Hello, a couple of days ago my svchosts have been using up a lot of cpu, and my computer has been going slowly. I've uploaded all of the required files except for gmer.log because it kept getting stuck at a certain file. Hopefully you guys can help, many thanks.

EDIT: My bad, pasted logs below, could have swore the sticky said to upload the logs.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== ==================

All logs have to be pasted.

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 5378

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/22/2010 4:33:48 PM
mbam-log-2010-12-22 (16-33-48).txt

Scan type: Quick scan
Objects scanned: 148615
Time elapsed: 5 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





DDS (Ver_10-12-12.01) - NTFS_AMD64
Run by Admin at 16:30:25.16 on Wed 12/22/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.1999 [GMT -5:00]

AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AVG Anti-Virus *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\PROGRA~2\AVG\AVG8\avgam.exe
C:\PROGRA~2\AVG\AVG8\avgrsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files (x86)\Wing FTP Server\WFTPServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program files\P4G\BatteryLife.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\ASScrPro.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~2\AVG\AVG8\avgnsa.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\SysWOW64\java.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Admin\Desktop\dds.pif
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\s wg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\Google Update.exe" /c
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
uRun: [WingFTPTray] C:\Program Files (x86)\Wing FTP Server\WFTPTray.exe tray
mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
mRun: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
mRun: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
mRun: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [LELA] "C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
uExplorerRun: [Policies] C:\Windows\system32\install\EXPL0RER.exe
mExplorerRun: [Policies] C:\Windows\system32\install\EXPL0RER.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\FANCYS~1.LNK - C:\Windows\Installer\{DC905847-D537-427F-BF91-47CC7ACCDE58}\_DF3A81D17C478A2A6C60A5.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950D F09FAB501E03.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIFE82~1\WEB2~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp3.dll
LSA: Notification Packages = scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\s wg64.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
mRun-x64: [DLBUCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLBUtime.d ll,RunDLLEntry
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe"

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pro files\4oj57ghs.default\
FF - component: C:\Program Files (x86)\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.d ll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.d ll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.d ll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.d ll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Admin\AppData\Local\Google\Update\1.2.183 .39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Admin\AppData\Roaming\Mozilla\plugins\npg oogletalk.dll
FF - plugin: C:\Users\Admin\AppData\Roaming\Mozilla\plugins\npg tpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG8\Firefox
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pro files\4oj57ghs.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pro files\4oj57ghs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pro files\4oj57ghs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: Illimitux: illimitux@illimitux.net - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pro files\4oj57ghs.default\extensions\illimitux@illimi tux.net
FF - Extension: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pro files\4oj57ghs.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Extension: HyperCamToolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pro files\4oj57ghs.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer , true
============= SERVICES / DRIVERS ===============

R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\drivers\ avgrkx64.sys [2010-11-28 14856]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-11-28 427016]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-11-28 33416]
R1 AvgTdiA;AVG8 Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-11-28 133640]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-5-25 14904]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2010-11-28 297752]
R2 LinksysUpdater;Linksys Updater;C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-5-8 204800]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-8-13 304464]
R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2010-5-19 811608]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-2-3 427192]
R2 Wing FTP Server;Wing FTP Server;C:\Program Files (x86)\Wing FTP Server\WFTPServer.exe service --> C:\Program Files (x86)\Wing FTP Server\WFTPServer.exe service [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\System32\drivers\itecir.sys [2009-5-25 59392]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\dr ivers\mbam.sys [2010-8-13 24664]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-3 135664]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S3 CEDRIVER55;CEDRIVER55;C:\Program Files (x86)\Cheat Engine\dbk64.sys [2010-6-3 51712]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssflt r.sys [2009-11-23 61792]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2010-3-11 55808]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revofl t.sys [2010-3-30 31800]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-27 1255736]

=============== Created Last 30 ================

2010-12-22 20:41:53 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{6DED20FE-DDD2-43BD-947B-CA3F9A15C48A}\mpengine.dll
2010-12-22 01:39:00 -------- d-----w- C:\Program Files (x86)\Xeus Technologies
2010-12-19 16:24:46 57344 ----a-w- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\T emplates\GWYT.exe
2010-12-19 16:24:46 191488 ----a-w- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\T emplates\TURSH Tool.exe
2010-12-18 02:33:25 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2010-12-18 02:32:31 -------- d-----w- C:\Program Files (x86)\Microsoft Expression
2010-12-18 01:24:20 -------- d-----w- C:\Program Files (x86)\Wing FTP Server
2010-12-17 23:23:49 -------- d-----w- C:\Users\Admin\AppData\Roaming\Cisco
2010-12-17 23:23:17 -------- d-----w- C:\Program Files (x86)\Cisco
2010-12-17 23:23:17 -------- d-----w- C:\PROGRA~3\Cisco
2010-12-17 21:12:53 -------- d-----w- C:\.jagex_cache_32
2010-12-15 22:59:00 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-12-15 22:59:00 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-12-13 21:16:42 -------- d-----w- C:\Users\Admin\AppData\Roaming\AVG8
2010-12-12 19:23:47 -------- d-----w- C:\Program Files (x86)\HyperCam Toolbar
2010-12-12 19:23:38 -------- d-----w- C:\Program Files (x86)\HyCam2
2010-12-12 19:17:35 57344 ----a-w- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\T emplates\QHgwMsOtAqEFVB.exe
2010-12-12 19:17:35 112128 ----a-w- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\T emplates\AuthGen.exe
2010-12-12 05:17:56 -------- d-----w- C:\Program Files (x86)\Stunlock Studios
2010-12-06 20:25:46 -------- d--h--w- C:\$AVG8.VAULT$
2010-12-05 02:24:40 -------- d-----w- C:\PROGRA~3\ALM
2010-12-05 00:34:48 -------- d-----w- C:\Users\Admin\AppData\Roaming\chc.4875E02D9FB21EE 389F73B8D1702B320485DF8CE.1
2010-12-05 0019 -------- d-----w- C:\PROGRA~3\regid.1986-12.com.adobe
2010-11-28 20:49:04 -------- d-----w- C:\Windows\SysWow64\drivers\avg
2010-11-28 20:46:50 14856 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2010-11-28 20:46:50 12464 ----a-w- C:\Windows\System32\avgrssta.dll
2010-11-28 20:46:49 133640 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2010-11-28 20:46:42 427016 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2010-11-28 20:46:37 33416 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2010-11-28 20:46:36 -------- d-----w- C:\Windows\System32\drivers\Avg
2010-11-28 20:46:29 -------- d-----w- C:\Program Files (x86)\AVG
2010-11-28 20:46:29 -------- d-----w- C:\PROGRA~3\avg8
2010-11-27 02:23:25 -------- d-----w- C:\Python26
2010-11-25 21:40:04 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-25 21:40:04 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-24 04:32:02 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-24 04:32:02 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

==================== Find3M ====================

2010-12-22 20:39:21 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2010-11-19 23:06:49 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2010-11-19 22:54:11 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-26 19:42:39 5 ----a-w- C:\Windows\treeskp.sys
2010-10-26 19:42:39 5 ----a-w- C:\Windows\sbacknt.bin
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-19 15:41:44 270720 ----a-w- C:\Windows\System32\MpSigStub.exe
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2010-10-14 06:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll
2010-10-14 06:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll

============= FINISH: 16:31:22.70 ===============


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: PEGATRON Corp.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: G60VX
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 168):
0x03064000 \SystemRoot\system32\ntoskrnl.exe
0x0301B000 \SystemRoot\system32\hal.dll
0x00BC1000 \SystemRoot\system32\kdcom.dll
0x00CA0000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CE4000 \SystemRoot\system32\PSHED.dll
0x00CF8000 \SystemRoot\system32\CLFS.SYS
0x00ED4000 \SystemRoot\system32\CI.dll
0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x011B9000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x011C2000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01000000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01057000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01061000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F94000 \SystemRoot\system32\DRIVERS\pci.sys
0x0106E000 \SystemRoot\System32\drivers\partmgr.sys
0x00FC7000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D56000 \SystemRoot\System32\drivers\volmgrx.sys
0x011F1000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FDC000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00EB3000 \SystemRoot\System32\drivers\mountmgr.sys
0x01252000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0136F000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0137A000 \SystemRoot\system32\drivers\fltmgr.sys
0x013C6000 \SystemRoot\system32\drivers\fileinfo.sys
0x013DA000 \SystemRoot\System32\Drivers\AsDsm.sys
0x01403000 \SystemRoot\System32\Drivers\Ntfs.sys
0x00C00000 \SystemRoot\System32\Drivers\msrpc.sys
0x015A6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0167E000 \SystemRoot\System32\Drivers\cng.sys
0x016F1000 \SystemRoot\System32\drivers\pcw.sys
0x01702000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0170C000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x015C0000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x01200000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01660000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x00DB2000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01670000 \SystemRoot\System32\Drivers\spldr.sys
0x00C5E000 \SystemRoot\System32\drivers\rdyboost.sys
0x015EB000 \SystemRoot\System32\Drivers\mup.sys
0x013E7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01A29000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01A63000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A79000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01AA9000 \SystemRoot\System32\Drivers\avgrkx64.sys
0x01083000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01BEE000 \SystemRoot\System32\Drivers\Null.SYS
0x01BF7000 \SystemRoot\System32\Drivers\Beep.SYS
0x01A00000 \SystemRoot\System32\drivers\vga.sys
0x010AD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01A0E000 \SystemRoot\System32\drivers\watchdog.sys
0x01A1E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x013F0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x010D2000 \SystemRoot\system32\drivers\rdprefmp.sys
0x010DB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x010E6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x010F7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01115000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01122000 \SystemRoot\System32\Drivers\avgtdia.sys
0x01146000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02ECF000 \SystemRoot\system32\drivers\afd.sys
0x02F59000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02F62000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02F88000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02F97000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02FB2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02E00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02E51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02E5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02E68000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x02E73000 \SystemRoot\System32\drivers\discache.sys
0x03C8E000 \SystemRoot\system32\drivers\csc.sys
0x03D11000 \SystemRoot\System32\Drivers\dfsc.sys
0x03D2F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03D40000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x03D47000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03DB5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03DDB000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x10033000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x10D41000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03E04000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03EF8000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03F3E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03F4B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03FA1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03FB2000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x040AE000 \SystemRoot\system32\DRIVERS\netw5v64.sys
0x04000000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x0402E000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x0406C000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x0408C000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x045E9000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x10D43000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x03FD6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x040A2000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x10D9A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x10DA9000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x040AB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x10000000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03C00000 \SystemRoot\system32\DRIVERS\itecir.sys
0x03FF4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x1000F000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
0x10017000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03C5B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x02E82000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x10027000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02FC6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03C71000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02EA6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0118B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03DF1000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x011A5000 \SystemRoot\system32\DRIVERS\VClone.sys
0x03FF9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04AB4000 \SystemRoot\system32\DRIVERS\ks.sys
0x04AF7000 \SystemRoot\system32\DRIVERS\circlass.sys
0x04B09000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04B1B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04B75000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x08648000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x08600000 \SystemRoot\system32\drivers\portcls.sys
0x04B8A000 \SystemRoot\system32\drivers\drmk.sys
0x0863D000 \SystemRoot\system32\drivers\ksthunk.sys
0x04BAC000 \SystemRoot\system32\DRIVERS\hidir.sys
0x04BBD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x087F0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04BD6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x04BE4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x08838000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x08800000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x08811000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x0881A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x08828000 \SystemRoot\System32\Drivers\crashdmp.sys
0x01AB0000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x04A00000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x04A13000 \SystemRoot\System32\drivers\Dxapi.sys
0x04A1F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00570000 \SystemRoot\System32\TSDDD.dll
0x00630000 \SystemRoot\System32\cdd.dll
0x00890000 \SystemRoot\System32\ATMFD.DLL
0x04A2D000 \SystemRoot\system32\drivers\luafv.sys
0x04A50000 \SystemRoot\system32\drivers\WudfPf.sys
0x04A71000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x036B9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0370C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0371F000 \SystemRoot\system32\DRIVERS\pnarp.sys
0x0372B000 \SystemRoot\system32\DRIVERS\purendis.sys
0x03737000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0374F000 \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
0x03A50000 \SystemRoot\system32\drivers\HTTP.sys
0x03B18000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03B36000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03B4E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03B7B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03BC9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03756000 \SystemRoot\system32\drivers\peauth.sys
0x03BEC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03A00000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x03A2D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03600000 \SystemRoot\System32\DRIVERS\srv2.sys
0x09A6A000 \SystemRoot\System32\DRIVERS\srv.sys
0x09B00000 \SystemRoot\System32\Drivers\fastfat.SYS
0x09BAF000 \??\C:\Windows\system32\drivers\mbam.sys
0x774F0000 \Windows\System32\ntdll.dll
0x47CC0000 \Windows\System32\smss.exe
0xFF810000 \Windows\System32\apisetschema.dll

Processes (total 86):
0 System Idle Process
4 System
296 C:\Windows\System32\smss.exe
532 csrss.exe
592 C:\Windows\System32\wininit.exe
604 csrss.exe
656 C:\Windows\System32\services.exe
664 C:\Windows\System32\lsass.exe
672 C:\Windows\System32\lsm.exe
708 C:\Windows\System32\winlogon.exe
808 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\nvvsvc.exe
912 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
464 C:\Windows\System32\svchost.exe
504 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1156 C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
1200 C:\Windows\System32\svchost.exe
1292 C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
1312 C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
1344 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
1408 C:\Windows\System32\spoolsv.exe
1456 C:\Windows\System32\svchost.exe
1520 C:\Windows\System32\nvvsvc.exe
1612 C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
1644 C:\Windows\System32\svchost.exe
1704 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1768 C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
1932 C:\PROGRA~2\AVG\AVG8\avgam.exe
1980 C:\PROGRA~2\AVG\AVG8\avgrsa.exe
1124 C:\Windows\System32\svchost.exe
1692 C:\Program Files (x86)\TightVNC\tvnserver.exe
1776 C:\Program Files (x86)\Wing FTP Server\WFTPServer.exe
1852 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2088 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2248 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
2432 C:\Windows\System32\taskhost.exe
2548 C:\Windows\System32\dwm.exe
2612 C:\Windows\System32\taskeng.exe
2664 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
2740 C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2752 C:\Program Files\P4G\BatteryLife.exe
2760 C:\Windows\explorer.exe
2808 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
2816 C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
3020 C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe
1872 C:\Program Files\Wireless Console 2\wcourier.exe
2388 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2928 C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
2824 C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
3188 C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
3196 C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
3216 ACEngSvr.exe
3600 C:\Windows\System32\SearchIndexer.exe
3852 C:\Windows\System32\svchost.exe
4092 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4076 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2160 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
4208 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
4252 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4492 C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
4524 C:\Windows\ASScrPro.exe
4536 C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
4564 C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
4588 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
4692 C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
4700 C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
4708 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
4500 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
1544 C:\Windows\System32\wuauclt.exe
2292 C:\Windows\System32\svchost.exe
4028 C:\Program Files\Windows Media Player\wmpnetwk.exe
1788 C:\PROGRA~2\AVG\AVG8\avgnsa.exe
4504 C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
2636 C:\Windows\SysWOW64\java.exe
4968 C:\Windows\System32\conhost.exe
1092 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
2336 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
3304 C:\Windows\System32\audiodg.exe
4876 C:\Program Files (x86)\Opera\opera.exe
2968 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
1356 C:\Windows\System32\SearchProtocolHost.exe
5028 C:\Windows\System32\SearchFilterHost.exe
3740 C:\Users\Admin\Desktop\MBRCheck.exe
1624 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee200000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000028`31100000 (NTFS)

PhysicalDrive0 Model Number: ST9320421AS, Rev: SD14

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 3/3/2010 11:16:01 PM
System Uptime: 12/22/2010 3:38:15 PM (1 hours ago)

Motherboard: PEGATRON Corp. | | G60VX
Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz | Socket 478 | 1600/267mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 34.556 GiB free.
D: is FIXED (NTFS) - 137 GiB total, 106.49 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva

==== System Restore Points ===================

RP207: 12/18/2010 1:49:18 AM - Windows Update
RP208: 12/20/2010 543 PM - Installed Opera 11.00.
RP209: 12/22/2010 12:17:07 AM - Windows Update
RP210: 12/22/2010 3:33:40 PM - Restore Operation

==== Installed Programs ======================

µTorrent
Adobe AIR
Adobe Community Help
Adobe Dreamweaver CS5
Adobe Flash Player 10 ActiveX
Adobe Flash Professional CS5
Adobe Illustrator CS5
Adobe Media Player
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
Asus_Camera_ScreenSaver
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
AVG 8.5
Borderlands
CCleaner
Cheat Engine 5.6
Choice Guard
Cisco AnyConnect VPN Client
Compatibility Pack for the 2007 Office system
Counter-Strike 2D 0.1.1.7
CyberLink LabelPrint
CyberLink Power2Go
DC++ 0.750
Delphi 7 Second Edition
DJ Java Decompiler v.3.11.11.95
DVD Decrypter (Remove Only)
Dynasty Warriors 4 Hyper
Express Gate
Fallout 3
Galapago
GCalc 3
Geek Squad 24 Hour Computer Support
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Guild Wars
Heroes of Newerth
HyperCam 2
HyperCam Toolbar
ImTOO Video Converter Ultimate
ITECIR
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 3
Junk Mail filter update
League of Legends
LibUSB-Win32-0.1.10.1
LightScribe System Software 1.14.17.1
Linksys EasyLink Advisor
LoJack Factory Installer
M3 GAME Manager Uninstall
Malwarebytes' Anti-Malware
MapleStory
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Expression Web 2
Microsoft Expression Web 2 MUI (English)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 Express - ENU
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
mIRC
Mozilla Firefox (3.5.9)
MSVCRT
myPhotoMovie (remove only)
NVIDIA PhysX
Oblivion
Opera 10.63
Pando Media Booster
PCSX2 - Playstation 2 Emulator
Pcsx2 0.9.6
PDF Settings CS5
Picasa 2
Project64 1.6
Pure Networks Platform
PuTTY Connection Manager 0.7.1.136beta
QuickPar 0.9
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03
Runes of Magic
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Simba 1.0 Beta
SwiftKit
System Requirements Lab
TI Connect 1.6
TightVNC 1.3.10
TightVNC 2.0beta4
TNod User & Password Finder 1.0.0
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Expression Web 2 (KB957827)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VirtualCloneDrive
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 1.0.3
WBFS Manager 3.0
WebEx Support Manager for Internet Explorer
Windows 7 Upgrade Advisor
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker Beta
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinFlash
Wing FTP Server 3.7.2
Wireless Console 2
XChat 2 (remove only)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/22/2010 3:39:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
12/22/2010 3:38:51 PM, Error: Service Control Manager [7000] - The LibUsb-Win32 - Daemon, Version 0.1.10.1 service failed to start due to the following error: The system cannot find the file specified.
12/22/2010 3:38:32 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/22/2010 3:38:17 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
12/22/2010 3:33:22 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
12/22/2010 3:30:51 PM, Error: Service Control Manager [7031] - The TightVNC Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/22/2010 3:30:47 PM, Error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 3:30:28 PM, Error: Service Control Manager [7034] - The Wing FTP Server service terminated unexpectedly. It has done this 1 time(s).
12/21/2010 322 PM, Error: Service Control Manager [7034] - The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 753 PM, Error: Schannel [36887] - The following fatal alert was received: 50.

==== End Of File ===========================

So far, I don't see much...

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

ComboFix 10-12-22.01 - Admin 12/22/2010 19:31:14.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2736 [GMT -5:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
AV: AVG Anti-Virus *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\HyperCam Toolbar\tbHElper.dll
c:\users\Admin\AppData\Roaming\EurekaLog
c:\users\Admin\AppData\Roaming\Install.dat

.
((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
.

2010-12-23 00:38 . 2010-12-23 00:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-22 20:41 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6DED20FE-DDD2-43BD-947B-CA3F9A15C48A}\mpengine.dll
2010-12-22 01:39 . 2010-12-22 01:39 -------- d-----w- c:\program files (x86)\Xeus Technologies
2010-12-19 16:24 . 2010-12-19 16:24 57344 ----a-w- c:\users\Admin\AppData\Roaming\Microsoft\Windows\T emplates\GWYT.exe
2010-12-19 16:24 . 2010-12-19 16:24 191488 ----a-w- c:\users\Admin\AppData\Roaming\Microsoft\Windows\T emplates\TURSH Tool.exe
2010-12-18 02:33 . 2010-12-18 02:33 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2010-12-18 02:32 . 2010-12-18 02:32 -------- d-----w- c:\program files (x86)\Microsoft Expression
2010-12-18 01:24 . 2010-12-18 01:24 -------- d-----w- c:\program files (x86)\Wing FTP Server
2010-12-17 23:23 . 2010-12-17 23:23 -------- d-----w- c:\users\Admin\AppData\Roaming\Cisco
2010-12-17 23:23 . 2010-12-17 23:23 -------- d-----w- c:\programdata\Cisco
2010-12-17 23:23 . 2010-12-17 23:23 -------- d-----w- c:\program files (x86)\Cisco
2010-12-17 21:12 . 2010-12-22 20:35 -------- d-----w- C:\.jagex_cache_32
2010-12-16 03:24 . 2010-12-16 03:24 -------- d-----w- c:\users\Public\Roaming
2010-12-15 22:59 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 22:59 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-12-12 19:23 . 2010-12-23 00:38 -------- d-----w- c:\program files (x86)\HyperCam Toolbar
2010-12-12 19:23 . 2010-12-12 19:23 -------- d-----w- c:\program files (x86)\HyCam2
2010-12-12 19:17 . 2010-12-12 19:17 57344 ----a-w- c:\users\Admin\AppData\Roaming\Microsoft\Windows\T emplates\QHgwMsOtAqEFVB.exe
2010-12-12 19:17 . 2010-12-12 19:17 112128 ----a-w- c:\users\Admin\AppData\Roaming\Microsoft\Windows\T emplates\AuthGen.exe
2010-12-12 05:17 . 2010-12-12 05:17 -------- d-----w- c:\program files (x86)\Stunlock Studios
2010-12-05 02:24 . 2010-12-05 02:24 -------- d-----w- c:\programdata\ALM
2010-12-05 00:34 . 2010-12-05 00:34 -------- d-----w- c:\users\Admin\AppData\Roaming\chc.4875E02D9FB21EE 389F73B8D1702B320485DF8CE.1
2010-12-05 00:21 . 2010-12-05 02:25 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-12-05 00:17 . 2010-12-05 00:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-12-05 00:17 . 2010-12-05 00:17 -------- d-----w- c:\program files (x86)\Adobe Media Player
2010-11-28 20:49 . 2010-11-28 20:49 -------- d-----w- c:\windows\SysWow64\drivers\avg
2010-11-28 20:46 . 2010-12-23 00:25 -------- d-----w- c:\program files (x86)\AVG
2010-11-28 20:46 . 2010-12-23 00:24 -------- d-----w- c:\programdata\avg8
2010-11-27 02:23 . 2010-11-27 02:23 -------- d-----w- C:\Python26
2010-11-25 21:40 . 2010-11-12 23:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-11-25 21:40 . 2010-11-12 23:53 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-24 04:32 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-24 04:32 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-12-23 00:26 . 2010-01-12 23:05 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-11-19 23:06 . 2010-11-19 23:06 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-11-19 22:54 . 2010-11-19 22:54 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-19 15:41 . 2010-01-14 20:34 270720 ----a-w- c:\windows\system32\MpSigStub.exe
2010-10-14 06:36 . 2010-10-14 06:36 15451288 ----a-w- c:\windows\SysWow64\xlive.dll
2010-10-14 06:36 . 2010-10-14 06:36 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Google Update"="c:\users\Admin\AppData\Local\Google\Updat e\GoogleUpdate.exe" [2010-02-02 135664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-02-16 2937528]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-09-19 39408]
"WingFTPTray"="c:\program files (x86)\Wing FTP Server\WFTPTray.exe" [2010-11-26 1182968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2008-10-01 1126400]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-05-25 47672]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2009-05-25 33136]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2008-08-19 159744]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe" [2008-06-14 210216]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"LELA"="c:\program files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-06-13 139264]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{DC905847-D537-427F-BF91-47CC7ACCDE58}\_DF3A81D17C478A2A6C60A5.exe [2009-5-25 12862]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-21 868848]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-04 135664]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [x]
R2 LinksysUpdater;Linksys Updater;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-05-08 204800]
R3 CEDRIVER55;CEDRIVER55;c:\program files (x86)\Cheat Engine\dbk64.sys [2010-04-01 51712]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2010-01-15 55808]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revofl t.sys [2009-12-30 31800]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-28 1255736]
R4 Wing FTP Server;Wing FTP Server;c:\program files (x86)\Wing FTP Server\WFTPServer.exe service [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2010-05-19 811608]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-19 59392]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2010-04-29 24664]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]


--- Other Services/Drivers In Memory ---

*Deregistered* - eamon
*Deregistered* - ehdrv
*Deregistered* - epfwwfpr
.
Contents of the 'Scheduled Tasks' folder

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-04 01:20]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-04 01:20]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2323334929-2365793108-1243818059-1000Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleU pdate.exe [2010-02-02 22:03]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2323334929-2365793108-1243818059-1000UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleU pdate.exe [2010-02-02 22:03]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\AD SMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1_64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\To rtoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 02:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\To rtoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 02:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\To rtoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 02:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\To rtoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 02:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\To rtoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 02:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\To rtoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 02:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\To rtoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 02:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\To rtoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 02:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\To rtoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 02:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-24 7573024]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-24 1833504]
"DLBUCATS"="c:\windows\system32\spool\DRIVERS\x64\ 3\DLBUtime.dll" [2007-02-12 28672]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe" [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950D F09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Pro files\4oj57ghs.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: HyperCamToolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer , true
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9. ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 i.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 i.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 i.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 i.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-22 19:41:40
ComboFix-quarantined-files.txt 2010-12-23 00:41

Pre-Run: 36,149,088,256 bytes free
Post-Run: 35,670,474,752 bytes free

- - End Of File - - 26128D9A9CFF48A0EB3C652215E4B708

Not much, either...

Download Process Explorer: Process Explorer
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

================================================== ================

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 95.22 0 K 24 K
Interrupts n/a 0.77 0 K 0 K Hardware Interrupts
DPCs n/a 0 K 0 K Deferred Procedure Calls
System 4 120 K 2,732 K
smss.exe 296 448 K 1,112 K Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 520 2,176 K 4,316 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe 584 1,456 K 4,380 K Windows Start-Up Application Microsoft Corporation wininit.exe
services.exe 640 5,568 K 11,896 K Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
svchost.exe 820 4,336 K 9,556 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
ACEngSvr.exe 2424 2,180 K 6,112 K ACEngSvr Module ASUSTeK "C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
WmiPrvSE.exe 4696 2,608 K 6,060 K WMI Provider Host Microsoft Corporation C:\Windows\system32\wbem\wmiprvse.exe
nvvsvc.exe 884 1,356 K 3,792 K NVIDIA Driver Helper Service, Version 195.62 NVIDIA Corporation C:\Windows\system32\nvvsvc.exe
nvvsvc.exe 1224 2,996 K 8,032 K NVIDIA Driver Helper Service, Version 195.62 NVIDIA Corporation C:\Windows\system32\nvvsvc.exe -session -first
svchost.exe 924 4,252 K 8,108 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
svchost.exe 1020 16,880 K 18,496 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
audiodg.exe 3124 16,700 K 16,764 K Windows Audio Device Graph Isolation Microsoft Corporation C:\Windows\system32\AUDIODG.EXE 0x7c0
svchost.exe 336 119,268 K 126,980 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
dwm.exe 1684 1.55 23,264 K 21,840 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
svchost.exe 632 27,756 K 44,992 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe 2036 2,280 K 6,744 K Task Scheduler Engine Microsoft Corporation taskeng.exe {875B02CC-3A20-4D90-8A11-0D0E9067F4EE}
BatteryLife.exe 2184 3,120 K 564 K Power4Gear Hybrid ATK "C:\Program files\P4G\BatteryLife.exe"
sensorsrv.exe 2252 1,216 K 548 K SmartLogon Application ASUS "C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
wuauclt.exe 4740 1,936 K 6,592 K Windows Update Microsoft Corporation "C:\Windows\system32\wuauclt.exe"
svchost.exe 1088 6,472 K 11,764 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
vpnagent.exe 1196 3,616 K 8,436 K VPN Agent Service Cisco Systems, Inc. "C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe"
svchost.exe 1260 14,520 K 16,340 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
ADSMSrv.exe 1396 1,072 K 3,660 K ADSMSrv ASUSTek Computer Inc. "C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe"
AsLdrSrv.exe 1416 1,072 K 3,756 K ASLDR Service "C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
ACMON.exe 2300 2,932 K 10,036 K ACMON ATK "C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
HControl.exe 2308 6,240 K 7,080 K HControl ASUS "C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe"
ATKOSD.exe 1340 852 K 5,620 K ATKOSD ASUS ATKOSD.exe
KBFiltr.exe 4108 1,036 K 3,872 K KBFiltr ASUS KBFiltr.exe
WDC.exe 4132 1,324 K 5,132 K WDC ASUS WDC.exe
MsgTranAgt64.exe 2316 1,364 K 3,780 K MsgTranAgt ASUS "C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe"
GFNEXSrv.exe 1440 936 K 3,148 K GFNEXSrv "C:\Program Files\ATKGFNEX\GFNEXSrv.exe"
spoolsv.exe 1516 7,008 K 13,568 K Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
svchost.exe 1700 0.77 21,520 K 23,780 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskhost.exe 1752 8,016 K 9,392 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
svchost.exe 1848 6,800 K 14,188 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
LSSrvc.exe 1876 1,244 K 4,176 K LightScribe Service Hewlett-Packard Company "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
svchost.exe 1980 1,768 K 5,260 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
tvnserver.exe 2016 1,840 K 5,204 K TightVNC Server for Windows GlavSoft LLC. "C:\Program Files (x86)\TightVNC\tvnserver.exe" -service
WLIDSVC.EXE 1692 4,332 K 12,284 K Microsoft® Windows Live ID Service Microsoft Corporation "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSVCM.EXE 3032 1,164 K 3,132 K Microsoft® Windows Live ID Service Monitor Microsoft Corporation WLIDSvcM.exe 1692
YahooAUService.exe 2092 2,040 K 6,720 K AutoUpater Service Module Yahoo! Inc. "C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe"
nmsrvc.exe 2512 19,028 K 12,012 K Pure Networks Platform Service Pure Networks, Inc. "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"
SearchIndexer.exe 3692 29,452 K 16,208 K Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
SearchProtocolHost.exe 3904 3,432 K 8,564 K Microsoft Windows Search Protocol Host Microsoft Corporation "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrs vc" "DownLevelDaemon"
SearchFilterHost.exe 4500 2,720 K 6,704 K Microsoft Windows Search Filter Host Microsoft Corporation "C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
svchost.exe 3964 2,336 K 6,060 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
mbamservice.exe 2756 68,444 K 31,848 K Malwarebytes' Anti-Malware Malwarebytes Corporation "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
svchost.exe 4188 68,816 K 30,640 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k secsvcs
wmpnetwk.exe 5104 10,088 K 11,188 K Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe"
lsass.exe 656 4,660 K 11,544 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
lsm.exe 664 2,440 K 4,256 K Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
csrss.exe 596 2,444 K 6,376 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 756 2,880 K 7,008 K Windows Logon Application Microsoft Corporation winlogon.exe
explorer.exe 2044 36,260 K 59,992 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
SynTPEnh.exe 2296 3,308 K 9,848 K Synaptics TouchPad Enhancements Synaptics, Inc. "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
SynTPHelper.exe 3136 1,184 K 3,172 K Synaptics Pointing Device Helper Synaptics, Inc. "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
RAVCpl64.exe 1560 10,280 K 11,540 K HD Audio Control Panel Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
LightScribeControlPanel.exe 1956 2,800 K 9,628 K Hewlett-Packard Company "C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
PMB.exe 2952 16,344 K 17,880 K Pando Media Booster "C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
GoogleToolbarNotifier.exe 1548 2,724 K 2,356 K GoogleToolbarNotifier Google Inc. "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
TSVNCache.exe 2868 6,072 K 10,812 K TortoiseSVN status cache TortoiseSVN "C:\Program Files\TortoiseSVN\bin\TSVNCache.exe"
opera.exe 736 1.55 102,432 K 107,100 K Opera Internet Browser Opera Software "C:\Program Files (x86)\Opera\opera.exe"
procexp.exe 4996 1,832 K 8,700 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Admin\Desktop\procexp.exe"
procexp64.exe 4720 0.77 21,896 K 41,332 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Admin\Desktop\procexp.exe"
ADSMTray.exe 3288 1,204 K 4,996 K ADSMTray ASUSTek Computer Inc. "C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe"
ASScrPro.exe 3320 1,116 K 4,176 K "C:\Windows\ASScrPro.exe"
DMedia.exe 3332 1,000 K 3,920 K ATK Media ASUS "C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"
ATKOSD2.exe 3360 1,252 K 4,768 K ATKOSD2 ASUS "C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"
CLMLSvc.exe 3424 3,808 K 9,896 K CyberLink MediaLibray Service CyberLink "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
VCDDaemon.exe 3508 1,432 K 5,160 K Virtual CloneDrive Daemon Elaborate Bytes AG "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
Linksys EasyLink Advisor.exe 3516 53,676 K 46,304 K Linksys Easylink Advisor - Main Linksys LLC - A Division of Cisco Systems "C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
nmctxth.exe 3552 8,540 K 14,776 K Pure Networks Platform Assistant Pure Networks, Inc. "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
AdobeARM.exe 4040 3,484 K 10,548 K Adobe Reader and Acrobat Manager Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mbamgui.exe 3260 1,860 K 5,876 K Malwarebytes' Anti-Malware Malwarebytes Corporation "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
notepad.exe 1772 1,884 K 6,908 K Notepad Microsoft Corporation notepad.exe "C:\Users\Admin\AppData\Local\Temp\log.txt"


OTL logfile created on: 12/22/2010 7:53:11 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Admin\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 33.28 Gb Free Space | 22.33% Space Free | Partition Type: NTFS
Drive D: | 137.32 Gb Total Space | 106.49 Gb Free Space | 77.55% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/22 19:52:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2010/10/08 13:00:10 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2010/05/19 09:12:30 | 000,811,608 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\TightVNC\tvnserver.exe
PRC - [2010/04/29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 14:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/02/16 17:39:41 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2009/06/17 06:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/05/25 03:59:54 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2009/03/04 12:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/03/04 11:55:52 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/02/03 15:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008/12/22 19:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/12/09 17:00:58 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/19 06:10:59 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
PRC - [2008/08/19 12:34:04 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/08/13 23:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/13 22:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/08/13 1856 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/07/18 21:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/06/13 06:51:57 | 000,139,264 | ---- | M] (Linksys LLC - A Division of Cisco Systems) -- C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/01 01:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2008/03/31 04:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/08/08 02:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/12/22 19:52:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
MOD - [2010/08/21 0032 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420f e3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\libusbd-nt.exe -- (libusbd)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/03/31 04:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV:64bit: - [2007/08/08 02:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010/11/26 11:07:06 | 005,702,904 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Wing FTP Server\WFTPServer.exe -- (Wing FTP Server)
SRV - [2010/05/19 09:12:30 | 000,811,608 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2010/04/29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/03 15:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/13 22:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/05/08 11:59:42 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (libusb-Win32) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2010/06/21 03:27:06 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/29 14:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/01/15 16:44:58 | 000,055,808 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2009/12/30 1124 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/17 17:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/11/24 15:29:16 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/09 16:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/11 04:26:17 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/02/03 15:23:46 | 000,019,456 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2008/12/08 20:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008/10/08 22:39:01 | 001,821,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2008/08/06 19:26:07 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/06/24 15:50:00 | 000,065,024 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/06/03 17:41:49 | 000,017,464 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/05/16 06:10:32 | 000,031,544 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2008/05/16 06:10:30 | 000,033,080 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2008/03/13 02:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007/12/18 19:57:12 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2007/12/06 05:12:55 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/07/27 21:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 22:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 13:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2006/10/28 09:01:07 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV - [2010/03/31 20:51:52 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Cheat Engine\dbk64.sys -- (CEDRIVER55)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.87
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.6
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..network.proxy.http: "93.62.4.207"
FF - prefs.js..network.proxy.http_port: 9010


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/30 17:25:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/17 21:33:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplg Tb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/03/03 22:49:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2010/12/12 17:45:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pro files\4oj57ghs.default\extensions
[2010/03/03 22:49:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pro files\4oj57ghs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/03 22:49:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pro files\4oj57ghs.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/13 21:41:01 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pro files\4oj57ghs.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/12/12 14:23:48 | 000,000,000 | ---D | M] (HyperCam Toolbar) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pro files\4oj57ghs.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2010/03/03 22:49:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pro files\4oj57ghs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/05/04 16:25:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pro files\4oj57ghs.default\extensions\illimitux@illimi tux.net
[2010/12/22 16:57:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/26 00:34:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/22 16:57:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/02/16 17:39:41 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/12/04 19:05:53 | 000,001,733 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 Registration
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\s wg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\s wg.dll (Google Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [DLBUCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\DLBUtime. DLL ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [LELA] C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.)
O4 - HKCU..\Run: [WingFTPTray] C:\Program Files (x86)\Wing FTP Server\WFTPTray.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Expression\Web 2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/12/22 19:52:29 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2010/12/22 19:51:22 | 004,177,272 | ---- | C] (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources) -- C:\Users\Admin\Desktop\procexp.exe
[2010/12/22 19:41:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/12/22 19:28:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/22 19:28:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/22 19:28:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/22 19:28:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/22 19:27:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/22 19:20:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/22 16:57:39 | 001,775,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Admin\Desktop\avg_remover_stf_x64_2011_11 65.exe
[2010/12/22 1603 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/12/21 20:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xeus Technologies
[2010/12/21 20:36:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\iSimples Keylogger + remover
[2010/12/19 10:55:16 | 000,191,488 | ---- | C] (Team Vitalz) -- C:\Users\Admin\Desktop\TURSH Tool.exe
[2010/12/17 21:36:03 | 000,000,000 | --SD | C] -- C:\Users\Admin\Documents\My Web Sites
[2010/12/17 21:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/12/17 21:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Expression
[2010/12/17 20:24:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wing FTP Server
[2010/12/17 18:23:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Cisco
[2010/12/17 18:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2010/12/17 18:23:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2010/12/17 16:12:53 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2010/12/15 23:36:26 | 000,662,856 | ---- | C] (rFTuAkwQtFtC) -- C:\Users\Admin\Desktop\RSMemberPins.exe
[2010/12/14 23:12:27 | 000,057,344 | ---- | C] (wtGfOUfXDSeeaDV) -- C:\Users\Admin\Desktop\RSAuthGeneratorV2.exe
[2010/12/12 14:23:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HyperCam Toolbar
[2010/12/12 14:23:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HyCam2
[2010/12/12 14:09:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Polymorphic Keylogger
[2010/12/12 00:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stunlock Studios
[2010/12/11 20:02:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\New folder
[2010/12/05 1508 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\botclient
[2010/12/04 21:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010/12/04 20:41:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Adobe CS5
[2010/12/04 19:34:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\chc.4875E02D9FB21EE 389F73B8D1702B320485DF8CE.1
[2010/12/04 1919 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/12/04 19:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/12/04 19:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/12/04 19:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010/12/04 19:02:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\IT TOOF
[2010/11/30 22:53:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\RSBot7
[2010/11/28 21:22:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Junk
[2010/11/28 15:49:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\avg
[2010/11/28 15:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\avg8
[2010/11/28 15:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/11/26 21:23:25 | 000,000,000 | ---D | C] -- C:\Python26
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Admin\Documents\*.tmp files -> C:\Users\Admin\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/22 19:52:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2010/12/22 19:51:11 | 001,843,055 | ---- | M] () -- C:\Users\Admin\Desktop\ProcessExplorer.zip
[2010/12/22 19:36:36 | 000,016,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/22 19:36:36 | 000,016,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/22 19:33:41 | 000,778,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/22 19:33:41 | 000,660,004 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/22 19:33:41 | 000,120,900 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/22 19:29:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2323334929-2365793108-1243818059-1000UA.job
[2010/12/22 19:26:34 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2010/12/22 19:26:17 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/22 19:26:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/22 19:25:48 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/22 19:20:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/22 19:17:52 | 003,996,586 | R--- | M] () -- C:\Users\Admin\Desktop\ComboFix.exe
[2010/12/22 17:41:59 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2323334929-2365793108-1243818059-1000Core.job
[2010/12/22 17:06:38 | 000,000,117 | ---- | M] () -- C:\Users\Admin\jagex_runescape_preferences2.dat
[2010/12/22 17:06:38 | 000,000,046 | ---- | M] () -- C:\Users\Admin\jagex_runescape_preferences.dat
[2010/12/22 16:57:39 | 001,775,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Admin\Desktop\avg_remover_stf_x64_2011_11 65.exe
[2010/12/22 16:30:14 | 000,624,640 | ---- | M] () -- C:\Users\Admin\Desktop\dds.pif
[2010/12/22 16:29:48 | 000,624,128 | ---- | M] () -- C:\Users\Admin\Desktop\dds.scr
[2010/12/22 16:28:32 | 000,080,384 | ---- | M] () -- C:\Users\Admin\Desktop\MBRCheck.exe
[2010/12/22 16:14:01 | 000,296,448 | ---- | M] () -- C:\Users\Admin\Desktop\r2msmxm2.exe
[2010/12/22 15:43:35 | 000,020,822 | ---- | M] () -- C:\Users\Admin\Documents\cc_20101222_154331.reg
[2010/12/21 15:13:25 | 000,028,160 | ---- | M] () -- C:\Users\Admin\Desktop\something2.doc
[2010/12/19 22:29:43 | 006,269,445 | ---- | M] () -- C:\Users\Admin\Desktop\GoTube_v1.2.zip
[2010/12/19 10:57:32 | 039,131,284 | ---- | M] () -- C:\Users\Admin\Documents\UltimateRSHackTool.avi
[2010/12/19 10:55:08 | 000,110,254 | ---- | M] () -- C:\Users\Admin\Desktop\TURSH Tool.rar
[2010/12/18 18:26:41 | 000,413,184 | ---- | M] () -- C:\Users\Admin\Documents\DDoSer2.exe
[2010/12/18 18:26:30 | 000,000,051 | ---- | M] () -- C:\Users\Admin\Documents\DDoSer.ddp
[2010/12/18 18:26:24 | 000,002,139 | ---- | M] () -- C:\Users\Admin\Documents\DDoSer.dfm
[2010/12/17 23:08:56 | 000,005,923 | ---- | M] () -- C:\Users\Admin\Documents\DDoSer.dcu
[2010/12/17 23:08:54 | 000,001,806 | ---- | M] () -- C:\Users\Admin\Documents\DDoSer.pas
[2010/12/17 21:22:30 | 000,001,105 | ---- | M] () -- C:\Users\Admin\Documents\NewsNStuff.html
[2010/12/17 21:10:50 | 000,001,274 | ---- | M] () -- C:\Users\Admin\Documents\forums.html
[2010/12/17 20:24:26 | 000,001,013 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Wing FTP Server Admin.lnk
[2010/12/17 20:24:26 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Wing FTP Server Admin.lnk
[2010/12/17 19:58:38 | 000,361,940 | ---- | M] () -- C:\Users\Admin\Desktop\Logos.zip
[2010/12/17 19:42:57 | 000,137,865 | ---- | M] () -- C:\Users\Admin\Documents\reallogo3.ai
[2010/12/17 19:27:49 | 000,158,451 | ---- | M] () -- C:\Users\Admin\Documents\logo2.ai
[2010/12/17 18:49:56 | 000,133,443 | ---- | M] () -- C:\Users\Admin\Documents\logo1.ai
[2010/12/16 22:34:56 | 000,000,189 | ---- | M] () -- C:\Users\Admin\Documents\DDoSer2.dpr
[2010/12/16 22:34:55 | 000,001,966 | ---- | M] () -- C:\Users\Admin\Documents\DDoSer2.dof
[2010/12/16 22:34:55 | 000,000,434 | ---- | M] () -- C:\Users\Admin\Documents\DDoSer2.cfg
[2010/12/16 21:31:24 | 000,000,876 | ---- | M] () -- C:\Users\Admin\Documents\DDoSer2.res
[2010/12/16 15:32:19 | 004,954,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/15 23:36:32 | 000,662,856 | ---- | M] (rFTuAkwQtFtC) -- C:\Users\Admin\Desktop\RSMemberPins.exe
[2010/12/15 23:32:50 | 000,427,008 | ---- | M] () -- C:\Users\Admin\Desktop\RS Membership Pin Generator.exe
[2010/12/15 23:31:34 | 007,622,890 | ---- | M] () -- C:\Users\Admin\Desktop\RS Membership Pin Generator.avi
[2010/12/14 23:14:30 | 021,536,264 | ---- | M] () -- C:\Users\Admin\Desktop\RSBots.net Auth Generator.avi
[2010/12/14 23:12:32 | 000,057,344 | ---- | M] (wtGfOUfXDSeeaDV) -- C:\Users\Admin\Desktop\RSAuthGeneratorV2.exe
[2010/12/14 23:10:21 | 000,181,248 | ---- | M] () -- C:\Users\Admin\Desktop\RSBots.net Auth Generator v2.exe
[2010/12/12 14:25:23 | 011,377,398 | ---- | M] () -- C:\Users\Admin\Documents\clip0001.avi
[2010/12/12 14:23:28 | 002,576,256 | ---- | M] () -- C:\Users\Admin\Desktop\HC2Setup.exe
[2010/12/12 14:22:58 | 000,293,144 | ---- | M] () -- C:\Users\Admin\Desktop\SoftonicDownloader_for_hype rcam.exe
[2010/12/12 14:15:23 | 000,072,771 | ---- | M] () -- C:\Users\Admin\Desktop\Auth Generator FJ.rar
[2010/12/12 14:09:29 | 000,529,985 | ---- | M] () -- C:\Users\Admin\Desktop\Polymorphic Keylogger.rar
[2010/12/12 00:01:25 | 207,435,408 | ---- | M] () -- C:\Users\Admin\Desktop\Bloodline Champions Beta Installer.exe
[2010/12/11 20:03:50 | 000,353,282 | ---- | M] () -- C:\Users\Admin\Desktop\IT SHIZ.zip
[2010/12/10 15:22:45 | 000,011,492 | ---- | M] () -- C:\Users\Admin\Documents\cc_20101210_152235.reg
[2010/12/09 15:25:21 | 000,024,064 | ---- | M] () -- C:\Users\Admin\Documents\MLAPaper.doc
[2010/12/05 15:55:58 | 000,023,416 | ---- | M] () -- C:\Users\Admin\Desktop\settings.zip
[2010/12/05 15:55:39 | 031,814,770 | ---- | M] () -- C:\Users\Admin\Desktop\botclient.zip
[2010/12/05 15:52:12 | 000,000,147 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\RSBot_Accounts.ini
[2010/12/04 23:51:59 | 000,032,968 | ---- | M] () -- C:\Users\Admin\Desktop\restroom.jpg
[2010/12/04 23:26:22 | 000,000,566 | ---- | M] () -- C:\Users\Admin\Documents\Site1.html
[2010/12/04 23:11:36 | 000,016,349 | ---- | M] () -- C:\Users\Admin\Desktop\Connectything.png
[2010/12/04 22:07:50 | 000,020,947 | ---- | M] () -- C:\Users\Admin\Desktop\wireframe1.png
[2010/12/04 19:46:24 | 000,013,484 | ---- | M] () -- C:\Users\Admin\Desktop\Dreamweaver_CS5-_Demonoid.com_-_9926954.5674.torrent
[2010/12/04 18:41:02 | 000,006,911 | ---- | M] () -- C:\Users\Admin\Desktop\Project+1+-+Part+2.rtf
[2010/12/04 18:40:57 | 000,001,722 | ---- | M] () -- C:\Users\Admin\Desktop\Project+1+-+Part+1.rtf
[2010/12/04 18:17:06 | 000,022,528 | ---- | M] () -- C:\Users\Admin\Desktop\Assignment1.doc
[2010/11/28 23:49:32 | 000,191,488 | ---- | M] (Team Vitalz) -- C:\Users\Admin\Desktop\TURSH Tool.exe
[2010/11/28 15:39:36 | 000,028,672 | ---- | M] () -- C:\Users\Admin\Documents\PersuasiveEssay1.doc
[2010/11/24 01:04:53 | 000,112,128 | ---- | M] () -- C:\Users\Admin\Desktop\AuthGen.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Admin\Documents\*.tmp files -> C:\Users\Admin\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/22 19:51:22 | 000,072,268 | ---- | C] () -- C:\Users\Admin\Desktop\procexp.chm
[2010/12/22 19:51:10 | 001,843,055 | ---- | C] () -- C:\Users\Admin\Desktop\ProcessExplorer.zip
[2010/12/22 19:28:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/22 19:28:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/22 19:28:33 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/22 19:28:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/22 19:28:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/22 19:17:49 | 003,996,586 | R--- | C] () -- C:\Users\Admin\Desktop\ComboFix.exe
[2010/12/22 16:30:14 | 000,624,640 | ---- | C] () -- C:\Users\Admin\Desktop\dds.pif
[2010/12/22 16:29:46 | 000,624,128 | ---- | C] () -- C:\Users\Admin\Desktop\dds.scr
[2010/12/22 16:28:32 | 000,080,384 | ---- | C] () -- C:\Users\Admin\Desktop\MBRCheck.exe
[2010/12/22 16:14:01 | 000,296,448 | ---- | C] () -- C:\Users\Admin\Desktop\r2msmxm2.exe
[2010/12/22 15:43:33 | 000,020,822 | ---- | C] () -- C:\Users\Admin\Documents\cc_20101222_154331.reg
[2010/12/19 22:29:32 | 006,269,445 | ---- | C] () -- C:\Users\Admin\Desktop\GoTube_v1.2.zip
[2010/12/19 1047 | 039,131,284 | ---- | C] () -- C:\Users\Admin\Documents\UltimateRSHackTool.avi
[2010/12/19 10:55:08 | 000,110,254 | ---- | C] () -- C:\Users\Admin\Desktop\TURSH Tool.rar
[2010/12/17 21:29:37 | 413,886,464 | ---- | C] () -- C:\Users\Admin\Desktop\en_expression_web_2_x86_dvd _x14-84789.iso
[2010/12/17 21:22:30 | 000,001,105 | ---- | C] () -- C:\Users\Admin\Documents\NewsNStuff.html
[2010/12/17 20:49:24 | 000,001,274 | ---- | C] () -- C:\Users\Admin\Documents\forums.html
[2010/12/17 20:48:32 | 000,016,349 | ---- | C] () -- C:\Users\Admin\Desktop\Connectything.png
[2010/12/17 20:44:21 | 000,020,947 | ---- | C] () -- C:\Users\Admin\Desktop\wireframe1.png
[2010/12/17 20:24:26 | 000,001,013 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Wing FTP Server Admin.lnk
[2010/12/17 20:24:26 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\Wing FTP Server Admin.lnk
[2010/12/17 19:58:04 | 000,361,940 | ---- | C] () -- C:\Users\Admin\Desktop\Logos.zip
[2010/12/17 19:42:50 | 000,137,865 | ---- | C] () -- C:\Users\Admin\Documents\reallogo3.ai
[2010/12/17 19:13:55 | 000,158,451 | ---- | C] () -- C:\Users\Admin\Documents\logo2.ai
[2010/12/17 18:33:30 | 000,000,051 | ---- | C] () -- C:\Users\Admin\Documents\DDoSer.ddp
[2010/12/16 22:36:23 | 000,413,184 | ---- | C] () -- C:\Users\Admin\Documents\DDoSer2.exe
[2010/12/16 22:36:23 | 000,005,923 | ---- | C] () -- C:\Users\Admin\Documents\DDoSer.dcu
[2010/12/16 22:34:55 | 000,001,966 | ---- | C] () -- C:\Users\Admin\Documents\DDoSer2.dof
[2010/12/16 22:34:55 | 000,000,876 | ---- | C] () -- C:\Users\Admin\Documents\DDoSer2.res
[2010/12/16 22:34:55 | 000,000,434 | ---- | C] () -- C:\Users\Admin\Documents\DDoSer2.cfg
[2010/12/16 22:34:55 | 000,000,189 | ---- | C] () -- C:\Users\Admin\Documents\DDoSer2.dpr
[2010/12/16 22:34:43 | 000,002,139 | ---- | C] () -- C:\Users\Admin\Documents\DDoSer.dfm
[2010/12/16 22:34:43 | 000,001,806 | ---- | C] () -- C:\Users\Admin\Documents\DDoSer.pas
[2010/12/16 15:48:10 | 000,028,160 | ---- | C] () -- C:\Users\Admin\Desktop\something2.doc
[2010/12/15 23:36:30 | 000,001,078 | ---- | C] () -- C:\Icon.ico
[2010/12/15 23:33:23 | 000,427,008 | ---- | C] () -- C:\Users\Admin\Desktop\RS Membership Pin Generator.exe
[2010/12/15 23:30:46 | 007,622,890 | ---- | C] () -- C:\Users\Admin\Desktop\RS Membership Pin Generator.avi
[2010/12/14 23:13:46 | 021,536,264 | ---- | C] () -- C:\Users\Admin\Desktop\RSBots.net Auth Generator.avi
[2010/12/14 23:10:21 | 000,181,248 | ---- | C] () -- C:\Users\Admin\Desktop\RSBots.net Auth Generator v2.exe
[2010/12/12 14:24:44 | 011,377,398 | ---- | C] () -- C:\Users\Admin\Documents\clip0001.avi
[2010/12/12 14:23:24 | 002,576,256 | ---- | C] () -- C:\Users\Admin\Desktop\HC2Setup.exe
[2010/12/12 14:22:57 | 000,293,144 | ---- | C] () -- C:\Users\Admin\Desktop\SoftonicDownloader_for_hype rcam.exe
[2010/12/12 14:15:34 | 000,112,128 | ---- | C] () -- C:\Users\Admin\Desktop\AuthGen.exe
[2010/12/12 14:15:23 | 000,072,771 | ---- | C] () -- C:\Users\Admin\Desktop\Auth Generator FJ.rar
[2010/12/12 14:09:28 | 000,529,985 | ---- | C] () -- C:\Users\Admin\Desktop\Polymorphic Keylogger.rar
[2010/12/11 23:57:15 | 207,435,408 | ---- | C] () -- C:\Users\Admin\Desktop\Bloodline Champions Beta Installer.exe
[2010/12/11 20:00:51 | 000,353,282 | ---- | C] () -- C:\Users\Admin\Desktop\IT SHIZ.zip
[2010/12/10 15:22:41 | 000,011,492 | ---- | C] () -- C:\Users\Admin\Documents\cc_20101210_152235.reg
[2010/12/09 15:25:20 | 000,024,064 | ---- | C] () -- C:\Users\Admin\Documents\MLAPaper.doc
[2010/12/05 15:55:58 | 000,023,416 | ---- | C] () -- C:\Users\Admin\Desktop\settings.zip
[2010/12/05 15:54:52 | 031,814,770 | ---- | C] () -- C:\Users\Admin\Desktop\botclient.zip
[2010/12/05 00:09:57 | 000,133,443 | ---- | C] () -- C:\Users\Admin\Documents\logo1.ai
[2010/12/04 23:51:59 | 000,032,968 | ---- | C] () -- C:\Users\Admin\Desktop\restroom.jpg
[2010/12/04 23:26:22 | 000,000,566 | ---- | C] () -- C:\Users\Admin\Documents\Site1.html
[2010/12/04 19:47:53 | 000,013,484 | ---- | C] () -- C:\Users\Admin\Desktop\Dreamweaver_CS5-_Demonoid.com_-_9926954.5674.torrent
[2010/12/04 18:41:02 | 000,006,911 | ---- | C] () -- C:\Users\Admin\Desktop\Project+1+-+Part+2.rtf
[2010/12/04 18:40:57 | 000,001,722 | ---- | C] () -- C:\Users\Admin\Desktop\Project+1+-+Part+1.rtf
[2010/12/04 18:17:06 | 000,022,528 | ---- | C] () -- C:\Users\Admin\Desktop\Assignment1.doc
[2010/11/28 03:27:48 | 000,028,672 | ---- | C] () -- C:\Users\Admin\Documents\PersuasiveEssay1.doc
[2010/11/03 01:18:16 | 000,000,147 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\RSBot_Accounts.ini
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/22 19:35:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/09/15 23:12:50 | 000,766,602 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/29 17:53:35 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/06/07 12:00:50 | 000,000,600 | ---- | C] () -- C:\Users\Admin\AppData\Local\PUTTY.RND
[2010/06/05 18:07:53 | 000,000,063 | ---- | C] () -- C:\Windows\GTrainerSettings.ini
[2010/06/03 23:20:41 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/05/12 17:24:39 | 000,000,005 | ---- | C] () -- C:\Windows\treeskp.sys
[2010/05/12 17:01:06 | 000,000,004 | ---- | C] () -- C:\Windows\info147.sys
[2010/04/12 14:54:27 | 000,000,392 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat
[2010/03/11 19:29:36 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2010/03/03 19:00:46 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/01/23 13:28:13 | 000,688,128 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2010/01/23 13:28:12 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2010/01/14 19:18:20 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/03 0354 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 0354 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 0354 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 0354 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 0354 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 0354 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 0354 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 0354 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 0352 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 0352 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/11/07 20:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/10/08 22:38:27 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008/09/19 06:41:00 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2010/12/04 19:34:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\chc.4875E02D9FB21EE 389F73B8D1702B320485DF8CE.1
[2010/12/17 18:23:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Cisco
[2010/06/21 0315 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
[2010/03/03 22:49:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DC++
[2010/03/03 22:49:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DJJava
[2010/01/26 17:27:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FOG Downloader
[2010/03/03 22:49:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ImTOO Software Studio
[2010/05/12 22:46:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LolClient
[2010/05/08 21:16:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LolClient.F24C99354 F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/12/12 12:07:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ManyCam
[2010/03/11 19:32:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MotioninJoy
[2010/10/11 02:32:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2010/03/03 22:49:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Subversion
[2010/08/17 01:45:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SystemRequirementsL ab
[2010/04/12 14:54:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Template
[2010/05/26 16:35:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TightVNC
[2010/12/07 20:46:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2010/10/26 15:00:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\vghd
[2010/06/13 15:39:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Wizet
[2010/03/09 17:41:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\X-Chat 2
[2010/10/02 12:27:42 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/29 17:13:46 | 004,453,888 | ---- | M] () -- C:\0025 - Super Mario Advance (U)(Eurasia).gba
[2008/11/27 21:10:54 | 000,000,016 | ---- | M] () -- C:\app14.log
[2009/05/11 08:49:02 | 000,000,022 | ---- | M] () -- C:\app2.log
[2008/11/12 21:04:09 | 000,000,081 | ---- | M] () -- C:\app4.log
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/03/04 01:32:26 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/12/22 19:41:40 | 000,021,962 | ---- | M] () -- C:\ComboFix.txt
[2009/05/25 04:13:40 | 000,018,257 | ---- | M] () -- C:\devlist.txt
[2010/03/28 16:29:52 | 000,000,074 | ---- | M] () -- C:\dlbu.log
[2009/05/03 21:55:51 | 000,000,025 | ---- | M] () -- C:\Driver.10
[2009/05/25 04:11:39 | 000,000,009 | ---- | M] () -- C:\Finish.log
[2009/04/30 03:36:43 | 001,048,576 | RH-- | M] () -- C:\G60VxAS.BIN
[2010/03/03 23:20:45 | 000,203,836 | RHS- | M] () -- C:\grldr
[2010/12/22 19:25:48 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/31 01:31:52 | 000,001,078 | ---- | M] () -- C:\Icon.ico
[2009/05/25 04:04:30 | 001,553,390 | ---- | M] () -- C:\if.log
[2009/05/25 03:50:42 | 021,364,736 | ---- | M] () -- C:\inject.log
[2009/05/25 03:50:42 | 020,454,133 | ---- | M] () -- C:\inject.log.txt
[2010/12/22 16:48:28 | 000,015,990 | ---- | M] () -- C:\JavaRa.log
[2008/09/19 06:33:21 | 000,000,003 | ---- | M] () -- C:\K522.txt
[2008/08/08 02:22:19 | 000,000,030 | ---- | M] () -- C:\NERO.LOG
[2010/06/18 00:02:47 | 000,000,042 | ---- | M] () -- C:\Packet.cfg
[2010/12/22 19:25:58 | 4294,037,504 | -HS- | M] () -- C:\pagefile.sys
[2009/05/24 14:46:54 | 000,000,105 | ---- | M] () -- C:\Pass.txt
[2009/03/18 20:37:23 | 000,003,240 | ---- | M] () -- C:\Patch.LOG
[2010/06/12 22:10:20 | 000,000,250 | ---- | M] () -- C:\Pointer.cfg
[2010/03/08 22:20:46 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.001
[2010/03/08 2202 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.002
[2010/03/08 2224 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.003
[2010/03/08 2241 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.004
[2010/03/08 2257 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.005
[2010/03/08 22:22:14 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.006
[2010/03/08 22:22:30 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.007
[2010/03/08 22:22:46 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.008
[2010/03/08 22:23:06 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.009
[2010/03/08 22:23:22 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.010
[2010/03/08 22:23:37 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.011
[2010/03/08 22:23:59 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.012
[2010/03/08 22:24:14 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.013
[2010/03/08 22:24:27 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.014
[2010/03/08 22:24:42 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.015
[2010/03/08 22:24:56 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.016
[2010/03/08 22:25:12 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.017
[2010/03/08 22:25:28 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.018
[2010/03/08 22:25:46 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.019
[2010/03/08 22:26:00 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.020
[2010/03/08 22:26:16 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.021
[2010/03/08 22:26:32 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.022
[2010/03/08 22:26:46 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.023
[2010/03/08 22:27:13 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.024
[2010/03/08 22:27:33 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.025
[2010/03/08 22:27:55 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.026
[2010/03/08 22:28:11 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.027
[2010/03/08 22:28:29 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.028
[2010/03/08 22:28:47 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.029
[2010/03/08 22:29:04 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.030
[2010/03/08 22:29:28 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.031
[2010/03/08 22:29:49 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.032
[2010/03/08 22:30:05 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.033
[2010/03/08 22:30:23 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.034
[2010/03/08 22:30:41 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.035
[2010/03/08 22:30:58 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.036
[2010/03/08 22:31:22 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.037
[2010/03/08 22:31:43 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.038
[2010/03/08 22:32:01 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.039
[2010/03/08 22:32:21 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.040
[2010/03/08 22:32:43 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.041
[2010/03/08 22:33:05 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.042
[2010/03/08 22:33:28 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.043
[2010/03/08 22:33:47 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.044
[2010/03/08 22:34:03 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.045
[2010/03/08 22:34:20 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.046
[2010/03/08 22:34:44 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.047

[2010/03/08 22:35:04 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.048
[2010/03/08 22:35:23 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.049
[2010/03/08 22:35:46 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.050
[2010/03/08 22:36:05 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.051
[2010/03/08 22:36:23 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.052
[2010/03/08 22:36:43 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.053
[2010/03/08 22:37:05 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.054
[2010/03/08 22:37:27 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.055
[2010/03/08 22:37:46 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.056
[2010/03/08 22:38:05 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.057
[2010/03/08 22:38:24 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.058
[2010/03/08 22:38:45 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.059
[2010/03/08 22:39:07 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.060
[2010/03/08 22:39:30 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.061
[2010/03/08 22:39:48 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.062
[2010/03/08 22:40:07 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.063
[2010/03/08 22:40:30 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.064
[2010/03/08 22:40:51 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.065
[2010/03/08 22:41:14 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.066
[2010/03/08 22:41:34 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.067
[2010/03/08 22:41:55 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.068
[2010/03/08 22:42:15 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.069
[2010/03/08 22:42:37 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.070
[2010/03/08 22:20:50 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.071
[2010/03/08 2209 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.072
[2010/03/08 2222 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.073
[2010/03/08 2235 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.074
[2010/03/08 2247 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.075
[2010/03/08 22:22:02 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.076
[2010/03/08 22:22:16 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.077
[2010/03/08 22:22:34 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.078
[2010/03/08 22:22:49 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.079
[2010/03/08 22:23:08 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.080
[2010/03/08 22:23:26 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.081
[2010/03/08 22:23:41 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.082
[2010/03/08 22:23:56 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.083
[2010/03/08 22:24:10 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.084
[2010/03/08 22:24:23 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.085
[2010/03/08 22:24:36 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.086
[2010/03/08 22:24:52 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.087
[2010/03/08 22:25:13 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.088
[2010/03/08 22:25:31 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.089
[2010/03/08 22:25:44 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.090
[2010/03/08 22:25:56 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.091
[2010/03/08 22:26:10 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.092
[2010/03/08 22:26:27 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.093
[2010/03/08 22:26:39 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.094
[2010/03/08 22:26:52 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.095
[2010/03/08 22:27:05 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.096
[2010/03/08 22:27:23 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.097
[2010/03/08 22:27:40 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.098
[2010/03/08 22:27:59 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.099
[2010/03/08 22:28:15 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.100
[2010/03/08 22:28:32 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.101
[2010/03/08 22:28:51 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.102
[2010/03/08 22:29:09 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.103
[2010/03/08 22:29:24 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.104
[2010/03/08 22:29:40 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.105
[2010/03/08 22:29:58 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.106
[2010/03/08 22:30:15 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.107
[2010/03/08 22:30:33 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.108
[2010/03/08 22:30:49 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.109
[2010/03/08 22:31:06 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.110
[2010/03/08 22:31:18 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.111
[2010/03/08 22:31:34 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.112
[2010/03/08 22:31:48 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.113
[2010/03/08 22:32:04 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.114
[2010/03/08 22:32:18 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.115
[2010/03/08 22:32:37 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.116
[2010/03/08 22:32:50 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.117
[2010/03/08 22:33:08 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.118
[2010/03/08 22:33:25 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.119
[2010/03/08 22:33:38 | 007,340,032 | ---- | M] () -- C:\psxhaven.futurama.7z.120
[2010/03/08 22:33:49 | 003,069,177 | ---- | M] () -- C:\psxhaven.futurama.7z.121
[2010/03/08 22:33:55 | 000,031,612 | ---- | M] () -- C:\psxhaven.futurama.7z.par2
[2010/03/08 22:34:10 | 007,711,680 | ---- | M] () -- C:\psxhaven.futurama.7z.vol0+1.PAR2
[2010/03/08 22:34:23 | 007,711,680 | ---- | M] () -- C:\psxhaven.futurama.7z.vol1+1.PAR2
[2010/03/08 22:34:42 | 007,711,680 | ---- | M] () -- C:\psxhaven.futurama.7z.vol2+1.PAR2
[2010/03/08 22:35:02 | 007,711,680 | ---- | M] () -- C:\psxhaven.futurama.7z.vol3+1.PAR2
[2010/03/08 22:35:14 | 007,711,680 | ---- | M] () -- C:\psxhaven.futurama.7z.vol4+1.PAR2
[2010/03/08 22:35:20 | 000,000,904 | ---- | M] () -- C:\psxhaven.futurama.nfo
[2010/03/08 22:35:25 | 000,004,322 | ---- | M] () -- C:\psxhaven.futurama.sfv
[2010/03/08 14:28:54 | 007,340,032 | ---- | M] () -- C:\psxhaven.gow.7z.001
[2010/03/08 14:29:13 | 007,340,031 | ---- | M] () -- C:\psxhaven.gow.7z.002
[2010/03/08 14:29:32 | 007,340,032 | ---- | M] () -- C:\psxhaven.gow.7z.003
[2010/03/08 14:29:24 | 007,340,032 | ---- | M] () -- C:\psxhaven.gow.7z.071
[2009/03/30 22:04:29 | 000,000,022 | ---- | M] () -- C:\RECOVERY.DAT
[2009/05/25 03:38:16 | 000,002,000 | ---- | M] () -- C:\RHDSetup.log
[2010/08/09 18:27:17 | 000,001,346 | ---- | M] () -- C:\RodSetting.ini
[2010/06/07 21:14:20 | 000,000,027 | ---- | M] () -- C:\RodSettings.ini
[2009/05/25 03:40:03 | 000,000,209 | ---- | M] () -- C:\setup.log
[2008/09/19 06:43:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/09/19 06:43:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/05/25 02:46:44 | 000,000,166 | ---- | M] () -- C:\SumHidd.txt
[2009/05/25 02:46:19 | 000,000,098 | ---- | M] () -- C:\SumOS.txt
[2009/02/11 22:50:06 | 000,000,025 | ---- | M] () -- C:\V622.TXT
[2009/02/10 21:46:26 | 000,000,041 | ---- | M] () -- C:\WindowsLive_US.TXT
[2010/03/03 23:20:46 | 000,000,000 | RHS- | M] () -- C:\winx.ld

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008/12/05 01:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/01/15 15:17:18 | 000,000,221 | -HS- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2010/03/03 23:17:52 | 000,000,221 | -HS- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/11/24 01:04:53 | 000,112,128 | ---- | M] () -- C:\Users\Admin\Desktop\AuthGen.exe
[2010/12/22 16:57:39 | 001,775,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Admin\Desktop\avg_remover_stf_x64_2011_11 65.exe
[2010/12/12 00:01:25 | 207,435,408 | ---- | M] () -- C:\Users\Admin\Desktop\Bloodline Champions Beta Installer.exe
[2010/12/22 19:17:52 | 003,996,586 | R--- | M] () -- C:\Users\Admin\Desktop\ComboFix.exe
[2010/01/14 17:18:42 | 000,165,248 | ---- | M] (ArenaNet) -- C:\Users\Admin\Desktop\GwSetup.exe
[2010/12/12 14:23:28 | 002,576,256 | ---- | M] () -- C:\Users\Admin\Desktop\HC2Setup.exe
[2010/12/22 16:28:32 | 000,080,384 | ---- | M] () -- C:\Users\Admin\Desktop\MBRCheck.exe
[2010/12/22 19:52:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2010/11/22 10:59:04 | 004,177,272 | ---- | M] (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources) -- C:\Users\Admin\Desktop\procexp.exe
[2010/12/22 16:14:01 | 000,296,448 | ---- | M] () -- C:\Users\Admin\Desktop\r2msmxm2.exe
[2010/12/15 23:32:50 | 000,427,008 | ---- | M] () -- C:\Users\Admin\Desktop\RS Membership Pin Generator.exe
[2010/12/14 23:12:32 | 000,057,344 | ---- | M] (wtGfOUfXDSeeaDV) -- C:\Users\Admin\Desktop\RSAuthGeneratorV2.exe
[2010/12/14 23:10:21 | 000,181,248 | ---- | M] () -- C:\Users\Admin\Desktop\RSBots.net Auth Generator v2.exe
[2010/12/15 23:36:32 | 000,662,856 | ---- | M] (rFTuAkwQtFtC) -- C:\Users\Admin\Desktop\RSMemberPins.exe
[2010/01/24 12:33:03 | 000,091,656 | ---- | M] (Jagex Ltd) -- C:\Users\Admin\Desktop\RuneScape.exe
[2010/12/12 14:22:58 | 000,293,144 | ---- | M] () -- C:\Users\Admin\Desktop\SoftonicDownloader_for_hype rcam.exe
[2010/11/28 23:49:32 | 000,191,488 | ---- | M] (Team Vitalz) -- C:\Users\Admin\Desktop\TURSH Tool.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2008/10/08 22:38:27 | 000,013,022 | ---- | M] () -- C:\Windows\snp2uvc.src
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/04 11:02:14 | 000,000,402 | -HS- | M] () -- C:\Users\Admin\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
ASUS Camera ScreenSaver Uninstaller.exe
ASUS Camera ScreenSaver.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 165 bytes -> C:\ProgramData\TempFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >


OTL Extras logfile created on: 12/22/2010 7:53:11 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Admin\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 33.28 Gb Free Space | 22.33% Space Free | Partition Type: NTFS
Drive D: | 137.32 Gb Total Space | 106.49 Gb Free Space | 77.55% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Expression\Web 2\Office12\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Expression\Web 2\Office12\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{30DC3C30-719B-46A9-A4FA-BBEEEE528B65}" = Linksys EasyLink Advisor
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.4.0002
"{48B0F24F-B828-4B1A-A22E-C65454B32A7A}" = Windows Live Family Safety
"{6151cf20-0bd8-4023-a4a0-6a86dcfe58e6}" = Python 2.6.6 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18 (64-bit)
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.4.1
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AC2512D4-ED8A-4015-BF87-92478483C171}" = TortoiseSVN 1.6.6.17493 (64 bit)
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FB562550-BBE6-4298-861A-5C0A6562C272}_is1" = Revo Uninstaller Pro 2.1.5
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"Defraggler" = Defraggler
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"HitmanPro35" = Hitman Pro 3.5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Revo Uninstaller Pro Retail zoo_is1" = Revo Uninstaller Pro 2.4.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Ultravnc2_is1" = UltraVNC 1.0.8.2
"USB 2.0 UVC 1.3M WebCam" = USB 2.0 UVC 1.3M WebCam
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2208D65A-1BF9-485E-A308-1BA6CADCDC1D}" = Windows Live Movie Maker Beta
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C79DC59-6099-323B-B27B-90B45542B270}" = Google Talk Plugin
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{524C9B9A-B57F-4FEC-89BE-292202EBA44D}_is1" = Simba 1.0 Beta
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03
"{6005535D-8A83-4108-A757-E1AB9886AECA}" = Cisco AnyConnect VPN Client
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112596253}" = Galapago
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.7
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2
"{90120000-0045-0000-0000-0000000FF1CE}_XWeb_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0045-0409-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (English)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95C5F81D-0779-4932-BE83-32AAF814F4B9}" = League of Legends
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}" = LoJack Factory Installer
"{B5EDB5CB-3F59-46DC-A14B-A12274127FB1}" = MapleStory
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1CB9533-B129-40B7-9B11-BB444BF52403}" = Pure Networks Platform
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DC905847-D537-427F-BF91-47CC7ACCDE58}" = ASUS FancyStart
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF494ADD-CA7F-445C-9D04-3F0CA3B8F20F}_is1" = Wing FTP Server 3.7.2
"{DF6320E3-B716-4FAB-99CD-18AB6A2C3970}" = DJ Java Decompiler v.3.11.11.95
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E8CC51B4-F039-4A13-8C23-57661C5A90AC}" = Express Gate
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F204E2B3-225D-419D-A5DE-3F97E8ADDD1B}" = Geek Squad 24 Hour Computer Support
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"AVCPhotoStudio_Wrapper" = myPhotoMovie (remove only)
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE. 1" = Adobe Community Help
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485 DF8CE.1" = Adobe Media Player
"DC++" = DC++ 0.750
"Delphi 7 Second Edition v7.2_is1" = Delphi 7 Second Edition
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Guild Wars" = Guild Wars
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hon" = Heroes of Newerth
"HyperCam 2" = HyperCam 2
"HyperCam Toolbar" = HyperCam Toolbar
"ImTOO Video Converter Ultimate" = ImTOO Video Converter Ultimate
"InstallShield_{30DC3C30-719B-46A9-A4FA-BBEEEE528B65}" = Linksys EasyLink Advisor
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}" = LoJack Factory Installer
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"M3 GAME Manager" = M3 GAME Manager Uninstall
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"mIRC" = mIRC
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"pcsx2-r3113" = PCSX2 - Playstation 2 Emulator
"Picasa2" = Picasa 2
"PuTTY Connection Manager_is1" = PuTTY Connection Manager 0.7.1.136beta
"QuickPar" = QuickPar 0.9
"TightVNC" = TightVNC 2.0beta4
"TightVNC_is1" = TightVNC 1.3.10
"TNod User & Password Finder 1.0.0" = TNod User & Password Finder 1.0.0
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.3
"WBFS Manager 3.0" = WBFS Manager 3.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"xchat" = XChat 2 (remove only)
"XWeb" = Microsoft Expression Web 2
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"{DBFF7A38-F460-419A-A2E7-2D55BD2D9AD4}" = Dynasty Warriors 4 Hyper
"GCalc 3" = GCalc 3
"Google Chrome" = Google Chrome
"SwiftKit" = SwiftKit

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

I assume, you uninstalled AVG in order to run Combofix?
Same slowness?
PE log looks good