Jump to content

Antivirus 8 Infection


Recommended Posts

My son's laptop was infected with Antivirus 8. It acts like an antivirus program. A box opens saying that a virus/trojan has been found and wants you to install the full version of the program so it can delete the virus. My son thought it WAS his antivirus program so he clicked on it. I don't know what all happened with him, but it's not at the point where it's popping up with a "active virus detected" every few minutes. It won't let me run malwarebytes or AVG antivirus program, and I've tried trying to reinstall Malwarebytes too, but it shuts down as soon as it starts to update. The laptop is running Windows 7 Home Edition.

Link to post
Share on other sites

I looked through the articles on this site about when mbam won't run, and one of them finally worked. I renamed mbam to winlogon.com and then it ran. I updated and scanned and it found 5 files that it deleted. Now, it will let me run dds and gmer too.

MBAM log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4792

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

10/10/2010 8:54:38 PM

mbam-log-2010-10-10 (20-54-38).txt

Scan type: Full scan (C:\|)

Objects scanned: 231464

Time elapsed: 26 minute(s), 36 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 1

Memory Processes Infected:

C:\Program Files (x86)\AV8\av8.exe (Rogue.Antivirus8) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\av8 (Rogue.Antivirus8) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files (x86)\AV8 (Rogue.Antivirus8) -> Quarantined and deleted successfully.

Files Infected:

C:\Program Files (x86)\AV8\av8.exe (Rogue.Antivirus8) -> Quarantined and deleted successfully.

Running DDS: (box came up that said it couldn't find script engine "VBSCRIPT"

DDS - Notepad:

DDS (Ver_10-10-10.03) - NTFS_AMD64

Run by Derek at 21:05:13.95 on Sun 10/10/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2519 [GMT -5:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Program Files (x86)\AVG\AVG9\avgchsva.exe

C:\Program Files (x86)\AVG\AVG9\avgrsa.exe

C:\Windows\system32\lsm.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe

C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\AVG\AVG9\avgnsa.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe

C:\Windows\system32\SearchIndexer.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\AVG\AVG9\avgscana.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe

C:\Program Files (x86)\AVG\AVG9\avgui.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\ehome\ehRecvr.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Derek\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

mRun: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe

StartupFolder: C:\Users\Derek\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\Derek\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe

mRun-x64: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

mRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exe

mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe

mRun-x64: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe

mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

mRun-x64: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

AppInit_DLLs-X64: avgrssta.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-8-7 269904]

R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-8-7 35536]

R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-8-7 317520]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-7-26 35104]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-7-26 172704]

=============== Created Last 30 ================

2010-10-11 01:00:18 -------- d-----w- C:\Users\Derek\AppData\Roaming\GetRightToGo

2010-09-29 00:26:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2010-09-29 00:26:36 2048 ----a-w- C:\Windows\System32\tzres.dll

2010-09-29 00:26:25 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2010-09-29 00:26:25 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2010-09-17 18:41:29 -------- d-----w- C:\66ecb1dbd8f55bc5e35b960860f21c

2010-09-17 06:28:40 -------- d--h--w- C:\$AVG

2010-09-15 21:54:51 558592 ----a-w- C:\Windows\System32\spoolsv.exe

==================== Find3M ====================

2010-08-07 18:56:07 13048 ----a-w- C:\Windows\System32\avgrssta.dll

2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

2010-07-26 22:54:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2010-07-26 22:54:59 4062720 ----a-w- C:\Windows\System32\mf.dll

2010-07-26 22:54:59 366592 ----a-w- C:\Windows\System32\qdvd.dll

2010-07-26 22:54:59 3177472 ----a-w- C:\Windows\SysWow64\mf.dll

2010-07-26 22:54:59 206848 ----a-w- C:\Windows\System32\mfps.dll

2010-07-26 20:27:26 75 --sh--r- C:\Windows\CT4CET.bin

2010-07-26 20:11:53 455680 ----a-w- C:\Windows\System32\deployJava1.dll

2010-07-17 10:00:04 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll

============= FINISH: 21:06:09.36 ===============

Attach - Notepad

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Advanced Audio FX Engine

AVG Free 9.0

Bradford Persistent Agent

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

Dell Dock

Dell Support Center (Support Software)

Dell Webcam Central

GoToAssist 8.0.0.514

Java Auto Updater

Java 6 Update 21

Junk Mail filter update

LimeWire 5.5.13

Live! Cam Avatar Creator

Malwarebytes' Anti-Malware

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

MSVCRT

PowerDVD DX

Roxio Burn

Security Update for 2007 Microsoft Office System (KB2277947)

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for 2007 Microsoft Office System (KB982312)

Security Update for 2007 Microsoft Office System (KB982331)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB982308)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office Outlook 2007 (KB2288953)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office Publisher 2007 (KB982124)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2251419)

Skype Toolbars

Skype

Link to post
Share on other sites

Hello ,

And :lol: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)

Thanks and again sorry for the delay.

Link to post
Share on other sites

My 2nd post is where I am now. In short, the problem began with a rogue program "Antivirus 8" which would produce fake warnings that the computer was infected and prompt to scan or buy/install full version. My son had it then and he thought that it was the real thing so he clicked whatever it told him to click. I have no idea how far that went. Eventually, it was popping up fake virus alerts every minute or so. Malwarebytes and AVG anti-virus wouldn't run or download. I finally got MBAM to run by changing the name to winlogon.com. It updated, scanned and found 5 files. It scans clean now but I can't run GMER or DDS correctly b/c it says it's missing a file, so I'm assuming it's messed with the registry or something. Those logs are on post #2 unless you want me to rerun them. Here is the OTL scan that I just ran. When I first doubleclicked on it, a box popped up that said: "Access violation at address 00402975 in module 'OTL.exe'. Read of address 00BC2304." It did go ahead and scan though. Thanks very much in advance for your help!!!! :o

OTListIt.txt

OTL logfile created on: 10/11/2010 2:06:50 PM - Run 1

OTL by OldTimer - Version 3.2.15.0 Folder = C:\Users\Derek\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 289.40 Gb Total Space | 256.48 Gb Free Space | 88.62% Space Free | Partition Type: NTFS

Computer Name: DEREK-PC | User Name: Derek | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/11 13:56:52 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Derek\Desktop\OTL.exe

PRC - [2010/10/04 10:20:26 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe

PRC - [2010/08/07 13:54:50 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

PRC - [2010/02/23 17:03:40 | 002,625,248 | ---- | M] (Bradford Networks) -- C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe

PRC - [2010/02/23 17:03:38 | 003,026,656 | ---- | M] (Bradford Networks) -- C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe

PRC - [2009/12/29 16:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2009/11/02 19:24:58 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe

PRC - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

PRC - [2009/07/01 18:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

PRC - [2009/06/24 16:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

========== Modules (SafeList) ==========

MOD - [2010/10/11 13:56:52 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Derek\Desktop\OTL.exe

MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/02/26 05:03:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009/07/17 12:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 20:39:56 | 001,525,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV:64bit: - [2009/07/01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV:64bit: - [2009/03/03 05:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe -- (AESTFilters)

SRV - [2010/08/07 13:54:50 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2010/07/26 15:17:33 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2010/02/23 17:03:38 | 003,026,656 | ---- | M] (Bradford Networks) [Auto | Running] -- C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe -- (BNPagent)

SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/08/07 13:56:06 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)

DRV:64bit: - [2010/08/07 13:56:01 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)

DRV:64bit: - [2010/08/07 13:56:01 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)

DRV:64bit: - [2010/02/26 05:03:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009/12/26 18:41:32 | 000,280,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2009/08/05 11:28:36 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2009/08/05 11:28:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2009/08/05 11:28:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2009/08/05 11:28:32 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2009/07/17 12:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)

DRV:64bit: - [2009/07/17 12:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/06/03 14:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/05/20 14:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/05/08 19:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-379511473-3534282781-3527409737-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

IE - HKU\S-1-5-21-379511473-3534282781-3527409737-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1

IE - HKU\S-1-5-21-379511473-3534282781-3527409737-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[2010/08/14 13:41:46 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\Mozilla\Extensions

[2010/08/14 13:41:46 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [bncsaui.exe] C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe (Bradford Networks)

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found

O4 - Startup: C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found

O4 - Startup: C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/11 13:56:40 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\Derek\Desktop\OTL.exe

[2010/10/10 20:14:34 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Derek\Desktop\mbam-setup.exe

[2010/10/10 20:00:24 | 000,000,000 | ---D | C] -- C:\Users\Derek\Desktop\Downloads

[2010/10/10 20:00:18 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\GetRightToGo

[2010/09/17 13:41:29 | 000,000,000 | ---D | C] -- C:\66ecb1dbd8f55bc5e35b960860f21c

[2010/09/17 01:28:40 | 000,000,000 | -H-D | C] -- C:\$AVG

[2010/09/09 19:27:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\avg

[2010/09/08 16:23:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010/09/03 17:57:52 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\Psy of religion

[2010/08/31 22:14:28 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\history and issues

[2010/08/30 21:08:25 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Macrovision

[2010/08/30 21:08:12 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\PowerDVD DX

[2010/08/30 21:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink

[2010/08/24 15:14:47 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\Crim pro

[2010/08/16 22:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bradford Networks

[2010/08/14 13:41:54 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\LimeWire

[2010/08/14 13:41:46 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Mozilla

[2010/08/14 13:41:28 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\LimeWire

[2010/08/14 13:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LimeWire

[2010/08/13 21:52:31 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Malwarebytes

[2010/08/13 21:52:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/08/13 21:52:23 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/08/13 21:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/08/13 21:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/08/12 03:03:07 | 000,000,000 | ---D | C] -- C:\fa1ad16ff9b1ccdc9c0c97

[2010/08/07 13:56:06 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll

[2010/08/07 13:56:05 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys

[2010/08/07 13:56:01 | 000,269,904 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys

[2010/08/07 13:56:00 | 000,035,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys

[2010/08/07 13:56:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg

[2010/08/07 13:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG

[2010/08/07 13:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9

[2010/08/07 12:02:15 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\Old Computer

[2010/08/07 11:45:36 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\Dell WebCam Central

[2010/08/07 11:45:36 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Creative

[2010/08/07 11:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative

[2010/08/07 11:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio

[2010/08/07 11:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2010/08/07 11:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2010/08/07 11:24:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2010/08/07 11:24:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8

[2010/08/07 11:23:25 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Microsoft Help

[2010/08/07 11:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2010/08/07 11:22:45 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2010/08/04 13:51:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2010/08/04 13:35:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2010/08/04 13:35:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[2010/08/03 21:46:03 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\CyberLink

[2010/08/03 15:22:48 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Macromedia

[2010/08/03 15:22:35 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Adobe

[2010/08/03 15:09:18 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Dell

[2010/08/03 15:09:02 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Stardock_Corporation

[2010/08/03 15:08:46 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Roxio

[2010/08/03 15:08:40 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Broadcom

[2010/08/03 15:08:40 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\Bluetooth Exchange Folder

[2010/08/03 15:08:30 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\SupportSoft

[2010/08/03 15:08:11 | 000,000,000 | R--D | C] -- C:\Users\Derek\Searches

[2010/08/03 15:08:11 | 000,000,000 | -H-D | C] -- C:\Users\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2010/08/03 15:08:01 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Identities

[2010/08/03 15:07:57 | 000,000,000 | R--D | C] -- C:\Users\Derek\Contacts

[2010/08/03 15:07:54 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\VirtualStore

[2010/08/03 15:04:34 | 000,000,000 | --SD | C] -- C:\Users\Derek\AppData\Roaming\Microsoft

[2010/08/03 15:04:34 | 000,000,000 | R--D | C] -- C:\Users\Derek\Videos

[2010/08/03 15:04:34 | 000,000,000 | R--D | C] -- C:\Users\Derek\Saved Games

[2010/08/03 15:04:34 | 000,000,000 | R--D | C] -- C:\Users\Derek\Pictures

[2010/08/03 15:04:34 | 000,000,000 | R--D | C] -- C:\Users\Derek\Music

[2010/08/03 15:04:34 | 000,000,000 | R--D | C] -- C:\Users\Derek\Links

[2010/08/03 15:04:34 | 000,000,000 | R--D | C] -- C:\Users\Derek\Favorites

[2010/08/03 15:04:34 | 000,000,000 | R--D | C] -- C:\Users\Derek\Downloads

[2010/08/03 15:04:34 | 000,000,000 | R--D | C] -- C:\Users\Derek\My Documents

[2010/08/03 15:04:34 | 000,000,000 | R--D | C] -- C:\Users\Derek\Desktop

[2010/08/03 15:04:34 | 000,000,000 | -HSD | C] -- C:\Users\Derek\AppData\Local\Temporary Internet Files

[2010/08/03 15:04:34 | 000,000,000 | -HSD | C] -- C:\Users\Derek\Templates

[2010/08/03 15:04:34 | 000,000,000 | -HSD | C] -- C:\Users\Derek\Start Menu

[2010/08/03 15:04:34 | 000,000,000 | -HSD | C] -- C:\Users\Derek\SendTo

[2010/08/03 15:04:34 | 000,000,000 | -HSD | C] -- C:\Users\Derek\Recent

[2010/08/03 15:04:34 | 000,000,000 | -HSD | C] -- C:\Users\Derek\PrintHood

[2010/08/03 15:04:34 | 000,000,000 | -HSD | C] -- C:\Users\Derek\NetHood

[2010/08/03 15:04:34 | 000,000,000 | -HSD | C] -- C:\Users\Derek\Documents\My Videos

[2010/08/03 15:04:34 | 000,000,000 | -HSD | C] -- C:\Users\Derek\Documents\My Pictures

[2010/08/03 15:04:34 | 000,000,000 | -HSD | C] -- C:\Users\Derek\Documents\My Music

[2010/08/03 15:04:34 | 000,000,000 | -HSD | C] -- C:\Users\Derek\My Documents

[2010/08/03 15:04:34 | 000,000,000 | -HSD | C] -- C:\Users\Derek\Local Settings

[2010/08/03 15:04:34 | 000,000,000 | -HSD | C] -- C:\Users\Derek\AppData\Local\History

[2010/08/03 15:04:34 | 000,000,000 | -HSD | C] -- C:\Users\Derek\Cookies

[2010/08/03 15:04:34 | 000,000,000 | -HSD | C] -- C:\Users\Derek\Application Data

[2010/08/03 15:04:34 | 000,000,000 | -HSD | C] -- C:\Users\Derek\AppData\Local\Application Data

[2010/08/03 15:04:34 | 000,000,000 | -H-D | C] -- C:\Users\Derek\AppData

[2010/08/03 15:04:34 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Temp

[2010/08/03 15:04:34 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Microsoft

[2010/08/03 15:04:34 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Media Center Programs

[2010/07/26 17:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad

[2010/07/26 17:49:11 | 000,393,728 | ---- | C] (Marvell) -- C:\Windows\SysNative\drivers\yk62x64.sys

[2010/07/26 17:48:56 | 000,505,856 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys

[2010/07/26 17:48:55 | 001,472,000 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll

[2010/07/26 17:48:55 | 000,644,608 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll

[2010/07/26 17:48:55 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll

[2010/07/26 17:48:55 | 000,209,920 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\st646272.dll

[2010/07/26 17:47:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem

[2010/07/26 17:47:01 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2010/07/26 17:47:01 | 000,000,000 | ---D | C] -- C:\Drivers

[2010/07/26 17:38:51 | 000,000,000 | ---D | C] -- C:\dell

[2010/07/26 17:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\IDT

[2010/07/26 17:04:08 | 012,605,952 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idtcpl64.cpl

[2010/07/26 17:04:08 | 003,345,408 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll

[2010/07/26 17:04:08 | 000,564,224 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idt64mp1.exe

[2010/07/26 17:04:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs

[2010/07/26 17:03:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64

[2010/07/26 17:03:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang

[2010/07/26 17:02:05 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2010/07/26 17:01:49 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2010/07/26 15:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2010/07/26 15:30:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}

[2010/07/26 15:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall

[2010/07/26 15:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic

[2010/07/26 15:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared

[2010/07/26 15:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Roxio Shared

[2010/07/26 15:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine

[2010/07/26 15:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision

[2010/07/26 15:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roxio

[2010/07/26 15:27:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion

[2010/07/26 15:27:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Reallusion

[2010/07/26 15:26:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative

[2010/07/26 15:26:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Webcam

[2010/07/26 15:26:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative Live! Cam

[2010/07/26 15:25:51 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2010/07/26 15:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2010/07/26 15:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2010/07/26 15:24:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2010/07/26 15:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework

[2010/07/26 15:23:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

[2010/07/26 15:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft

[2010/07/26 15:22:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft

[2010/07/26 15:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive

[2010/07/26 15:21:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live

[2010/07/26 15:21:30 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2010/07/26 15:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live

[2010/07/26 15:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink

[2010/07/26 15:19:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield

[2010/07/26 15:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft

[2010/07/26 15:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr

[2010/07/26 15:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\supportsoft

[2010/07/26 15:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Support Center

[2010/07/26 15:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix

[2010/07/26 15:17:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

[2010/07/26 15:17:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works

[2010/07/26 15:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM

[2010/07/26 15:14:32 | 000,000,000 | ---D | C] -- C:\Intel

[2010/07/26 15:14:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information

[2010/07/26 15:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel

[2010/07/26 15:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell

[2010/07/26 15:13:50 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2010/07/26 15:13:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco

[2010/07/26 15:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Dell

[2010/07/26 15:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2010/07/26 15:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010/07/26 15:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2010/07/26 15:09:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed

[2010/07/26 15:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Inc

[2010/07/26 15:09:22 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

========== Files - Modified Within 90 Days ==========

[2010/10/11 14:08:03 | 001,310,720 | -HS- | M] () -- C:\Users\Derek\NTUSER.DAT

[2010/10/11 13:56:52 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Derek\Desktop\OTL.exe

[2010/10/11 13:24:44 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/11 13:24:44 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/11 13:23:51 | 065,970,613 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm

[2010/10/11 13:21:56 | 000,889,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/10/11 13:21:56 | 000,196,790 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/10/11 13:21:56 | 000,004,522 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/10/11 13:17:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/10/11 13:17:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/10/11 13:17:21 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/10 22:28:55 | 001,132,689 | -H-- | M] () -- C:\Users\Derek\AppData\Local\IconCache.db

[2010/10/10 21:36:04 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/10 20:50:37 | 000,293,376 | ---- | M] () -- C:\Users\Derek\Desktop\c354zjkh.exe

[2010/10/10 20:49:27 | 000,544,768 | ---- | M] () -- C:\Users\Derek\Desktop\dds.scr

[2010/10/10 20:14:34 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Derek\Desktop\mbam-setup.exe

[2010/10/02 00:17:27 | 000,005,212 | ---- | M] () -- C:\Users\Derek\Documents\02. Pitbull - Shut It Down (feat. Akon) - Copy - Shortcut.lnk

[2010/10/01 23:43:29 | 004,876,228 | ---- | M] () -- C:\Users\Derek\Documents\Roscoe Dash Ft. Soulja Boy- All The Way Turnt Up - Hiphopearly.com.mp3

[2010/10/01 23:43:17 | 006,598,992 | ---- | M] () -- C:\Users\Derek\Documents\11 - Nickelback - This Afternoon.mp3

[2010/10/01 23:40:50 | 006,288,000 | ---- | M] () -- C:\Users\Derek\Documents\Kevin Rudolf - I Made It (Cash Money Heroes) (feat Jay Sean, Birdman & Lil Wayne).mp3

[2010/10/01 23:32:37 | 005,718,971 | ---- | M] () -- C:\Users\Derek\Documents\Gorilla Zoe-Echo.mp3

[2010/10/01 23:31:51 | 004,547,951 | ---- | M] () -- C:\Users\Derek\Documents\DJ Khaled _ft. Ludacris_ Snoop Dogg_ Rick Ross _ T-Pain_ - All I Do Is Win - CurrentHipHop.com.mp3

[2010/10/01 23:30:43 | 008,997,451 | ---- | M] () -- C:\Users\Derek\Documents\Drake Feat. Trey Songz & Lil Wayne - Successful.mp3

[2010/10/01 23:29:49 | 003,830,715 | ---- | M] () -- C:\Users\Derek\Documents\Maino Ft T-Pain - All of the Above.mp3

[2010/09/26 23:50:51 | 005,856,564 | ---- | M] () -- C:\Users\Derek\Documents\David Guetta ft. Akon - Sexy Bitch.mp3

[2010/09/26 23:46:52 | 005,916,061 | ---- | M] () -- C:\Users\Derek\Documents\Akon - Right Now Na Na Na.mp3

[2010/09/26 23:46:36 | 009,463,410 | ---- | M] () -- C:\Users\Derek\Documents\Madonna Feat. Akon - Celebration (Prod. By David Guetta) (Remix) ( 2oo9 ) [ www.MzHipHop.com ](1).mp3

[2010/09/26 23:42:37 | 003,790,471 | ---- | M] () -- C:\Users\Derek\Documents\YG Pushaz - Heart Beat (New Music January 2010).mp3

[2010/09/26 23:42:27 | 002,297,253 | ---- | M] () -- C:\Users\Derek\Documents\New Boyz - Tie Me Down.mp3

[2010/09/16 01:13:47 | 000,004,608 | ---- | M] () -- C:\Users\Derek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/08 16:23:06 | 426,554,195 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/08/25 19:31:45 | 003,625,840 | ---- | M] () -- C:\Users\Derek\Documents\Stereos - Throw Your Hands Up.mp3

[2010/08/18 23:01:56 | 002,646,602 | ---- | M] () -- C:\Users\Derek\Documents\Shinedown - Second Chance.mp3

[2010/08/18 23:00:25 | 006,444,942 | ---- | M] () -- C:\Users\Derek\Documents\Owl City - Fireflies.mp3

[2010/08/18 22:58:44 | 004,946,643 | ---- | M] () -- C:\Users\Derek\Documents\Black Eyed Peas - I Gotta Feeling(1).mp3

[2010/08/18 22:53:13 | 006,483,011 | ---- | M] () -- C:\Users\Derek\Documents\Taio Cruz - Break Your Heart.mp3

[2010/08/18 22:52:14 | 004,262,357 | ---- | M] () -- C:\Users\Derek\Documents\Travis McCoy (ft[1]. Bruno Mars) - Billionaire - CurrentHipHop.com.mp3

[2010/08/18 22:48:10 | 002,935,618 | ---- | M] () -- C:\Users\Derek\Documents\B.O.B - Airplanes (feat. Hayley Williams).mp3

[2010/08/18 22:44:02 | 007,334,203 | ---- | M] () -- C:\Users\Derek\Documents\IYAZ - Replay.mp3

[2010/08/18 22:39:00 | 006,683,608 | ---- | M] () -- C:\Users\Derek\Documents\15-eminem-love_the_way_you_lie_(feat_rihanna).mp3

[2010/08/18 22:27:35 | 006,242,278 | ---- | M] () -- C:\Users\Derek\Documents\Wasted.mp3

[2010/08/18 19:45:48 | 009,123,277 | ---- | M] () -- C:\Users\Derek\Documents\Dorrough- Get Big.mp3

[2010/08/17 20:13:02 | 000,011,429 | ---- | M] () -- C:\Users\Derek\Documents\Internship.docx

[2010/08/14 21:51:01 | 005,331,152 | ---- | M] () -- C:\Users\Derek\Documents\Theory of a Deadman- Hate My Life.mp3

[2010/08/14 21:44:20 | 005,507,336 | ---- | M] () -- C:\Users\Derek\Documents\Papa Roach - Scars.mp3

[2010/08/14 20:16:28 | 005,041,252 | ---- | M] () -- C:\Users\Derek\Documents\Taio Cruz - Dynamite(1)(1).mp3

[2010/08/14 20:12:06 | 006,080,498 | ---- | M] () -- C:\Users\Derek\Documents\Dierks Bentley - 04 - I Wanna Make You Close Your Eyes.mp3

[2010/08/14 15:49:55 | 005,008,349 | ---- | M] () -- C:\Users\Derek\Documents\Bobby Brackins feat Ray J - 143 - HotNewHipHop.com(1).mp3

[2010/08/14 15:47:24 | 005,280,791 | ---- | M] () -- C:\Users\Derek\Documents\Jason Derulo - Riding Solo.mp3

[2010/08/14 13:41:57 | 000,001,865 | ---- | M] () -- C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk

[2010/08/14 13:40:53 | 000,001,919 | ---- | M] () -- C:\Users\Derek\Desktop\LimeWire 5.5.13.lnk

[2010/08/12 03:24:45 | 000,421,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/08/10 22:12:09 | 000,110,832 | ---- | M] () -- C:\Users\Derek\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/08/10 03:01:56 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini

[2010/08/08 19:51:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2010/08/07 13:56:07 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll

[2010/08/07 13:56:07 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk

[2010/08/07 13:56:06 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys

[2010/08/07 13:56:01 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys

[2010/08/07 13:56:01 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys

[2010/08/07 13:56:00 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm

[2010/08/07 11:31:20 | 000,002,645 | ---- | M] () -- C:\Users\Derek\Desktop\Microsoft Office PowerPoint 2007.lnk

[2010/08/07 11:31:08 | 000,002,693 | ---- | M] () -- C:\Users\Derek\Desktop\Microsoft Office Word 2007.lnk

[2010/08/05 21:46:44 | 000,000,000 | -H-- | M] () -- C:\Users\Derek\Documents\Default.rdp

[2010/08/03 21:46:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010/08/03 15:20:54 | 000,001,439 | ---- | M] () -- C:\Users\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/08/03 15:09:04 | 000,001,980 | ---- | M] () -- C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

[2010/08/03 15:04:34 | 000,524,288 | -HS- | M] () -- C:\Users\Derek\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms

[2010/08/03 15:04:34 | 000,524,288 | -HS- | M] () -- C:\Users\Derek\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms

[2010/08/03 15:04:34 | 000,065,536 | -HS- | M] () -- C:\Users\Derek\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf

[2010/08/03 15:04:34 | 000,000,020 | -HS- | M] () -- C:\Users\Derek\ntuser.ini

[2010/08/03 15:02:32 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2010/08/03 15:02:32 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf

[2010/07/26 17:58:13 | 000,004,854 | RH-- | M] () -- C:\dell.sdr

[2010/07/26 17:57:17 | 000,899,942 | ---- | M] () -- C:\Windows\SysNative\oem4.inf

[2010/07/26 17:48:33 | 000,004,854 | ---- | M] () -- C:\Windows\SysWow64\drivers\1028_Dell_INS_1545.mrk

[2010/07/26 17:48:33 | 000,004,854 | ---- | M] () -- C:\Windows\SysNative\drivers\1028_Dell_INS_1545.mrk

[2010/07/26 17:04:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf

[2010/07/26 15:40:32 | 001,018,442 | ---- | M] () -- C:\Windows\SysNative\chklogo6.wtl

[2010/07/26 15:27:26 | 000,000,075 | RHS- | M] () -- C:\Windows\CT4CET.bin

[2010/07/26 15:16:01 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

========== Files Created - No Company Name ==========

[2010/10/10 20:50:27 | 000,293,376 | ---- | C] () -- C:\Users\Derek\Desktop\c354zjkh.exe

[2010/10/10 20:49:27 | 000,544,768 | ---- | C] () -- C:\Users\Derek\Desktop\dds.scr

[2010/10/02 00:18:20 | 006,683,608 | ---- | C] () -- C:\Users\Derek\Documents\15-eminem-love_the_way_you_lie_(feat_rihanna).mp3

[2010/10/02 00:18:20 | 006,598,992 | ---- | C] () -- C:\Users\Derek\Documents\11 - Nickelback - This Afternoon.mp3

[2010/10/02 00:18:20 | 006,483,011 | ---- | C] () -- C:\Users\Derek\Documents\Taio Cruz - Break Your Heart.mp3

[2010/10/02 00:18:20 | 006,444,942 | ---- | C] () -- C:\Users\Derek\Documents\Owl City - Fireflies.mp3

[2010/10/02 00:18:20 | 006,242,278 | ---- | C] () -- C:\Users\Derek\Documents\Wasted.mp3

[2010/10/02 00:18:20 | 006,080,498 | ---- | C] () -- C:\Users\Derek\Documents\Dierks Bentley - 04 - I Wanna Make You Close Your Eyes.mp3

[2010/10/02 00:18:20 | 005,916,061 | ---- | C] () -- C:\Users\Derek\Documents\Akon - Right Now Na Na Na.mp3

[2010/10/02 00:18:20 | 005,856,564 | ---- | C] () -- C:\Users\Derek\Documents\David Guetta ft. Akon - Sexy Bitch.mp3

[2010/10/02 00:18:20 | 005,507,336 | ---- | C] () -- C:\Users\Derek\Documents\Papa Roach - Scars.mp3

[2010/10/02 00:18:20 | 005,331,152 | ---- | C] () -- C:\Users\Derek\Documents\Theory of a Deadman- Hate My Life.mp3

[2010/10/02 00:18:20 | 005,041,252 | ---- | C] () -- C:\Users\Derek\Documents\Taio Cruz - Dynamite(1)(1).mp3

[2010/10/02 00:18:20 | 005,008,349 | ---- | C] () -- C:\Users\Derek\Documents\Bobby Brackins feat Ray J - 143 - HotNewHipHop.com(1).mp3

[2010/10/02 00:18:20 | 004,946,643 | ---- | C] () -- C:\Users\Derek\Documents\Black Eyed Peas - I Gotta Feeling(1).mp3

[2010/10/02 00:18:20 | 004,876,228 | ---- | C] () -- C:\Users\Derek\Documents\Roscoe Dash Ft. Soulja Boy- All The Way Turnt Up - Hiphopearly.com.mp3

[2010/10/02 00:18:20 | 004,547,951 | ---- | C] () -- C:\Users\Derek\Documents\DJ Khaled _ft. Ludacris_ Snoop Dogg_ Rick Ross _ T-Pain_ - All I Do Is Win - CurrentHipHop.com.mp3

[2010/10/02 00:18:20 | 004,262,357 | ---- | C] () -- C:\Users\Derek\Documents\Travis McCoy (ft[1]. Bruno Mars) - Billionaire - CurrentHipHop.com.mp3

[2010/10/02 00:18:20 | 003,790,471 | ---- | C] () -- C:\Users\Derek\Documents\YG Pushaz - Heart Beat (New Music January 2010).mp3

[2010/10/02 00:18:20 | 003,625,840 | ---- | C] () -- C:\Users\Derek\Documents\Stereos - Throw Your Hands Up.mp3

[2010/10/02 00:18:20 | 002,935,618 | ---- | C] () -- C:\Users\Derek\Documents\B.O.B - Airplanes (feat. Hayley Williams).mp3

[2010/10/02 00:18:20 | 002,646,602 | ---- | C] () -- C:\Users\Derek\Documents\Shinedown - Second Chance.mp3

[2010/10/02 00:18:20 | 000,005,212 | ---- | C] () -- C:\Users\Derek\Documents\02. Pitbull - Shut It Down (feat. Akon) - Copy - Shortcut.lnk

[2010/10/02 00:18:19 | 009,463,410 | ---- | C] () -- C:\Users\Derek\Documents\Madonna Feat. Akon - Celebration (Prod. By David Guetta) (Remix) ( 2oo9 ) [ www.MzHipHop.com ](1).mp3

[2010/10/02 00:18:19 | 009,123,277 | ---- | C] () -- C:\Users\Derek\Documents\Dorrough- Get Big.mp3

[2010/10/02 00:18:19 | 008,997,451 | ---- | C] () -- C:\Users\Derek\Documents\Drake Feat. Trey Songz & Lil Wayne - Successful.mp3

[2010/10/02 00:18:19 | 007,334,203 | ---- | C] () -- C:\Users\Derek\Documents\IYAZ - Replay.mp3

[2010/10/02 00:18:19 | 006,288,000 | ---- | C] () -- C:\Users\Derek\Documents\Kevin Rudolf - I Made It (Cash Money Heroes) (feat Jay Sean, Birdman & Lil Wayne).mp3

[2010/10/02 00:18:19 | 005,718,971 | ---- | C] () -- C:\Users\Derek\Documents\Gorilla Zoe-Echo.mp3

[2010/10/02 00:18:19 | 005,280,791 | ---- | C] () -- C:\Users\Derek\Documents\Jason Derulo - Riding Solo.mp3

[2010/10/02 00:18:19 | 003,830,715 | ---- | C] () -- C:\Users\Derek\Documents\Maino Ft T-Pain - All of the Above.mp3

[2010/10/02 00:18:19 | 002,297,253 | ---- | C] () -- C:\Users\Derek\Documents\New Boyz - Tie Me Down.mp3

[2010/09/16 01:11:19 | 000,004,608 | ---- | C] () -- C:\Users\Derek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/08 16:23:06 | 426,554,195 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010/08/17 20:13:02 | 000,011,429 | ---- | C] () -- C:\Users\Derek\Documents\Internship.docx

[2010/08/14 13:41:57 | 000,001,865 | ---- | C] () -- C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk

[2010/08/14 13:40:53 | 000,001,919 | ---- | C] () -- C:\Users\Derek\Desktop\LimeWire 5.5.13.lnk

[2010/08/13 21:52:27 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/08/08 19:51:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2010/08/07 13:56:07 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk

[2010/08/07 13:56:00 | 065,970,613 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm

[2010/08/07 13:56:00 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm

[2010/08/07 11:31:20 | 000,002,645 | ---- | C] () -- C:\Users\Derek\Desktop\Microsoft Office PowerPoint 2007.lnk

[2010/08/07 11:31:08 | 000,002,693 | ---- | C] () -- C:\Users\Derek\Desktop\Microsoft Office Word 2007.lnk

[2010/08/05 21:46:44 | 000,000,000 | -H-- | C] () -- C:\Users\Derek\Documents\Default.rdp

[2010/08/03 21:46:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010/08/03 15:20:54 | 000,001,439 | ---- | C] () -- C:\Users\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/08/03 15:09:04 | 000,001,980 | ---- | C] () -- C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

[2010/08/03 15:04:34 | 001,310,720 | -HS- | C] () -- C:\Users\Derek\NTUSER.DAT

[2010/08/03 15:04:34 | 000,524,288 | -HS- | C] () -- C:\Users\Derek\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms

[2010/08/03 15:04:34 | 000,524,288 | -HS- | C] () -- C:\Users\Derek\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms

[2010/08/03 15:04:34 | 000,262,144 | -HS- | C] () -- C:\Users\Derek\ntuser.dat.LOG1

[2010/08/03 15:04:34 | 000,065,536 | -HS- | C] () -- C:\Users\Derek\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf

[2010/08/03 15:04:34 | 000,000,290 | ---- | C] () -- C:\Users\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2010/08/03 15:04:34 | 000,000,272 | ---- | C] () -- C:\Users\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2010/08/03 15:04:34 | 000,000,020 | -HS- | C] () -- C:\Users\Derek\ntuser.ini

[2010/08/03 15:04:34 | 000,000,000 | -HS- | C] () -- C:\Users\Derek\ntuser.dat.LOG2

[2010/07/26 17:58:13 | 000,004,854 | RH-- | C] () -- C:\dell.sdr

[2010/07/26 17:49:08 | 002,805,511 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa

[2010/07/26 17:49:08 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2010/07/26 17:49:08 | 000,982,220 | ---- | C] () -- C:\Windows\SysNative\igkrng500.bin

[2010/07/26 17:49:08 | 000,059,638 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp

[2010/07/26 17:49:08 | 000,059,372 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp

[2010/07/26 17:49:08 | 000,058,209 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp

[2010/07/26 17:49:08 | 000,004,464 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp

[2010/07/26 17:49:08 | 000,001,073 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp

[2010/07/26 17:49:07 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

[2010/07/26 17:49:07 | 000,134,592 | ---- | C] () -- C:\Windows\SysNative\igfcg500.bin

[2010/07/26 17:49:07 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2010/07/26 17:49:07 | 000,092,216 | ---- | C] () -- C:\Windows\SysNative\igfcg500m.bin

[2010/07/26 17:49:05 | 000,433,024 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2010/07/26 17:49:05 | 000,433,024 | ---- | C] () -- C:\Windows\SysNative\igcompkrng500.bin

[2010/07/26 17:48:33 | 000,004,854 | ---- | C] () -- C:\Windows\SysWow64\drivers\1028_Dell_INS_1545.mrk

[2010/07/26 17:48:33 | 000,004,854 | ---- | C] () -- C:\Windows\SysNative\drivers\1028_Dell_INS_1545.mrk

[2010/07/26 17:04:04 | 000,899,942 | ---- | C] () -- C:\Windows\SysNative\oem4.inf

[2010/07/26 17:04:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf

[2010/07/26 17:01:50 | 3190,050,816 | -HS- | C] () -- C:\hiberfil.sys

[2010/07/26 15:40:32 | 001,018,442 | ---- | C] () -- C:\Windows\SysNative\chklogo6.wtl

[2010/07/26 15:27:26 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin

[2010/07/26 15:26:40 | 000,057,656 | ---- | C] () -- C:\Windows\SysNative\drivers\FilterPC.bmp

[2010/07/26 15:26:40 | 000,024,995 | ---- | C] () -- C:\Windows\SysNative\drivers\FilterPC.jpg

[2010/07/26 15:15:43 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

[2010/07/26 15:12:50 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll

[2010/07/26 15:12:49 | 000,058,368 | ---- | C] () -- C:\Windows\SysNative\bcmwlrmt.dll

[2010/07/26 15:12:49 | 000,000,459 | ---- | C] () -- C:\Windows\SysWow64\vcredist_x64.bat

[2010/07/26 15:12:48 | 000,000,457 | ---- | C] () -- C:\Windows\SysNative\vcredist_x64.bat

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/10/10 20:04:10 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\GetRightToGo

[2010/10/11 13:19:07 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\LimeWire

[2009/07/14 00:08:49 | 000,009,876 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Extra.txt

OTL Extras logfile created on: 10/11/2010 2:06:50 PM - Run 1

OTL by OldTimer - Version 3.2.15.0 Folder = C:\Users\Derek\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 289.40 Gb Total Space | 256.48 Gb Free Space | 88.62% Space Free | Partition Type: NTFS

Computer Name: DEREK-PC | User Name: Derek | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java 6 Update 20 (64-bit)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel

Link to post
Share on other sites

Hi, your OTL log looks clean of active malware. Can you please let me know what issues you are still experiencing that point at infection (RKU/GMER do not run on a 64 bit system, so that is nothing to worry about).

Please open MBAM, look on the Logs tab and post me the log that shows the removed items.

Link to post
Share on other sites

Great! It's not displaying any problems right now, but I thought that it was just "too easy" lol so there had to be something more. Here is the log showing the infected files that were removed.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4792

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

10/10/2010 8:54:38 PM

mbam-log-2010-10-10 (20-54-38).txt

Scan type: Full scan (C:\|)

Objects scanned: 231464

Time elapsed: 26 minute(s), 36 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 1

Memory Processes Infected:

C:\Program Files (x86)\AV8\av8.exe (Rogue.Antivirus8) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\av8 (Rogue.Antivirus8) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files (x86)\AV8 (Rogue.Antivirus8) -> Quarantined and deleted successfully.

Files Infected:

C:\Program Files (x86)\AV8\av8.exe (Rogue.Antivirus8) -> Quarantined and deleted successfully.

Link to post
Share on other sites

The advantage of a 64 bit system is that it doesn't get heavily infected usually. :(

P2P WARNING

-------------------

Going over your logs I noticed that you have LimeWire installed.

[*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

Link to post
Share on other sites

It is my 23 year old son's computer. I have repeatedly told him about the dangers of Limewire. He's only had it for two months too! So, maybe this will help him understand. After several attempts, it let me run the ESET Online Scanner. There were no threats found. So, I'm assuming it's all better now??

Once again, thank you very much for your help. I had a vicious rootkit bug on my desktop this summer and I'm pretty sure you were the one who talked me through fixing it. It was a bugger and took several days to fix but you were great!! :(

Link to post
Share on other sites

Yes, I already thought your username was looking familiar. :(

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Run OTL and click the Cleanup button. Allow a reboot. This will remove all logs and tools we used.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.