8-4AA1-8D7E-D22F6288C29E}C:\program files (x86)\lightspeed\lightspeed.exe -> profile=private | protocol=6 | dir=in | action=allow | name=lightspeed | app=c:\program files (x86)\lightspeed\lightspeed.exe | 
TCP Query User{60ED0C03-4C0D-4DBF-83EB-30B1645BDA0D}C:\program files (x86)\aim\aim.exe -> profile=public | protocol=6 | dir=in | action=allow | name=aol instant messenger | app=c:\program files (x86)\aim\aim.exe | 
UDP Query User{13B95101-5955-4EE1-8BF9-B1157FC28B7A}C:\program files (x86)\aim\aim.exe -> profile=public | protocol=17 | dir=in | action=allow | name=aol instant messenger | app=c:\program files (x86)\aim\aim.exe | 
UDP Query User{5950F398-53C6-4030-B81F-1FCFEC03C455}C:\program files (x86)\java\jre6\bin\java.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe | 
UDP Query User{6F662CB6-2E1A-4B50-B216-7F7954C0B090}C:\program files (x86)\lightspeed\lightspeed.exe -> profile=private | protocol=17 | dir=in | action=allow | name=lightspeed | app=c:\program files (x86)\lightspeed\lightspeed.exe | 
UDP Query User{8FE81C51-E6B0-446B-9C51-91C5977D700D}C:\users\Laptop\appdata\local\temp\qmf.exe -> profile=private | protocol=17 | dir=in | action=block | name=qmf.exe | app=c:\users\Laptop\appdata\local\temp\qmf.exe | 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/07/13 19:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>\ -> 
.exe [@ = exefile] -> Reg Error: Key error. -> File not found
 
 
[Files/Folders - Created Within 30 Days]
 ESET -> C:\Program Files (x86)\ESET -> [2010/04/21 23:19:04 | 000,000,000 | ---D | C]
 _OTS -> C:\_OTS -> [2010/04/21 23:05:52 | 000,000,000 | ---D | C]
 Temporary Downloaded Files -> C:\Users\Laptop\Desktop\Temporary Downloaded Files -> [2010/04/21 20:08:28 | 000,000,000 | ---D | C]
 MALWARE FIXES -> C:\Users\Laptop\MALWARE FIXES -> [2010/04/21 19:39:25 | 000,000,000 | ---D | C]
 SHAREPOD -> C:\Users\Laptop\Desktop\SHAREPOD -> [2010/04/21 19:35:01 | 000,000,000 | ---D | C]
 Eusing Free Registry Cleaner -> C:\Program Files (x86)\Eusing Free Registry Cleaner -> [2010/04/17 12:23:52 | 000,000,000 | ---D | C]
 vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2010/04/14 09:09:09 | 000,612,352 | ---- | C] (Microsoft Corporation)
 vbscript.dll -> C:\Windows\SysWow64\vbscript.dll -> [2010/04/14 09:09:09 | 000,427,520 | ---- | C] (Microsoft Corporation)
 ntoskrnl.exe -> C:\Windows\SysNative\ntoskrnl.exe -> [2010/04/14 09:08:16 | 005,509,008 | ---- | C] (Microsoft Corporation)
 ntoskrnl.exe -> C:\Windows\SysWow64\ntoskrnl.exe -> [2010/04/14 09:08:15 | 003,899,280 | ---- | C] (Microsoft Corporation)
 ntkrnlpa.exe -> C:\Windows\SysWow64\ntkrnlpa.exe -> [2010/04/14 09:08:14 | 003,954,568 | ---- | C] (Microsoft Corporation)
 wintrust.dll -> C:\Windows\SysNative\wintrust.dll -> [2010/04/14 09:05:42 | 000,220,672 | ---- | C] (Microsoft Corporation)
 wintrust.dll -> C:\Windows\SysWow64\wintrust.dll -> [2010/04/14 09:05:42 | 000,172,032 | ---- | C] (Microsoft Corporation)
 cabview.dll -> C:\Windows\SysNative\cabview.dll -> [2010/04/14 09:05:41 | 000,139,264 | ---- | C] (Microsoft Corporation)
 cabview.dll -> C:\Windows\SysWow64\cabview.dll -> [2010/04/14 09:05:41 | 000,132,608 | ---- | C] (Microsoft Corporation)
 Wat -> C:\Windows\SysWow64\Wat -> [2010/04/14 03:00:53 | 000,000,000 | ---D | C]
 Wat -> C:\Windows\SysNative\Wat -> [2010/04/14 03:00:53 | 000,000,000 | ---D | C]
 secproc.dll -> C:\Windows\SysNative\secproc.dll -> [2010/04/09 22:16:04 | 000,424,960 | ---- | C] (Microsoft Corporation)
 secproc_isv.dll -> C:\Windows\SysNative\secproc_isv.dll -> [2010/04/09 22:16:04 | 000,422,912 | ---- | C] (Microsoft Corporation)
 secproc.dll -> C:\Windows\SysWow64\secproc.dll -> [2010/04/09 22:16:04 | 000,369,152 | ---- | C] (Microsoft Corporation)
 secproc_isv.dll -> C:\Windows\SysWow64\secproc_isv.dll -> [2010/04/09 22:16:04 | 000,365,568 | ---- | C] (Microsoft Corporation)
 RMActivate_isv.exe -> C:\Windows\SysNative\RMActivate_isv.exe -> [2010/04/09 22:16:04 | 000,357,888 | ---- | C] (Microsoft Corporation)
 RMActivate.exe -> C:\Windows\SysNative\RMActivate.exe -> [2010/04/09 22:16:04 | 000,356,352 | ---- | C] (Microsoft Corporation)
 RMActivate_isv.exe -> C:\Windows\SysWow64\RMActivate_isv.exe -> [2010/04/09 22:16:04 | 000,324,608 | ---- | C] (Microsoft Corporation)
 RMActivate_ssp.exe -> C:\Windows\SysNative\RMActivate_ssp.exe -> [2010/04/09 22:16:04 | 000,306,688 | ---- | C] (Microsoft Corporation)
 RMActivate_ssp_isv.exe -> C:\Windows\SysNative\RMActivate_ssp_isv.exe -> [2010/04/09 22:16:04 | 000,305,152 | ---- | C] (Microsoft Corporation)
 RMActivate.exe -> C:\Windows\SysWow64\RMActivate.exe -> [2010/04/09 22:16:03 | 000,320,512 | ---- | C] (Microsoft Corporation)
 RMActivate_ssp.exe -> C:\Windows\SysWow64\RMActivate_ssp.exe -> [2010/04/09 22:16:03 | 000,280,064 | ---- | C] (Microsoft Corporation)
 RMActivate_ssp_isv.exe -> C:\Windows\SysWow64\RMActivate_ssp_isv.exe -> [2010/04/09 22:16:03 | 000,277,504 | ---- | C] (Microsoft Corporation)
 secproc_ssp_isv.dll -> C:\Windows\SysNative\secproc_ssp_isv.dll -> [2010/04/09 22:16:03 | 000,121,856 | ---- | C] (Microsoft Corporation)
 secproc_ssp.dll -> C:\Windows\SysNative\secproc_ssp.dll -> [2010/04/09 22:16:03 | 000,121,856 | ---- | C] (Microsoft Corporation)
 secproc_ssp_isv.dll -> C:\Windows\SysWow64\secproc_ssp_isv.dll -> [2010/04/09 22:16:03 | 000,085,504 | ---- | C] (Microsoft Corporation)
 secproc_ssp.dll -> C:\Windows\SysWow64\secproc_ssp.dll -> [2010/04/09 22:16:03 | 000,085,504 | ---- | C] (Microsoft Corporation)
 wow64.dll -> C:\Windows\SysNative\wow64.dll -> [2010/04/09 22:15:35 | 000,243,200 | ---- | C] (Microsoft Corporation)
 setup16.exe -> C:\Windows\SysWow64\setup16.exe -> [2010/04/09 22:15:35 | 000,025,600 | ---- | C] (Microsoft Corporation)
 ntvdm64.dll -> C:\Windows\SysWow64\ntvdm64.dll -> [2010/04/09 22:15:35 | 000,014,336 | ---- | C] (Microsoft Corporation)
 instnm.exe -> C:\Windows\SysWow64\instnm.exe -> [2010/04/09 22:15:35 | 000,007,680 | ---- | C] (Microsoft Corporation)
 wow32.dll -> C:\Windows\SysWow64\wow32.dll -> [2010/04/09 22:15:35 | 000,005,120 | ---- | C] (Microsoft Corporation)
 user.exe -> C:\Windows\SysWow64\user.exe -> [2010/04/09 22:15:35 | 000,002,048 | ---- | C] (Microsoft Corporation)
 CPFilters.dll -> C:\Windows\SysNative\CPFilters.dll -> [2010/04/09 22:15:09 | 000,960,512 | ---- | C] (Microsoft Corporation)
 CPFilters.dll -> C:\Windows\SysWow64\CPFilters.dll -> [2010/04/09 22:15:08 | 000,641,536 | ---- | C] (Microsoft Corporation)
 psisdecd.dll -> C:\Windows\SysNative\psisdecd.dll -> [2010/04/09 22:15:08 | 000,613,888 | ---- | C] (Microsoft Corporation)
 msdri.dll -> C:\Windows\SysNative\msdri.dll -> [2010/04/09 22:15:08 | 000,552,960 | ---- | C] (Microsoft Corporation)
 MSNP.ax -> C:\Windows\SysNative\MSNP.ax -> [2010/04/09 22:15:08 | 000,288,256 | ---- | C] (Microsoft Corporation)
 MSNP.ax -> C:\Windows\SysWow64\MSNP.ax -> [2010/04/09 22:15:08 | 000,204,288 | ---- | C] (Microsoft Corporation)
 psisdecd.dll -> C:\Windows\SysWow64\psisdecd.dll -> [2010/04/09 22:15:07 | 000,465,408 | ---- | C] (Microsoft Corporation)
 Microsoft Synchronization Services -> C:\Program Files (x86)\Microsoft Synchronization Services -> [2010/04/09 21:53:51 | 000,000,000 | ---D | C]
 DESIGNER -> C:\Program Files (x86)\Common Files\DESIGNER -> [2010/04/09 21:53:48 | 000,000,000 | ---D | C]
 PCHEALTH -> C:\Windows\PCHEALTH -> [2010/04/09 21:53:17 | 000,000,000 | ---D | C]
 Microsoft.NET -> C:\Program Files (x86)\Microsoft.NET -> [2010/04/09 21:53:17 | 000,000,000 | ---D | C]
 Microsoft Sync Framework -> C:\Program Files (x86)\Microsoft Sync Framework -> [2010/04/09 21:53:17 | 000,000,000 | ---D | C]
 Microsoft Visual Studio 8 -> C:\Program Files (x86)\Microsoft Visual Studio 8 -> [2010/04/09 21:50:15 | 000,000,000 | ---D | C]
 Microsoft Office -> C:\Program Files\Microsoft Office -> [2010/04/09 21:49:41 | 000,000,000 | ---D | C]
 Microsoft Analysis Services -> C:\Program Files (x86)\Microsoft Analysis Services -> [2010/04/09 21:49:12 | 000,000,000 | ---D | C]
 Microsoft Help -> C:\Users\Laptop\AppData\Local\Microsoft Help -> [2010/04/09 21:48:48 | 000,000,000 | ---D | C]
 MSOCache -> C:\MSOCache -> [2010/04/09 21:48:32 | 000,000,000 | RH-D | C]
 Download Manager -> C:\Users\Laptop\AppData\Roaming\Download Manager -> [2010/04/09 21:34:47 | 000,000,000 | ---D | C]
 {50D3FBE1-AD16-4F59-9326-86404D6B1B1F} -> C:\ProgramData\{50D3FBE1-AD16-4F59-9326-86404D6B1B1F} -> [2010/03/31 15:45:12 | 000,000,000 | -H-D | C]
 wininet.dll -> C:\Windows\SysNative\wininet.dll -> [2010/03/31 10:17:17 | 001,192,960 | ---- | C] (Microsoft Corporation)
 mstime.dll -> C:\Windows\SysNative\mstime.dll -> [2010/03/31 10:17:17 | 001,026,048 | ---- | C] (Microsoft Corporation)
 mstime.dll -> C:\Windows\SysWow64\mstime.dll -> [2010/03/31 10:17:17 | 000,606,208 | ---- | C] (Microsoft Corporation)
 wininet.dll -> C:\Windows\SysWow64\wininet.dll -> [2010/03/31 10:17:16 | 000,977,920 | ---- | C] (Microsoft Corporation)
 iedkcs32.dll -> C:\Windows\SysNative\iedkcs32.dll -> [2010/03/31 10:17:16 | 000,445,952 | ---- | C] (Microsoft Corporation)
 iedkcs32.dll -> C:\Windows\SysWow64\iedkcs32.dll -> [2010/03/31 10:17:16 | 000,381,440 | ---- | C] (Microsoft Corporation)
 msfeedsbs.dll -> C:\Windows\SysNative\msfeedsbs.dll -> [2010/03/31 10:17:16 | 000,082,944 | ---- | C] (Microsoft Corporation)
 msfeedsbs.dll -> C:\Windows\SysWow64\msfeedsbs.dll -> [2010/03/31 10:17:16 | 000,064,512 | ---- | C] (Microsoft Corporation)
 Software Update Utility -> C:\Program Files (x86)\Common Files\Software Update Utility -> [2010/03/28 13:34:24 | 000,000,000 | ---D | C]
 Zebra Technologies -> C:\Program Files (x86)\Zebra Technologies -> [2010/03/27 14:24:56 | 000,000,000 | ---D | C]
 Font Downloader -> C:\ProgramData\Font Downloader -> [2010/03/27 14:24:56 | 000,000,000 | ---D | C]
 Audacity -> C:\Program Files (x86)\Audacity -> [2010/03/27 14:05:50 | 000,000,000 | ---D | C]
 ZUD55725 -> C:\ZUD55725 -> [2010/03/27 00:05:17 | 000,000,000 | ---D | C]
 MSFLXGRD.ocx -> C:\Windows\SysWow64\MSFLXGRD.ocx -> [2010/03/26 13:27:18 | 000,244,416 | ---- | C] (Microsoft Corporation)
 OneWayX.ocx -> C:\Windows\SysWow64\OneWayX.ocx -> [2010/03/26 13:27:18 | 000,223,744 | ---- | C] (Atma Software)
 MSCOMM32.ocx -> C:\Windows\SysWow64\MSCOMM32.ocx -> [2010/03/26 13:27:18 | 000,103,744 | ---- | C] (Microsoft Corporation)
 MSCAL.OCX -> C:\Windows\SysWow64\MSCAL.OCX -> [2010/03/26 13:27:18 | 000,089,600 | ---- | C] (Microsoft Corporation)
 Citrusware -> C:\Program Files (x86)\Citrusware -> [2010/03/26 13:27:18 | 000,000,000 | ---D | C]
 
[Files/Folders - Modified Within 30 Days]
 NTUSER.DAT -> C:\Users\Laptop\NTUSER.DAT -> [2010/04/22 02:10:33 | 002,097,152 | -HS- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/04/22 01:26:01 | 000,000,896 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/04/21 23:15:41 | 000,009,920 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/04/21 23:15:41 | 000,009,920 | -H-- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2010/04/21 23:13:04 | 000,713,888 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2010/04/21 23:13:04 | 000,615,360 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2010/04/21 23:13:04 | 000,103,702 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/04/21 23:08:40 | 000,000,892 | ---- | M] ()
 SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/04/21 23:08:35 | 000,000,006 | -H-- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2010/04/21 23:08:32 | 000,067,584 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/04/21 23:08:28 | 3016,790,016 | -HS- | M] ()
 IconCache.db -> C:\Users\Laptop\AppData\Local\IconCache.db -> [2010/04/21 23:07:45 | 001,725,446 | -H-- | M] ()
 14 Lil Shawty.mp3 -> C:\Users\Laptop\Desktop\14 Lil Shawty.mp3 -> [2010/04/21 22:44:27 | 005,266,267 | ---- | M] ()
 02-My Rims Dancin.mp3 -> C:\Users\Laptop\Desktop\02-My Rims Dancin.mp3 -> [2010/04/21 22:44:26 | 002,645,281 | ---- | M] ()
 Folder.jpg -> C:\Users\Laptop\Desktop\Folder.jpg -> [2010/04/21 22:44:22 | 000,006,947 | -HS- | M] ()
 AlbumArt_{8A9F687F-26ED-4146-BFF9-E531B6C73991}_Large.jpg -> C:\Users\Laptop\Desktop\AlbumArt_{8A9F687F-26ED-4146-BFF9-E531B6C73991}_Large.jpg -> [2010/04/21 22:44:22 | 000,006,947 | -HS- | M] ()
 AlbumArtSmall.jpg -> C:\Users\Laptop\Desktop\AlbumArtSmall.jpg -> [2010/04/21 22:44:21 | 000,001,918 | -HS- | M] ()
 AlbumArt_{8A9F687F-26ED-4146-BFF9-E531B6C73991}_Small.jpg -> C:\Users\Laptop\Desktop\AlbumArt_{8A9F687F-26ED-4146-BFF9-E531B6C73991}_Small.jpg -> [2010/04/21 22:44:21 | 000,001,918 | -HS- | M] ()
 AlbumArt_{4950C9D7-BCA1-48AF-BF63-C674F45B2DAD}_Large.jpg -> C:\Users\Laptop\Desktop\AlbumArt_{4950C9D7-BCA1-48AF-BF63-C674F45B2DAD}_Large.jpg -> [2010/04/21 22:44:04 | 000,015,123 | -HS- | M] ()
 AlbumArt_{4950C9D7-BCA1-48AF-BF63-C674F45B2DAD}_Small.jpg -> C:\Users\Laptop\Desktop\AlbumArt_{4950C9D7-BCA1-48AF-BF63-C674F45B2DAD}_Small.jpg -> [2010/04/21 22:44:03 | 000,003,373 | -HS- | M] ()
 04- Young Dro-Fire.mp3 -> C:\Users\Laptop\Desktop\04- Young Dro-Fire.mp3 -> [2010/04/21 22:19:52 | 003,624,959 | ---- | M] ()
 01 Chicken Talk.mp3 -> C:\Users\Laptop\Desktop\01 Chicken Talk.mp3 -> [2010/04/21 22:16:37 | 005,946,846 | ---- | M] ()
 dj_drama_ft_gucci_mane_yo_gotti_oj_da_juiceman_and_lonnie_mac__ridiculous(2).mp3 -> C:\Users\Laptop\Desktop\dj_drama_ft_gucci_mane_yo_gotti_oj_da_juiceman_and_lonnie_mac__ridiculous(2).mp3 -> [2010/04/21 22:13:28 | 007,585,966 | ---- | M] ()
 17) Lets Do It.mp3 -> C:\Users\Laptop\Desktop\17) Lets Do It.mp3 -> [2010/04/21 22:11:34 | 005,205,122 | ---- | M] ()
 14 Juney Boomdata-You Get It.mp3 -> C:\Users\Laptop\Desktop\14 Juney Boomdata-You Get It.mp3 -> [2010/04/21 22:07:21 | 004,256,114 | ---- | M] ()
 +Lost+1x24+Exodus+-+Part+2.divx -> C:\Users\Laptop\Desktop\+Lost+1x24+Exodus+-+Part+2.divx -> [2010/04/21 21:01:54 | 732,745,606 | ---- | M] ()
 TRINIDAD LIST.doc -> C:\Users\Laptop\TRINIDAD LIST.doc -> [2010/04/20 17:42:40 | 000,025,600 | ---- | M] ()
 SHE GOT IT REMIX SLOWED.wav -> C:\Users\Laptop\Desktop\SHE GOT IT REMIX SLOWED.wav -> [2010/04/20 12:33:34 | 085,503,488 | ---- | M] ()
 2 Pistols, T-Pain, Rick Ross, Lil Wayne, Fat Joe & Juelz Santana - She Got It Remix .mp3 -> C:\Users\Laptop\Desktop\2 Pistols, T-Pain, Rick Ross, Lil Wayne, Fat Joe & Juelz Santana - She Got It Remix .mp3 -> [2010/04/20 12:24:39 | 007,137,376 | ---- | M] ()
 +Lost+1x16+Outlaws.divx -> C:\Users\Laptop\Desktop\+Lost+1x16+Outlaws.divx -> [2010/04/19 21:20:24 | 368,290,708 | ---- | M] ()
 The+Apprentice+9x06+.divx -> C:\Users\Laptop\Desktop\The+Apprentice+9x06+.divx -> [2010/04/19 21:07:25 | 733,368,464 | ---- | M] ()
 +Lost+1x15+Homecoming.divx -> C:\Users\Laptop\Desktop\+Lost+1x15+Homecoming.divx -> [2010/04/18 21:08:31 | 366,422,016 | ---- | M] ()
 IGI4W75 -> C:\Users\Laptop\AppData\Local\IGI4W75 -> [2010/04/18 15:58:23 | 000,012,724 | -HS- | M] ()
 Getcha Life Right SLOWED.wav -> C:\Users\Laptop\Desktop\Getcha Life Right SLOWED.wav -> [2010/04/18 01:18:50 | 055,518,680 | ---- | M] ()
 LIL MAMA SLOWED.wav -> C:\Users\Laptop\Desktop\LIL MAMA SLOWED.wav -> [2010/04/18 01:10:15 | 051,262,628 | ---- | M] ()
 +Lost+1x14+Special.divx -> C:\Users\Laptop\Desktop\+Lost+1x14+Special.divx -> [2010/04/18 00:31:12 | 366,548,992 | ---- | M] ()
 +Lost+1x13+Hearts+and+Minds.divx -> C:\Users\Laptop\Desktop\+Lost+1x13+Hearts+and+Minds.divx -> [2010/04/17 23:10:44 | 366,471,168 | ---- | M] ()
 +Lost+1x10+Raised+by+Another.divx -> C:\Users\Laptop\Desktop\+Lost+1x10+Raised+by+Another.divx -> [2010/04/17 18:08:23 | 366,641,152 | ---- | M] ()
 3351340037 -> C:\Users\Laptop\AppData\Local\3351340037 -> [2010/04/17 15:26:48 | 000,012,672 | -HS- | M] ()
 +Lost+1x09+Solitary.divx -> C:\Users\Laptop\Desktop\+Lost+1x09+Solitary.divx -> [2010/04/17 15:16:36 | 367,386,624 | ---- | M] ()
 +Lost+1x08+Confidence+Man.divx -> C:\Users\Laptop\Desktop\+Lost+1x08+Confidence+Man.divx -> [2010/04/17 12:29:46 | 368,283,648 | ---- | M] ()
 +Lost+1x07+The+Moth.divx -> C:\Users\Laptop\Desktop\+Lost+1x07+The+Moth.divx -> [2010/04/17 05:03:52 | 367,482,880 | ---- | M] ()
 +Lost+1x06+House+of+the+Rising+Sun.divx -> C:\Users\Laptop\Desktop\+Lost+1x06+House+of+the+Rising+Sun.divx -> [2010/04/17 02:06:53 | 367,513,600 | ---- | M] ()
 Blood Raw - It feels Good (Mikey edit).mp3 -> C:\Users\Laptop\Desktop\Blood Raw - It feels Good (Mikey edit).mp3 -> [2010/04/16 12:01:07 | 007,790,049 | ---- | M] ()
 T Payne - Trunk Band (Mikey edit).mp3 -> C:\Users\Laptop\Desktop\T Payne - Trunk Band (Mikey edit).mp3 -> [2010/04/15 17:33:54 | 005,871,631 | ---- | M] ()
 +Lost+1x01+Pilot+%28Part+1%29.divx -> C:\Users\Laptop\Desktop\+Lost+1x01+Pilot+%28Part+1%29.divx -> [2010/04/15 15:01:53 | 365,633,536 | ---- | M] ()
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2010/04/12 10:11:06 | 003,290,488 | ---- | M] ()
 GDIPFONTCACHEV1.DAT -> C:\Users\Laptop\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/04/10 15:55:43 | 000,116,960 | ---- | M] ()
 NV2009-1  packing list.xls -> C:\Users\Laptop\Desktop\NV2009-1  packing list.xls -> [2010/04/10 00:43:01 | 000,022,016 | ---- | M] ()
 NV2009-1  INVOICE FOR CUSTOMS.xls -> C:\Users\Laptop\Desktop\NV2009-1  INVOICE FOR CUSTOMS.xls -> [2010/04/10 00:42:30 | 000,030,720 | ---- | M] ()
 OfficeSAS.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk -> [2010/04/09 22:03:44 | 000,001,178 | ---- | M] ()
 win.ini -> C:\Windows\win.ini -> [2010/04/09 21:49:31 | 000,000,510 | ---- | M] ()
 wklnhst.dat -> C:\Users\Laptop\AppData\Roaming\wklnhst.dat -> [2010/04/09 19:42:59 | 000,001,626 | ---- | M] ()
 Documents - Shortcut.lnk -> C:\Users\Laptop\Documents - Shortcut.lnk -> [2010/04/09 19:35:40 | 000,001,081 | ---- | M] ()
 WORDPAD.INI -> C:\Windows\WORDPAD.INI -> [2010/04/07 14:38:25 | 000,000,193 | ---- | M] ()
 7501.pdf -> C:\Users\Laptop\Desktop\7501.pdf -> [2010/04/02 14:32:12 | 000,132,330 | ---- | M] ()
 Tech N9ne - Leave Me Alone-RGF.wav -> C:\Users\Laptop\Desktop\Tech N9ne - Leave Me Alone-RGF.wav -> [2010/04/01 00:36:00 | 021,381,974 | ---- | M] ()
 TRINIDAD LIST.rtf -> C:\Users\Laptop\TRINIDAD LIST.rtf -> [2010/03/31 21:50:34 | 000,001,501 | ---- | M] ()
 mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2010/03/30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation)
 The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+2%29.divx -> C:\Users\Laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+2%29.divx -> [2010/03/29 20:19:00 | 756,072,778 | ---- | M] ()
 The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+1%29.divx -> C:\Users\Laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+1%29.divx -> [2010/03/29 15:44:17 | 703,565,644 | ---- | M] ()
 IPH.PH -> C:\IPH.PH -> [2010/03/28 13:34:31 | 000,000,700 | -H-- | M] ()
 AIM.lnk -> C:\Users\Public\Desktop\AIM.lnk -> [2010/03/28 13:34:29 | 000,001,875 | ---- | M] ()
 Audacity.lnk -> C:\Users\Laptop\Desktop\Audacity.lnk -> [2010/03/27 14:05:51 | 000,000,907 | ---- | M] ()
 National+Geographic+-+Megafactories%3A+Lamborghini.divx -> C:\Users\Laptop\Desktop\National+Geographic+-+Megafactories%3A+Lamborghini.divx -> [2010/03/25 01:08:24 | 366,267,282 | ---- | M] ()
 .recently-used.xbel -> C:\Users\Laptop\.recently-used.xbel -> [2010/03/23 02:25:19 | 000,006,362 | ---- | M] ()
 
[Files - No Company Name]
 Blood Raw - It feels Good (Mikey edit).mp3 -> C:\Users\Laptop\Desktop\Blood Raw - It feels Good (Mikey edit).mp3 -> [2010/04/21 22:57:45 | 007,790,049 | ---- | C] ()
 AlbumArt_{8A9F687F-26ED-4146-BFF9-E531B6C73991}_Large.jpg -> C:\Users\Laptop\Desktop\AlbumArt_{8A9F687F-26ED-4146-BFF9-E531B6C73991}_Large.jpg -> [2010/04/21 22:44:22 | 000,006,947 | -HS- | C] ()
 AlbumArt_{8A9F687F-26ED-4146-BFF9-E531B6C73991}_Small.jpg -> C:\Users\Laptop\Desktop\AlbumArt_{8A9F687F-26ED-4146-BFF9-E531B6C73991}_Small.jpg -> [2010/04/21 22:44:22 | 000,001,918 | -HS- | C] ()
 AlbumArt_{4950C9D7-BCA1-48AF-BF63-C674F45B2DAD}_Large.jpg -> C:\Users\Laptop\Desktop\AlbumArt_{4950C9D7-BCA1-48AF-BF63-C674F45B2DAD}_Large.jpg -> [2010/04/21 22:44:04 | 000,015,123 | -HS- | C] ()
 Folder.jpg -> C:\Users\Laptop\Desktop\Folder.jpg -> [2010/04/21 22:44:04 | 000,006,947 | -HS- | C] ()
 AlbumArt_{4950C9D7-BCA1-48AF-BF63-C674F45B2DAD}_Small.jpg -> C:\Users\Laptop\Desktop\AlbumArt_{4950C9D7-BCA1-48AF-BF63-C674F45B2DAD}_Small.jpg -> [2010/04/21 22:44:04 | 000,003,373 | -HS- | C] ()
 AlbumArtSmall.jpg -> C:\Users\Laptop\Desktop\AlbumArtSmall.jpg -> [2010/04/21 22:44:04 | 000,001,918 | -HS- | C] ()
 T Payne - Trunk Band (Mikey edit).mp3 -> C:\Users\Laptop\Desktop\T Payne - Trunk Band (Mikey edit).mp3 -> [2010/04/21 22:31:27 | 005,871,631 | ---- | C] ()
 +Lost+1x24+Exodus+-+Part+2.divx -> C:\Users\Laptop\Desktop\+Lost+1x24+Exodus+-+Part+2.divx -> [2010/04/21 22:22:39 | 732,745,606 | ---- | C] ()
 04- Young Dro-Fire.mp3 -> C:\Users\Laptop\Desktop\04- Young Dro-Fire.mp3 -> [2010/04/21 22:19:51 | 003,624,959 | ---- | C] ()
 01 Chicken Talk.mp3 -> C:\Users\Laptop\Desktop\01 Chicken Talk.mp3 -> [2010/04/21 22:16:33 | 005,946,846 | ---- | C] ()
 dj_drama_ft_gucci_mane_yo_gotti_oj_da_juiceman_and_lonnie_mac__ridiculous(2).mp3 -> C:\Users\Laptop\Desktop\dj_drama_ft_gucci_mane_yo_gotti_oj_da_juiceman_and_lonnie_mac__ridiculous(2).mp3 -> [2010/04/21 22:13:23 | 007,585,966 | ---- | C] ()
 17) Lets Do It.mp3 -> C:\Users\Laptop\Desktop\17) Lets Do It.mp3 -> [2010/04/21 22:11:34 | 005,205,122 | ---- | C] ()
 14 Lil Shawty.mp3 -> C:\Users\Laptop\Desktop\14 Lil Shawty.mp3 -> [2010/04/21 22:09:10 | 005,266,267 | ---- | C] ()
 14 Juney Boomdata-You Get It.mp3 -> C:\Users\Laptop\Desktop\14 Juney Boomdata-You Get It.mp3 -> [2010/04/21 22:07:17 | 004,256,114 | ---- | C] ()
 02-My Rims Dancin.mp3 -> C:\Users\Laptop\Desktop\02-My Rims Dancin.mp3 -> [2010/04/21 22:04:43 | 002,645,281 | ---- | C] ()
 SHE GOT IT REMIX SLOWED.wav -> C:\Users\Laptop\Desktop\SHE GOT IT REMIX SLOWED.wav -> [2010/04/20 12:33:25 | 085,503,488 | ---- | C] ()
 2 Pistols, T-Pain, Rick Ross, Lil Wayne, Fat Joe & Juelz Santana - She Got It Remix .mp3 -> C:\Users\Laptop\Desktop\2 Pistols, T-Pain, Rick Ross, Lil Wayne, Fat Joe & Juelz Santana - She Got It Remix .mp3 -> [2010/04/20 12:25:18 | 007,137,376 | ---- | C] ()
 +Lost+1x16+Outlaws.divx -> C:\Users\Laptop\Desktop\+Lost+1x16+Outlaws.divx -> [2010/04/19 21:34:15 | 368,290,708 | ---- | C] ()
 The+Apprentice+9x06+.divx -> C:\Users\Laptop\Desktop\The+Apprentice+9x06+.divx -> [2010/04/19 21:13:30 | 733,368,464 | ---- | C] ()
 +Lost+1x15+Homecoming.divx -> C:\Users\Laptop\Desktop\+Lost+1x15+Homecoming.divx -> [2010/04/18 21:09:04 | 366,422,016 | ---- | C] ()
 IconCache.db -> C:\Users\Laptop\AppData\Local\IconCache.db -> [2010/04/18 15:57:15 | 001,725,446 | -H-- | C] ()
 Getcha Life Right SLOWED.wav -> C:\Users\Laptop\Desktop\Getcha Life Right SLOWED.wav -> [2010/04/18 01:18:44 | 055,518,680 | ---- | C] ()
 LIL MAMA SLOWED.wav -> C:\Users\Laptop\Desktop\LIL MAMA SLOWED.wav -> [2010/04/18 01:10:09 | 051,262,628 | ---- | C] ()
 +Lost+1x14+Special.divx -> C:\Users\Laptop\Desktop\+Lost+1x14+Special.divx -> [2010/04/18 00:43:06 | 366,548,992 | ---- | C] ()
 +Lost+1x13+Hearts+and+Minds.divx -> C:\Users\Laptop\Desktop\+Lost+1x13+Hearts+and+Minds.divx -> [2010/04/17 23:19:10 | 366,471,168 | ---- | C] ()
 +Lost+1x10+Raised+by+Another.divx -> C:\Users\Laptop\Desktop\+Lost+1x10+Raised+by+Another.divx -> [2010/04/17 18:37:41 | 366,641,152 | ---- | C] ()
 +Lost+1x09+Solitary.divx -> C:\Users\Laptop\Desktop\+Lost+1x09+Solitary.divx -> [2010/04/17 15:23:23 | 367,386,624 | ---- | C] ()
 +Lost+1x08+Confidence+Man.divx -> C:\Users\Laptop\Desktop\+Lost+1x08+Confidence+Man.divx -> [2010/04/17 12:30:08 | 368,283,648 | ---- | C] ()
 +Lost+1x07+The+Moth.divx -> C:\Users\Laptop\Desktop\+Lost+1x07+The+Moth.divx -> [2010/04/17 05:03:59 | 367,482,880 | ---- | C] ()
 +Lost+1x06+House+of+the+Rising+Sun.divx -> C:\Users\Laptop\Desktop\+Lost+1x06+House+of+the+Rising+Sun.divx -> [2010/04/17 02:53:13 | 367,513,600 | ---- | C] ()
 3351340037 -> C:\Users\Laptop\AppData\Local\3351340037 -> [2010/04/16 15:31:56 | 000,012,672 | -HS- | C] ()
 IGI4W75 -> C:\Users\Laptop\AppData\Local\IGI4W75 -> [2010/04/16 14:13:03 | 000,012,724 | -HS- | C] ()
 +Lost+1x01+Pilot+%28Part+1%29.divx -> C:\Users\Laptop\Desktop\+Lost+1x01+Pilot+%28Part+1%29.divx -> [2010/04/15 15:06:05 | 365,633,536 | ---- | C] ()
 NV2009-1  packing list.xls -> C:\Users\Laptop\Desktop\NV2009-1  packing list.xls -> [2010/04/10 00:39:51 | 000,022,016 | ---- | C] ()
 NV2009-1  INVOICE FOR CUSTOMS.xls -> C:\Users\Laptop\Desktop\NV2009-1  INVOICE FOR CUSTOMS.xls -> [2010/04/10 00:39:43 | 000,030,720 | ---- | C] ()
 OfficeSAS.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk -> [2010/04/09 22:03:44 | 000,001,178 | ---- | C] ()
 TRINIDAD LIST.doc -> C:\Users\Laptop\TRINIDAD LIST.doc -> [2010/04/09 19:42:05 | 000,025,600 | ---- | C] ()
 Documents - Shortcut.lnk -> C:\Users\Laptop\Documents - Shortcut.lnk -> [2010/04/09 19:35:40 | 000,001,081 | ---- | C] ()
 7501.pdf -> C:\Users\Laptop\Desktop\7501.pdf -> [2010/04/02 14:32:12 | 000,132,330 | ---- | C] ()
 Tech N9ne - Leave Me Alone-RGF.wav -> C:\Users\Laptop\Desktop\Tech N9ne - Leave Me Alone-RGF.wav -> [2010/04/01 00:35:57 | 021,381,974 | ---- | C] ()
 The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+2%29.divx -> C:\Users\Laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+2%29.divx -> [2010/03/29 21:03:55 | 756,072,778 | ---- | C] ()
 The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+1%29.divx -> C:\Users\Laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+1%29.divx -> [2010/03/29 15:47:59 | 703,565,644 | ---- | C] ()
 Audacity.lnk -> C:\Users\Laptop\Desktop\Audacity.lnk -> [2010/03/27 14:05:51 | 000,000,907 | ---- | C] ()
 06-b-legit-stickem.mp3 -> C:\Users\Laptop\Desktop\06-b-legit-stickem.mp3 -> [2010/03/27 11:40:26 | 004,275,628 | ---- | C] ()
 National+Geographic+-+Megafactories%3A+Lamborghini.divx -> C:\Users\Laptop\Desktop\National+Geographic+-+Megafactories%3A+Lamborghini.divx -> [2010/03/25 01:08:42 | 366,267,282 | ---- | C] ()
 .recently-used.xbel -> C:\Users\Laptop\.recently-used.xbel -> [2010/03/23 02:25:19 | 000,006,362 | ---- | C] ()
 WORDPAD.INI -> C:\Windows\WORDPAD.INI -> [2010/01/07 17:43:33 | 000,000,193 | ---- | C] ()
 GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2009/07/14 01:32:39 | 000,043,318 | ---- | C] ()
 GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2009/07/14 01:32:39 | 000,029,779 | ---- | C] ()
 GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2009/07/14 01:32:39 | 000,026,489 | ---- | C] ()
 GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2009/07/14 01:32:39 | 000,026,040 | ---- | C] ()
 BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 19:42:10 | 000,064,000 | ---- | C] ()
 msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 17:03:59 | 000,364,544 | ---- | C] ()
 qt-dx331.dll -> C:\Windows\SysWow64\qt-dx331.dll -> [2005/10/14 06:56:50 | 003,596,288 | ---- | C] ()
 VorbisEnc.dll -> C:\Windows\SysWow64\VorbisEnc.dll -> [2005/10/14 06:56:50 | 000,921,600 | ---- | C] ()
 xvidcore.dll -> C:\Windows\SysWow64\xvidcore.dll -> [2005/10/14 06:56:50 | 000,761,856 | ---- | C] ()
 xvid.dll -> C:\Windows\SysWow64\xvid.dll -> [2005/10/14 06:56:50 | 000,344,064 | ---- | C] ()
 OggDS.dll -> C:\Windows\SysWow64\OggDS.dll -> [2005/10/14 06:56:50 | 000,237,568 | ---- | C] ()
 vorbis.dll -> C:\Windows\SysWow64\vorbis.dll -> [2005/10/14 06:56:50 | 000,188,416 | ---- | C] ()
 unrar.dll -> C:\Windows\SysWow64\unrar.dll -> [2005/10/14 06:56:50 | 000,155,136 | ---- | C] ()
 ogg.dll -> C:\Windows\SysWow64\ogg.dll -> [2005/10/14 06:56:50 | 000,045,056 | ---- | C] ()
 
[Files/Folders - Unicode - All]
C:\Users\Laptop\Desktop\?? 1.pdf -> C:\Users\Laptop\Desktop\组合 1.pdf -> [2010/03/29 22:40:51 | 000,823,922 | ---- | C] ()
C:\Users\Laptop\Desktop\?? 1.pdf -> C:\Users\Laptop\Desktop\组合 1.pdf -> [2010/03/29 22:40:54 | 000,823,922 | ---- | M] ()
< End of report >

[SweetTech]

VirusTotal File Scan
Please go to: VirusTotal

• 
  
• Click the Browse button and search for the following file: C:\Program Files (x86)\AIM\aim .exe
• Click Open
• Then click Send File
• Please be patient while the file is scanned.
• Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now"

Please post the results in your next reply

[Help Help]

http://www.virustota...b79a-1271895280

[SweetTech]

Hello,

Your AIM installation is corrupted with infected files. Your best best is to uninstall AIM via Add/Remove Programs and then reinstall it after we get you all cleaned up.



NEXT:



Peer to Peer Program
While reviewing your logs I noticed that you currently have Peer to Peer program(s) installed on your computer.

You currently have the following P2P programs installed:

• uTorrent
• LimeWire

Most of the infections that we see today are through P2P file sharing. By uninstalling the programs that I mentioned above you will be doing yourself a favor. It's impossible to trust the source of what is being downloaded from them and a file may or may not be what it appears to be.

Should you decide to keep these programs installed on your computer PLEASE do not use these programs while we are getting your P.C. cleaned up.

How to Uninstall the P2P Programs:

Remove Program

• Click on Start > Control Panel and double click on Programs and Features.
  
• Locate LimeWire and click on the Uninstall button to uninstall it.
  
• Repeat for uTorrent.
  
• Close Control Panel when done.

PLEASE NOTE: When your uninstalling the P2P Program(s) some questions are worded in various ways to try and deceive you and keep you from uninstalling their Program.



NEXT:



Running OTS Fix
Start OTS Copy/Paste the information inside the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Processes - Safe List]
YY -> aim	  .exe -> C:\Program Files (x86)\AIM\aim	  .exe
[Registry - Safe List]
< FireFox Settings [Prefs.js] > -> C:\Users\Laptop\AppData\Roaming\Mozilla\FireFox\Profiles\5k54anb5.default\prefs.js
YN -> browser.search.defaulturl -> "http://www3.iamwired.net/websearch.php?src=tops&search="
YN -> browser.startup.homepage -> "http://us.mc551.mail.yahoo.com/mc/welcome?.gx=1&.tm=1262230232&.rand=5tgkqcl6adcf0"
YN -> keyword.URL -> "http://www3.iamwired.net/websearch.php?src=tops&search="
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "Aim" -> C:\Program Files (x86)\AIM\aim	  .exe ["C:\Program Files (x86)\AIM\aim	  .exe" /d locale=en-US]
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet
YN -> /pagefile -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
YN -> {13F05C89-373E-4721-B98E-D63259D30787} -> profile=private | protocol=6 | dir=in | action=allow | name=services.exe | app=c:\windows\services.exe |
YN -> {53FFD7DC-B4FA-47BC-A732-D8ECA2151029} -> profile=private | protocol=6 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim\aim.exe |
YN -> {A14419A2-8B41-483C-8D56-736D32EB577A} -> profile=private | protocol=17 | dir=in | action=allow | name=services.exe | app=c:\windows\services.exe |
YN -> {F2426A15-62F2-49B4-A499-915FA48CF503} -> profile=private | protocol=17 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim\aim.exe |
YN -> TCP Query User{075CC07B-1BA9-4F16-B64D-68DA41945316}C:\users\Laptop\appdata\local\temp\qmf.exe -> profile=private | protocol=6 | dir=in | action=block | name=qmf.exe | app=c:\users\Laptop\appdata\local\temp\qmf.exe |
YN -> UDP Query User{8FE81C51-E6B0-446B-9C51-91C5977D700D}C:\users\Laptop\appdata\local\temp\qmf.exe -> profile=private | protocol=17 | dir=in | action=block | name=qmf.exe | app=c:\users\Laptop\appdata\local\temp\qmf.exe |
< File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>\
YN -> .exe [@ = exefile] -> Reg Error: Key error.
[Files/Folders - Modified Within 30 Days]
NY -> +Lost+1x24+Exodus+-+Part+2.divx -> C:\Users\Laptop\Desktop\+Lost+1x24+Exodus+-+Part+2.divx
NY -> +Lost+1x16+Outlaws.divx -> C:\Users\Laptop\Desktop\+Lost+1x16+Outlaws.divx
NY -> The+Apprentice+9x06+.divx -> C:\Users\Laptop\Desktop\The+Apprentice+9x06+.divx
NY -> +Lost+1x15+Homecoming.divx -> C:\Users\Laptop\Desktop\+Lost+1x15+Homecoming.divx
NY -> IGI4W75 -> C:\Users\Laptop\AppData\Local\IGI4W75
NY -> +Lost+1x14+Special.divx -> C:\Users\Laptop\Desktop\+Lost+1x14+Special.divx
NY -> +Lost+1x13+Hearts+and+Minds.divx -> C:\Users\Laptop\Desktop\+Lost+1x13+Hearts+and+Minds.divx
NY -> +Lost+1x10+Raised+by+Another.divx -> C:\Users\Laptop\Desktop\+Lost+1x10+Raised+by+Another.divx
NY -> 3351340037 -> C:\Users\Laptop\AppData\Local\3351340037
NY -> +Lost+1x09+Solitary.divx -> C:\Users\Laptop\Desktop\+Lost+1x09+Solitary.divx
NY -> +Lost+1x08+Confidence+Man.divx -> C:\Users\Laptop\Desktop\+Lost+1x08+Confidence+Man.divx
NY -> +Lost+1x07+The+Moth.divx -> C:\Users\Laptop\Desktop\+Lost+1x07+The+Moth.divx
NY -> +Lost+1x06+House+of+the+Rising+Sun.divx -> C:\Users\Laptop\Desktop\+Lost+1x06+House+of+the+Rising+Sun.divx
NY -> +Lost+1x01+Pilot+%28Part+1%29.divx -> C:\Users\Laptop\Desktop\+Lost+1x01+Pilot+%28Part+1%29.divx
NY -> The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+2%29.divx -> C:\Users\Laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+2%29.divx
NY -> The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+1%29.divx -> C:\Users\Laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+1%29.divx
NY -> AIM.lnk -> C:\Users\Public\Desktop\AIM.lnk
NY -> National+Geographic+-+Megafactories%3A+Lamborghini.divx -> C:\Users\Laptop\Desktop\National+Geographic+-+Megafactories%3A+Lamborghini.divx
[Custom Items]
:files
C:\Program Files (x86)\AIM\
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Explorer\DaRK BOT.exe
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Explorer\DaRK DDoSeR(2).exe
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Explorer\DaRK DDoSeR.exe
C:\Users\Laptop\Downloads\DaRK BOT.exe
C:\Users\Laptop\Downloads\DaRK DDoSeR(2).exe
C:\Users\Laptop\Downloads\DaRK DDoSeR.exe
C:\Users\Laptop\Downloads\scac7402.exe
C:\Windows\System32\spool\prtprocs\x64\00003928.tmp
:end
[Empty Temp Folders]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

• Open Malwarebytes' Anti-Malware
  
• Select the Update tab
  
• Click Check for Updates
  
• After the update have been completed, Select the Scanner tab.
  
• Select Perform quick scan, then click on Scan
  
• Leave the default options as it is and click on Start Scan
  
• When done, you will be prompted. Click OK, then click on Show Results
  
• Checked (ticked) all items and click on Remove Selected
  
• After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



Please do the following:

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

cmd /c dir /a /s "C:\ProgramData\{50D3FBE1-AD16-4F59-9326-86404D6B1B1F}">"%userprofile%\desktop\look.txt"

A file called look.txt should appear on your Desktop. Please post the contents of this file.



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the OTS Fix.
3. The log that was produced after an updated MalwareBytes' Anti-Malware scan.
4. The log that was produced after running the run command.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

[Help Help]

OTS FIX LOG:

All Processes Killed
[Processes - Safe List]
No active process named aim .exe was found!
File C:\Program Files (x86)\AIM\aim .exe not found.
[Registry - Safe List]
Prefs.js: "http://www3.iamwired...c=tops&search=" removed from browser.search.defaulturl
Prefs.js: "http://us.mc551.mail...=5tgkqcl6adcf0" removed from browser.startup.homepage
Prefs.js: "http://www3.iamwired...c=tops&search=" removed from keyword.URL
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Aim not found.
File C:\Program Files (x86)\AIM\aim .exe not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\/pagefile not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{13F05C89-373E-4721-B98E-D63259D30787} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13F05C89-373E-4721-B98E-D63259D30787}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{53FFD7DC-B4FA-47BC-A732-D8ECA2151029} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53FFD7DC-B4FA-47BC-A732-D8ECA2151029}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A14419A2-8B41-483C-8D56-736D32EB577A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A14419A2-8B41-483C-8D56-736D32EB577A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F2426A15-62F2-49B4-A499-915FA48CF503} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2426A15-62F2-49B4-A499-915FA48CF503}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{075CC07B-1BA9-4F16-B64D-68DA41945316}C:\users\laptop\appdata\local\temp\qmf.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8FE81C51-E6B0-446B-9C51-91C5977D700D}C:\users\laptop\appdata\local\temp\qmf.exe deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\shell\open\exefile\\'' updated successfully.
[Files/Folders - Modified Within 30 Days]
C:\Users\laptop\Desktop\+Lost+1x24+Exodus+-+Part+2.divx moved successfully.
C:\Users\laptop\Desktop\+Lost+1x16+Outlaws.divx moved successfully.
C:\Users\laptop\Desktop\The+Apprentice+9x06+.divx moved successfully.
C:\Users\laptop\Desktop\+Lost+1x15+Homecoming.divx moved successfully.
C:\Users\laptop\AppData\Local\IGI4W75 moved successfully.
C:\Users\laptop\Desktop\+Lost+1x14+Special.divx moved successfully.
C:\Users\laptop\Desktop\+Lost+1x13+Hearts+and+Minds.divx moved successfully.
C:\Users\laptop\Desktop\+Lost+1x10+Raised+by+Another.divx moved successfully.
C:\Users\laptop\AppData\Local\3351340037 moved successfully.
C:\Users\laptop\Desktop\+Lost+1x09+Solitary.divx moved successfully.
C:\Users\laptop\Desktop\+Lost+1x08+Confidence+Man.divx moved successfully.
C:\Users\laptop\Desktop\+Lost+1x07+The+Moth.divx moved successfully.
C:\Users\laptop\Desktop\+Lost+1x06+House+of+the+Rising+Sun.divx moved successfully.
C:\Users\laptop\Desktop\+Lost+1x01+Pilot+%28Part+1%29.divx moved successfully.
C:\Users\laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+2%29.divx moved successfully.
C:\Users\laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+1%29.divx moved successfully.
File C:\Users\Public\Desktop\AIM.lnk not found!
C:\Users\laptop\Desktop\National+Geographic+-+Megafactories%3A+Lamborghini.divx moved successfully.
[Custom Items]
========== FILES ==========
Folder C:\Program Files (x86)\AIM\ not found.
C:\Users\laptop\AppData\Local\Microsoft\Windows\Explorer\DaRK BOT.exe moved successfully.
C:\Users\laptop\AppData\Local\Microsoft\Windows\Explorer\DaRK DDoSeR(2).exe moved successfully.
C:\Users\laptop\AppData\Local\Microsoft\Windows\Explorer\DaRK DDoSeR.exe moved successfully.
C:\Users\laptop\Downloads\DaRK BOT.exe moved successfully.
C:\Users\laptop\Downloads\DaRK DDoSeR(2).exe moved successfully.
C:\Users\laptop\Downloads\DaRK DDoSeR.exe moved successfully.
C:\Users\laptop\Downloads\scac7402.exe moved successfully.
C:\Windows\System32\spool\prtprocs\x64\00003928.tmp moved successfully.
[Empty Temp Folders]


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: laptop
->Temp folder emptied: 7966001 bytes
->Temporary Internet Files folder emptied: 551744 bytes
->Java cache emptied: 23763 bytes
->FireFox cache emptied: 97337290 bytes
->Flash cache emptied: 5183 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 101.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.28.3 fix logfile created on 04222010_172146

Files\Folders moved on Reboot...
C:\Users\laptop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
























MBAM LATEST SCAN:


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4023

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/22/2010 4:10:23 PM
mbam-log-2010-04-22 (16-10-23).txt

Scan type: Quick scan
Objects scanned: 107284
Time elapsed: 3 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




LOOK.TXT:

Volume in drive C is Acer
Volume Serial Number is 40DE-FADD

Directory of C:\ProgramData\{50D3FBE1-AD16-4F59-9326-86404D6B1B1F}

03/31/2010 03:45 PM <DIR> .
03/31/2010 03:45 PM <DIR> ..
03/31/2010 03:45 PM 103 instance.dat
01/27/2010 12:01 PM 579,156 mia.lib
03/31/2010 03:45 PM 333 TreeFrog.dat
01/27/2010 12:01 PM 2,682,646 TreeFrog.exe
01/27/2010 12:01 PM 359,424 TreeFrog.msi
03/31/2010 03:45 PM 1,269 TreeFrog.par
01/27/2010 12:01 PM 1,542,109 TreeFrog.res
7 File(s) 5,165,040 bytes

Total Files Listed:
7 File(s) 5,165,040 bytes
2 Dir(s) 238,488,891,392 bytes free

[Help Help]

Computer is running at what seems to be normal, like I told you about after the first update MBAM scan.
But now, when clicking a file to run as administrator, it says the whole, "file does not have a program associated with it to perform its action"
So now its the other way around, all exes work when opened regularly, but when ran as admin, they do that prompt. Weird.

Thanks for the help so far man, you're the man

Btw, how could I have first been infected? I was just browsing msn money last week when all this went down, and then the next thing I know I have pop ups of ave.exe fake security tool stuff and my computer just crashes.

[SweetTech]

I'd like for you to try this tool below to see if it solves the issues you are experiencing with running a program as an administrator via right click 'Run as Administrator'.

Run exeHelper
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


In response to your question about how you got infected. In my experience 9 times out of 10 users get infected by using Peer to Peer programs and download files through those programs.


Please post the log that was produced after running the exeHelper scan, and the log that was produced after running OTS.

[Help Help]

exeHelper by Raktor
Build 20100414
Run at 18:55:12 on 04/22/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Removing HKCR\secfile
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

[Help Help]

I already posted the OTS log in post 25.

[SweetTech]

I'm sorry. I should have been a little more clearer. I wanted for you to run a fresh OTS scan.

Re-Running OTS

• On your Desktop double-click on OTS.exe to start the program. Make sure you close all other programs.
• Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please post the log that was produced after running the OTS scan, as well as any issues you are still experiencing with your computer.

[Help Help]

Ok I'll rerun it right now.
BTW the exehelper worked, no more file opening problems.