Application cannot be executed. The file wuauclt.exe is infected.

[jamesnterri]

My computer was fine yesterday.  I come home today and it has become infected.  I am getting popups saying "Application cannot be executed.  The file wuauclt.exe is infected.  Do you want to activate your antivirus software now?"  I am also getting bubble type popups saying the same thing, along with a few other related messages.  When I try to open up websites, I get redirrected to various so called antivirus suites.  I am however, also getting random websites for *adult URL*, *censored*.com, *censored*.com, etc. popping up without doing anything.
I try to start troubleshooting the issue before posting, but I appear to be unable to open, install, run anything, including some of the tools that have been suggested in other threads such as SAS and Rkill.  I cannot open task manager or anything.  Pretty much every click of the mouse is met with the same message, except the name of the program I am trying to access is replacing the original wuauclt.exe.

Please help!

[jamesnterri]

The computer that is infected is running Vista.  I am posting from a netbook running XP.

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

You will probably have to download the first program on a clean computer and transfer it to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. If you can't run any step, just jump to the next one. Please let me know how you are doing or have any questions. Initially, I will need the SuperAntiSpyware, MBAM and HJT logs. Please post any logs that you can generate.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 4 different versions. If one of them won't run then download and try to run the other one.
 
Vista and Win7 users need to right click Rkill and choose Run as Administrator
 

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.exe
* Rkill.com
* Rkill.scr
* Rkill.pif

Once you've gotten one of them to run then try to immediately run the following.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.

======================================
Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

=====================================

Please download: HiJackThis to your Desktop.

• Double Click the HijackThis icon, located on your Desktop.
  
• By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
• Accept the license agreement.
• Click the Open the Misc Tools section button.
  
• Place a checkmark beside Calculate MD5 of files if possible. Then, click Back.
  
• Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
  
• Please post the log in your next reply.
  

===============================

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

[jamesnterri]

Okay, my computer was/is so badly infected I couldn't get any of the programs suggested to run initially.  I was able to boot up in safe mode and run the command line version of AVG.  The report for that scan is as follows:

AVG 9.0 Anti-Virus command line scanner
Copyright (c) 1992 - 2010 AVG Technologies
Program version 9.0.832, engine 9.0.846
Virus Database: Version 271.1.1/3051  2010-08-04

C:\boot\BCD Locked file. Not tested.
C:\boot\BCD.LOG Locked file. Not tested.
C:\Documents and Settings\ Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\ProgramData\avg9\Log\f9b1e07c-a0fb-4642-a898-14ad298dc90d Locked file. Not tested.
C:\ProgramData\Desktop\ Locked file. Not tested.
C:\ProgramData\Documents\ Locked file. Not tested.
C:\ProgramData\Favorites\ Locked file. Not tested.
C:\ProgramData\Templates\ Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\Users\Anna\AppData\Local\History\ Locked file. Not tested.
C:\settingsxx.exe\settingsxx.exe Trojan horse SHeur3.AQKO Object was moved to Virus Vault.
C:\Users\Anna\Documents\My Music\ Locked file. Not tested.
C:\Users\Anna\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Anna\Documents\My Videos\ Locked file. Not tested.
C:\Users\Anna\NetHood\ Locked file. Not tested.
C:\Users\Anna\PrintHood\ Locked file. Not tested.
C:\Users\Anna\Templates\ Locked file. Not tested.
C:\Users\Default\AppData\Local\History\ Locked file. Not tested.
C:\Users\Default\Documents\My Music\ Locked file. Not tested.
C:\Users\Default\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Default\Documents\My Videos\ Locked file. Not tested.
C:\Users\Default\NetHood\ Locked file. Not tested.
C:\Users\Default\PrintHood\ Locked file. Not tested.
C:\Users\Default\Recent\ Locked file. Not tested.
C:\Users\Default\Templates\ Locked file. Not tested.
C:\Users\James\AppData\Local\History\ Locked file. Not tested.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\360ZJ0K5\jaucnvc[2].htm Trojan horse SHeur3.AQKO Object was moved to Virus Vault.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JJBWJGL\sjnvpnidk[1].htm Trojan horse Cryptic.ASR Object was moved to Virus Vault.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGJ4T1ND\imhbjepxrz[1].htm Trojan horse Cryptic.ASR Object was moved to Virus Vault.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGJ4T1ND\jaucnvc[1].htm Trojan horse SHeur3.AQKO Object was moved to Virus Vault.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EE3Y4GGB\bsvqbwql[1].htm Trojan horse Hiloti.BA.dropper Object was moved to Virus Vault.
C:\Users\James\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Users\James\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not tested.
C:\Users\James\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not tested.
C:\Users\James\AppData\Local\sacobkre.dll Trojan horse Hiloti.BA Object was moved to Virus Vault.
C:\Users\James\AppData\Local\Temp\eomxancswr.exe Trojan horse SHeur3.AQKV Object was moved to Virus Vault.
C:\Users\James\AppData\Local\Temp\otnnhn.exe Trojan horse Cryptic.ASR Object was moved to Virus Vault.
C:\Users\James\AppData\Local\Temp\qgldko.exe Trojan horse Hiloti.BA.dropper Object was moved to Virus Vault.
C:\Users\James\AppData\Local\Temp\xomwsceran.exe Trojan horse Dropper.Generic2.AHOM Object was moved to Virus Vault.
C:\Users\James\Documents\My Music\ Locked file. Not tested.
C:\Users\James\Documents\My Pictures\ Locked file. Not tested.
C:\Users\James\Documents\My Videos\ Locked file. Not tested.
C:\Users\James\NetHood\ Locked file. Not tested.
C:\Users\James\NTUSER.DAT Locked file. Not tested.
C:\Users\James\ntuser.dat.LOG1 Locked file. Not tested.
C:\Users\James\ntuser.dat.LOG2 Locked file. Not tested.
C:\Users\James\PrintHood\ Locked file. Not tested.
C:\Users\James\Templates\ Locked file. Not tested.
C:\Users\Public\Documents\My Music\ Locked file. Not tested.
C:\Users\Public\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Public\Documents\My Videos\ Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Locked file. Not tested.
C:\Windows\System32\catroot2\edb.log Locked file. Not tested.
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS.LOG1 Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS.LOG2 Locked file. Not tested.
C:\Windows\System32\config\DEFAULT Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG1 Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG2 Locked file. Not tested.
C:\Windows\System32\config\RegBack\COMPONENTS Locked file. Not tested.
C:\Windows\System32\config\RegBack\DEFAULT Locked file. Not tested.
C:\Windows\System32\config\RegBack\SAM Locked file. Not tested.
C:\Windows\System32\config\RegBack\SECURITY Locked file. Not tested.
C:\Windows\System32\config\RegBack\SOFTWARE Locked file. Not tested.
C:\Windows\System32\config\RegBack\SYSTEM Locked file. Not tested.
C:\Windows\System32\config\SAM Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SECURITY Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SYSTEM Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG2 Locked file. Not tested.
C:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested.
D:\System Volume Information\ Locked file. Not tested.

------------------------------------------------------------
Objects scanned     : 948872
Found infections    :   11
Found PUPs          :    0
Healed infections   :   11
Healed PUPs         :    0
Warnings            :    0
-------------------------------------------------------------


After this, I was finally able to log in normaly and run rkill.  The report is as follows:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as James on 08/04/2010 at 21:48:17.


Processes terminated by Rkill or while it was running:


C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\James\AppData\Local\kcfrgvyos\wjqeobetssd.exe
C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\James\Desktop\spyware removal crap\rkill.exe


Rkill completed on 08/04/2010  at 21:48:22.


Then I ran SuperAntiSpyware.  Log file is as follows:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/04/2010 at 11:30 PM

Application Version : 4.41.1000

Core Rules Database Version : 5317
Trace Rules Database Version: 3129

Scan type       : Complete Scan
Total Scan Time : 01:32:35

Memory items scanned      : 550
Memory threats detected   : 0
Registry items scanned    : 13551
Registry threats detected : 2
File items scanned        : 182188
File threats detected     : 645

Rogue.Agent/Gen-FraudTool
   (x86) [hbvjhtxu] C:\USERS\JAMES\APPDATA\LOCAL\SNBSGSJKU\WLMEVGSTSSD.EXE
   C:\USERS\JAMES\APPDATA\LOCAL\SNBSGSJKU\WLMEVGSTSSD.EXE
   (x86) [omrdnvua] C:\USERS\JAMES\APPDATA\LOCAL\KCFRGVYOS\WJQEOBETSSD.EXE
   C:\USERS\JAMES\APPDATA\LOCAL\KCFRGVYOS\WJQEOBETSSD.EXE

Adware.Tracking Cookie
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\james@tripod[1].txt
   a.media.abcfamily.go.com [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\76NF2VC3 ]
   a.media.community.abcfamily.go.com [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\76NF2VC3 ]
   cdn4.specificclick.net [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\76NF2VC3 ]
   msntest.serving-sys.com [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\76NF2VC3 ]
   secure-us.imrworldwide.com [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\76NF2VC3 ]
   udn.specificclick.net [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\76NF2VC3 ]
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@247realmedia[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@2o7[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@adbrite[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@adecn[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@adtech[1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@advertising[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@adxpose[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@apmebf[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@atdmt[1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@burstbeacon[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@burstnet[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@casalemedia[1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@coffeecountyschools[1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@collective-media[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@doubleclick[1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@fastclick[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@imrworldwide[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@insightexpressai[1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@interclick[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@invitemedia[1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@legolas-media[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@media6degrees[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@mediaplex[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@overture[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@pointroll[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@questionmarket[1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@realmedia[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@revsci[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@ru4[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@serving-sys[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@specificclick[1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@specificmedia[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@statcounter[1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@tacoda[2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@trafficmp[1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@tribalfusion[1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@yieldmanager[1].txt
   C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\Low\anna@zedo[1].txt
   .mediaplex.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .doubleclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ehg-verizon.hitbox.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ehg-verizon.hitbox.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .hitbox.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .hitbox.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .liveperson.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .liveperson.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   sales.liveperson.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .cltomedia.info [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   adx.bidsystem.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserving.contextualmarketplace.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserving.contextualmarketplace.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .247realmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   k.v.y.cltomedia.info [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   adserver.adreactor.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cltomedia.info [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fidelity.rotator.hadj7.adjuggler.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fidelity.rotator.hadj7.adjuggler.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fidelity.rotator.hadj7.adjuggler.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   innovate.rotator.hadj7.adjuggler.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   innovate.rotator.hadj7.adjuggler.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   innovate.rotator.hadj7.adjuggler.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   k.l.y.cltomedia.info [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   tracker.infra-ad.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .apmebf.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .pointroll.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .coffeecountyschools.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .popcapgames.122.2o7.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .eyewonder.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .legolas-media.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .legolas-media.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   track.adform.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   track.adform.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   track.adform.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .burstnet.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtechus.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .bluestreak.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   d.x.i.cltomedia.info [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .nextag.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .nextag.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   metroleap.rotator.hadj7.adjuggler.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .videoegg.adbureau.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .doubleclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   j.q.i.cltomedia.info [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .walmart.112.2o7.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cms.trafficmp.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adxpose.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .edgeadx.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .lucidmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .lucidmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .lucidmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .lucidmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .lucidmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .soundclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .soundclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .soundclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ad.doubleclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ad.doubleclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .xm.xtendmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .onlinetrafficstats.in [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .onlinetrafficstats.in [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .onlinetrafficstats.in [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .onlinetrafficstats.in [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   f.w.i.cltomedia.info [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.xtendmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.xtendmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.xtendmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   *Blocked Russian URL* [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   rotator.adjuggler.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adlegend.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adlegend.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ad.yieldmanager.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ad.yieldmanager.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.adfluxmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.adfluxmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.adfluxmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   f.u.i.cltomedia.info [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   f.m.i.cltomedia.info [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   banner.adchemy.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   banner.adchemy.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   banner.adchemy.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   f.n.i.cltomedia.info [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .bannertgt.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .bannertgt.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .bannertgt.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .overture.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   metroleap.rotator.hadj7.adjuggler.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   googleads.g.doubleclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   srv.clickfuse.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .msnportal.112.2o7.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .overture.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .overture.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediaforge.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .www.burstnet.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   oasc12.247realmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.burstbeacon.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   statse.webtrendslive.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   in.getclicky.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .legolas-media.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adecn.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .yieldmanager.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .find.galegroup.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .find.galegroup.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .find.galegroup.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .usnews.122.2o7.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.burstnet.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .statcounter.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www5.addfreestats.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .statcounter.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .coffeecountyschools.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .coffeecountyschools.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .at.atwola.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .at.atwola.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   pixel.invitemedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cdn1.trafficmp.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cdn1.trafficmp.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   optimize.indieclick.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .oasn04.247realmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .oasn04.247realmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .oasn04.247realmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   stat.onestat.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   stat.onestat.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .andomedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .statcounter.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .qnsr.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .qnsr.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .qnsr.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .viacom.adbureau.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .viacom.adbureau.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .viacom.adbureau.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .viacom.adbureau.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .viacom.adbureau.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .pointroll.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediaplex.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .viacom.adbureau.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .network.realmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .questionmarket.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .questionmarket.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .bs.serving-sys.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   dc.tremormedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .burstnet.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   rotator.adjuggler.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .myroitracking.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cltomedia.info [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   u.p.j.cltomedia.info [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cltomedia.info [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cltomedia.info [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cltomedia.info [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cltomedia.info [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   citi.bridgetrack.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   citi.bridgetrack.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   citi.bridgetrack.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   citi.bridgetrack.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   network.realmedia.com [ C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   asset2.countrylife.joyeurs.com [ C:\Users\James\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M8PXHNH5 ]
   cdn4.specificclick.net [ C:\Users\James\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M8PXHNH5 ]
   convoad.technoratimedia.com [ C:\Users\James\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M8PXHNH5 ]
   core.insightexpressai.com [ C:\Users\James\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M8PXHNH5 ]
   ia.media-imdb.com [ C:\Users\James\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M8PXHNH5 ]
   media.kyte.tv [ C:\Users\James\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M8PXHNH5 ]
   media.mtvnservices.com [ C:\Users\James\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M8PXHNH5 ]
   media.oprah.com [ C:\Users\James\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M8PXHNH5 ]
   media.scanscout.com [ C:\Users\James\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M8PXHNH5 ]
   media1.break.com [ C:\Users\James\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M8PXHNH5 ]
   msnbcmedia.msn.com [ C:\Users\James\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M8PXHNH5 ]
   msntest.serving-sys.com [ C:\Users\James\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M8PXHNH5 ]
   s0.2mdn.net [ C:\Users\James\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M8PXHNH5 ]
   secure-us.imrworldwide.com [ C:\Users\James\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M8PXHNH5 ]
   static.2mdn.net [ C:\Users\James\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M8PXHNH5 ]
   track.adform.net [ C:\Users\James\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M8PXHNH5 ]
   udn.specificclick.net [ C:\Users\James\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M8PXHNH5 ]
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@247realmedia[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@2o7[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@adbrite[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@adecn[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@adinterax[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@adlegend[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@adtech[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@advertising[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@adxpose[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@amex-insights[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@andomedia[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@apmebf[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@atdmt[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@azjmp[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@bannertgt[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@bizrate[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@bluestreak[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@bravenet[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@burstbeacon[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@burstnet[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@casalemedia[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@chitika[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@clicksor[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@cltomedia[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@coffeecountyschools[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@collective-media[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@cracked[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@dealtime[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@dmtracker[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@doubleclick[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@edgeadx[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@eyewonder[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@fastclick[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@findarticles[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@findlaw[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@gostats[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@hitbox[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@hotlog[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@imrworldwide[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@insightexpressai[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@interclick[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@intermundomedia[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@invitemedia[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@kontera[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@legolas-media[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@liveperson[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@liveperson[3].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@liveperson[4].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@liveperson[5].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@liveperson[6].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@lockedonmedia[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@lucidmedia[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@media6degrees[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@mediadakine[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@mediaplex[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@myroitracking[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@nextag[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@overture[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@pointroll[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@pro-market[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@qnsr[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@questionmarket[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppD

[jamesnterri]

C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@realmedia[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@revenue[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@revsci[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@ru4[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@serving-sys[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@smartadserver[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@specificclick[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@specificmedia[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@statcounter[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@steelhousemedia[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@tacoda[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@trafficmp[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@traveladvertising[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@tribalfusion[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@tripod[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@vortexmediagroup[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@xiti[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@yadro[2].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@yieldmanager[1].txt
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\Low\james@zedo[1].txt

Rogue.SecurityTool
   C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.lnk
   C:\Users\James\Start Menu\Programs\Security Tool.lnk

Trojan.Agent/Gen-Exploit
   C:\PROGRAMDATA\UPDATE\SEUPD.EXE
   C:\USERS\JAMES\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\8JJBWJGL\JJELG[2].HTM
   C:\USERS\JAMES\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\EE3Y4GGB\JJELG[1].HTM
   C:\USERS\JAMES\APPDATA\LOCAL\TEMP\UMQKPF.EXE

Rogue.AntiMalwareDoctor
   C:\USERS\JAMES\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED\C\USERS\JAMES\APPDATA\ROAMING\147BEF124516E189E129D48920728912\NEWRELEASEVERSION70700.EXE


I then ran MBAM.  The log is as follows:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4395

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

8/5/2010 5:45:57 PM
mbam-log-2010-08-05 (17-45-57).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 309782
Time elapsed: 49 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lxolujecazuwipiq (Trojan.Agent.U) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\settingsxx.exe (Spyware.SpyEyes) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\360ZJ0K5\cgxvqksq[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JJBWJGL\aaidkfmhfa[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JJBWJGL\cgxvqksq[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Local\Temp\pmqtt.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Local\Temp\ukdoi.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\settingsxx.exe\config.bin (Spyware.SpyEyes) -> Quarantined and deleted successfully.

[jamesnterri]

Following that I ran Highjackthis.  Logs are as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:33 PM, on 8/5/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18470)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\DELL\OSD\AIO_OSD.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (filesize 75200 bytes, MD5 DC1E56092CC57FB4605B088D3DCCBF7A)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (filesize 1619296 bytes, MD5 9709500432501607C7DD32B9F2B07E1F)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (filesize 138608 bytes, MD5 09F3D779638216DBB6B8D4C1075D6A8F)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL (filesize 2210608 bytes, MD5 786DD1892B553EFE5A004AC39775C851)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (filesize 403840 bytes, MD5 D46ED7D33E847CD9E78E9F02910536B5)
O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (filesize 206088 bytes, MD5 7F053719146602A00350F8F2F69523F4)
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (filesize 506720 bytes, MD5 42304A5C69A78FEF990D94D40B26D02F)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (filesize 41760 bytes, MD5 C9EDE29F223A27873E187D9FB6045EA6)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (filesize 1067352 bytes, MD5 4DC993F947CA0E46DAF3260D78BC9A60)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (filesize 542016 bytes, MD5 4A8A49921534B030B27F16FC68FBA1DC)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (filesize 1067352 bytes, MD5 4DC993F947CA0E46DAF3260D78BC9A60)
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (filesize 506720 bytes, MD5 42304A5C69A78FEF990D94D40B26D02F)
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m (filesize 1779952 bytes, MD5 4CD6180CB65630F9D8028E9CF51CD64F)
O4 - HKLM\..\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exec:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume (filesize 288080 bytes, MD5 F8B91C91225E5CAA2B2F0370201021C0)
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" (filesize 128232 bytes, MD5 BE4C00E9BF06C136A1F63856BB7AAC5E)
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (filesize 206064 bytes, MD5 00D1FB0073B4A8BD2989EA8FF4CC792B)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" (filesize 31016 bytes, MD5 38D198A2DD54A67120040566A38103BA)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (filesize 149280 bytes, MD5 3A0647BDED81DBE0BCBB51D70B22C9E0)
O4 - HKLM\..\Run: [MSN Toolbar] "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" (filesize 240992 bytes, MD5 C4D71A917D9219C5AC69D9FF0BBAB7C8)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exeC:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime (filesize 421888 bytes, MD5 ED7A6D40B20DC34BE06F4AE196AE7D50)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" (filesize 35760 bytes, MD5 466CE40EAA865752F4930A472563E4E1)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" (filesize 948672 bytes, MD5 73BB442A717B9BB0097C243374C14A3E)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" (filesize 141624 bytes, MD5 0E284B5BB0CDD631461CE7E91DCEE3E2)
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exeC:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (filesize 1555968 bytes, MD5 5213EB5405A886A9B4FED6724C392C07)
O4 - HKCU\..\Run: [Google Update] "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c (filesize 136176 bytes, MD5 F02A533F517EB38333CB12A9E8963773)
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') (filesize 1320288 bytes, MD5 87AD1837D7826ECB5A33F1890BD48849)
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (filesize 1320288 bytes, MD5 87AD1837D7826ECB5A33F1890BD48849)
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (filesize 214360 bytes, MD5 D9335549EAE48B14FB66EFCB6FFAE736)
O4 - Global Startup: OSD Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (filesize 187224 bytes, MD5 19737BD6606A96AB311BBC87659626AC)
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (filesize 187224 bytes, MD5 19737BD6606A96AB311BBC87659626AC)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (filesize 604000 bytes, MD5 80C412B3E7304FE87C9CDB1836F0160A)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (filesize 604000 bytes, MD5 80C412B3E7304FE87C9CDB1836F0160A)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (filesize 40424 bytes, MD5 7FC19DA1DC70C78D2FBD7A1D10942051)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (filesize 542016 bytes, MD5 4A8A49921534B030B27F16FC68FBA1DC)
O13 - Gopher Prefix:
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi for Dell\CoziProtocolHandler.dll (filesize 136488 bytes, MD5 A2ECBEA25546A51A30461935D0B73ED1)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL (filesize 222512 bytes, MD5 BD25E3537B54C1BFF40335992B3686FD)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (filesize 91488 bytes, MD5 3D9895B981AFAC3CE2ABE9C0A63D949A)
O20 - Winlogon Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dllc:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exeC:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exeC:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exeC:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FAService - Sensible Vision  - c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exec:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
O23 - Service: Dell OSD Service (FOXOSDService) - Unknown owner - C:\Program Files (x86)\DELL\OSD\OSDSvr.exeC:\Program Files (x86)\DELL\OSD\OSDSvr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeC:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exeC:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exeC:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15070 bytes


And finally ran Security Check:

 Results of screen317's Security Check version 0.99.5 
 Windows Vista  (UAC is enabled)
 Out of date service pack!![/b]
 Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Disabled! 
 AVG Free 9.0   
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 HijackThis 2.0.2   
 Java(TM) 6 Update 17 
 Out of date Java installed!
 Adobe Flash Player 10.1.53.64 
Adobe Reader 9.3
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 AVG avgwdsvc.exe
 AVG avgtray.exe
````````````````````````````````
DNS Vulnerability Check:
 GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

[SuperDave]

Good work on getting the computer to boot normally.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

==================================

64 bit computers severely limits the number of tools I can use to get it cleaned. Sorry, but I'll try.

Download OTL  to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
    

=======================================

I'm not sure if this will run on your computer but please give it a try.

Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

• Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  
• Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
• Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
• It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
• Once inside the interface, do not fix anything. Click on the Report tab.
  
• Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  
• It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
• When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

[jamesnterri]

Ran HijackThis and fixed checked.

here is OTL log:

OTL logfile created on: 8/7/2010 9:05:35 AM - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\James\Desktop\spyware removal crap
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 194.84 Gb Free Space | 68.75% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 13.58 Gb Free Space | 92.71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JAMES-APT
Current User Name: James
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010/08/07 09:02:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\spyware removal crap\OTL.exe
PRC - [2010/08/04 18:37:17 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/08/04 18:37:09 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/12/08 21:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/07/07 10:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/06/24 16:31:44 | 001,942,792 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2009/06/24 16:31:44 | 000,095,496 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2009/06/24 16:31:22 | 002,368,776 | ---- | M] (Sensible Vision ) -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/08 15:00:44 | 000,516,096 | ---- | M] (Dell Corporation) -- C:\Program Files (x86)\DELL\OSD\AIO_OSD.exe
PRC - [2008/12/22 15:59:12 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\DELL\OSD\OSDSvr.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/08/07 09:02:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\spyware removal crap\OTL.exe
MOD - [2008/01/20 21:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 21:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/01/06 13:15:56 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/12/21 13:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/08/04 18:37:09 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/06/24 16:31:22 | 002,368,776 | ---- | M] (Sensible Vision ) [Auto | Running] -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/12/22 15:59:12 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DELL\OSD\OSDSvr.exe -- (FOXOSDService)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/08/04 18:37:17 | 000,317,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/08/04 18:37:15 | 000,035,536 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/08/04 18:37:07 | 000,269,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/12 11:47:46 | 000,172,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/01/06 14:03:50 | 000,028,192 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\NVAMACPI.sys -- (nvamacpi)
DRV:64bit: - [2009/01/06 13:25:52 | 000,252,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/12/21 13:34:48 | 000,022,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/12/16 11:56:52 | 001,526,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/11/28 09:31:02 | 000,015,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\FxOSDdrv64.sys -- (FXOSDDRV)
DRV:64bit: - [2008/09/24 20:36:14 | 000,238,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/03/28 19:45:26 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [FAStartup]  File not found
O4 - HKLM..\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.159.64.23 24.159.64.20 24.176.125.6
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi for Dell\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{31d77cd1-3cef-11df-83de-0024e8133572}\Shell\AutoRun\command - "" = G:\Recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\Bcuzz.exe -- File not found
O33 - MountPoints2\{31d77cd1-3cef-11df-83de-0024e8133572}\Shell\open\command - "" = G:\Recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\Bcuzz.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010/08/05 17:53:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/08/05 16:49:32 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Malwarebytes
[2010/08/05 16:49:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/05 16:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/05 16:49:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/04 20:55:56 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/08/04 18:24:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/08/04 18:24:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/08/04 18:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/08/04 18:15:13 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\spyware removal crap
[2010/08/04 18:09:30 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\SUPERAntiSpyware.com
[2010/08/04 18:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/04 18:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/08/04 18:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/04 15:57:26 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\kcfrgvyos
[2010/08/04 15:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/08/04 15:57:11 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\snbsgsjku
[2010/08/04 15:53:25 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Acoustica
[2010/08/04 15:53:22 | 000,057,344 | ---- | C] (NexiTech, Inc.) -- C:\Windows\SysWow64\Wnaspint.dll
[2010/08/04 15:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Acoustica
[2010/07/29 14:14:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/07/29 03:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/07/28 21:55:53 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\BleedingCowboys[1]
[2010/07/28 21:40:51 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Avery
[2010/07/28 20:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avery Dennison
[2010/07/28 20:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Avery
[2010/07/14 16:18:06 | 000,393,216 | ---- | C] (Native Instruments Software GmbH) -- C:\Windows\SysWow64\NI_IRC_1_1.dll
[2010/07/14 16:18:06 | 000,393,216 | ---- | C] (Native Instruments Software GmbH) -- C:\Windows\SysWow64\NI_IRC_1_0_3.dll
[2010/07/14 16:18:06 | 000,061,440 | ---- | C] (Native Instruments Software GmbH) -- C:\Windows\SysWow64\NI_DFD_1_4.dll
[2010/07/14 16:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Native Instruments
[2010/07/14 16:17:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Finale GPO 2.0
[2010/07/14 16:14:39 | 000,000,000 | ---D | C] -- C:\Psfonts
[2010/07/14 16:13:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My SmartMusic
[2010/07/14 16:13:55 | 000,000,000 | ---D | C] -- C:\My Documents
[2010/07/14 16:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\MakeMusic
[2010/07/14 16:13:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartMusic 9
[2010/07/14 16:13:36 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010/07/14 16:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Finale 2007
[2010/07/14 13:36:47 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\DCIM
[2010/06/28 13:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/28 13:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/28 12:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/28 12:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/28 12:54:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2010/06/14 20:50:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/06/14 20:49:59 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\uTorrent
[2010/06/13 01:23:05 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Google
[2010/06/13 01:22:53 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Deployment
[2010/06/13 01:22:53 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Apps
[2010/05/21 04:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/05/13 16:35:25 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\Softball
 
========== Files - Modified Within 90 Days ==========
 
[2010/08/07 09:05:38 | 001,835,008 | -HS- | M] () -- C:\Users\James\NTUSER.DAT
[2010/08/07 09:01:59 | 063,040,759 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/08/07 08:55:56 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/07 08:55:56 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/07 08:55:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/07 08:55:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/07 08:55:41 | 1878,249,472 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/06 20:33:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3623049184-4265544790-1677474580-1000UA.job
[2010/08/06 18:19:33 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7BB1E196-9927-458B-A486-233FEF568D24}.job
[2010/08/06 14:33:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3623049184-4265544790-1677474580-1000Core.job
[2010/08/05 17:53:23 | 000,001,930 | ---- | M] () -- C:\Users\James\Desktop\HijackThis.lnk
[2010/08/05 17:47:53 | 000,524,288 | -HS- | M] () -- C:\Users\James\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/08/05 17:47:53 | 000,065,536 | -HS- | M] () -- C:\Users\James\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/08/05 17:47:12 | 002,809,890 | -H-- | M] () -- C:\Users\James\AppData\Local\IconCache.db
[2010/08/05 16:49:21 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/04 20:28:41 | 000,000,680 | ---- | M] () -- C:\Users\James\AppData\Local\d3d9caps.dat
[2010/08/04 18:37:17 | 000,317,520 | ---- | M] () -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/08/04 18:37:15 | 000,035,536 | ---- | M] () -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/08/04 18:37:15 | 000,013,048 | ---- | M] () -- C:\Windows\SysNative\avgrssta.dll
[2010/08/04 18:37:07 | 000,269,904 | ---- | M] () -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/08/04 18:24:43 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/08/04 18:24:43 | 000,001,691 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/08/04 18:24:41 | 000,492,629 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg
[2010/08/04 18:24:41 | 000,142,495 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010/08/04 18:24:40 | 006,061,540 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg
[2010/08/04 18:09:26 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/04 18:07:02 | 000,020,257 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/08/04 16:35:54 | 000,002,858 | ---- | M] () -- C:\Users\James\AppData\Local\ebujosif.dll
[2010/08/04 16:00:54 | 000,002,858 | ---- | M] () -- C:\Users\James\AppData\Local\onuvoqulic.dll
[2010/08/03 03:19:48 | 000,529,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/02 20:21:47 | 000,011,522 | ---- | M] () -- C:\Users\James\Documents\personal finance summary.docx
[2010/08/02 19:48:20 | 000,013,365 | ---- | M] () -- C:\Users\James\Documents\Roster -- Period 6 - Spanish 2.xlsx
[2010/08/02 19:46:45 | 000,013,394 | ---- | M] () -- C:\Users\James\Documents\Roster -- Period 5 - Spanish 2.xlsx
[2010/08/02 19:43:31 | 000,013,212 | ---- | M] () -- C:\Users\James\Documents\Roster -- Period 3 - Spanish 1 Honors.xlsx
[2010/08/02 19:43:22 | 000,012,812 | ---- | M] () -- C:\Users\James\Documents\Roster -- Period 4 - Spanish 1 Honors.xlsx
[2010/08/02 19:40:54 | 000,013,464 | ---- | M] () -- C:\Users\James\Documents\Roster -- Period 2 - Spanish 2.xlsx
[2010/08/02 19:38:33 | 000,016,164 | ---- | M] () -- C:\Users\James\Documents\Roster -- Period 1 - Spanish 2.xlsx
[2010/08/02 06:43:33 | 000,025,526 | ---- | M] () -- C:\Users\James\Documents\Marriage Paper.docx
[2010/08/01 22:47:10 | 000,013,167 | ---- | M] () -- C:\Users\James\Documents\Marriage Paper Works Cited.docx
[2010/08/01 22:00:27 | 000,014,865 | ---- | M] () -- C:\Users\James\Documents\CJAss8.docx
[2010/08/01 09:53:19 | 000,013,824 | ---- | M] () -- C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/01 09:47:47 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/01 09:47:47 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/01 09:47:47 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/30 20:18:00 | 000,014,166 | ---- | M] () -- C:\Users\James\Documents\Marriage Paper References.docx
[2010/07/29 17:24:10 | 000,161,128 | ---- | M] () -- C:\Users\James\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/29 08:09:20 | 000,011,519 | ---- | M] () -- C:\Users\James\Documents\Edvard Munch.docx
[2010/07/29 07:42:33 | 005,581,824 | ---- | M] () -- C:\Users\James\Documents\Beer Shirt.zdl
[2010/07/28 13:33:44 | 000,010,984 | ---- | M] () -- C:\Users\James\Documents\Art Tattoos.docx
[2010/07/28 02:33:42 | 000,002,044 | ---- | M] () -- C:\Users\James\Desktop\Google Chrome.lnk
[2010/07/28 02:33:42 | 000,002,006 | ---- | M] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/27 17:14:04 | 000,023,238 | ---- | M] () -- C:\Users\James\Documents\Copy of Bill Tracker.xlsx
[2010/07/26 16:26:45 | 000,011,170 | ---- | M] () -- C:\Users\James\Documents\Leonardo da Vinci.docx
[2010/07/25 20:55:55 | 000,014,068 | ---- | M] () -- C:\Users\James\Documents\CJAss7.docx
[2010/07/22 16:34:19 | 000,010,366 | ---- | M] () -- C:\Users\James\Documents\ash's transcript.docx
[2010/07/21 21:02:25 | 000,011,388 | ---- | M] () -- C:\Users\James\Documents\Cheer Uniform Numbers.xlsx
[2010/07/21 21:01:33 | 000,171,275 | ---- | M] () -- C:\Users\James\Documents\Nok Art.docx
[2010/07/20 22:14:23 | 000,135,433 | ---- | M] () -- C:\Users\James\Documents\African Art.docx
[2010/07/20 20:33:48 | 000,264,876 | ---- | M] () -- C:\Users\James\Documents\Car Ins Quote.docx
[2010/07/20 14:50:02 | 000,002,044 | ---- | M] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2010/07/17 19:38:33 | 000,012,643 | ---- | M] () -- C:\Users\James\Documents\CJAss6.docx
[2010/07/17 07:35:11 | 000,011,361 | ---- | M] () -- C:\Users\James\Documents\Rush Plans 2010.docx
[2010/07/14 22:07:17 | 000,024,576 | ---- | M] () -- C:\Users\James\Documents\TEST OUTLINE-Sp2 L2-U4.doc
[2010/07/14 22:07:00 | 000,038,400 | ---- | M] () -- C:\Users\James\Documents\vocab Unidad 4-L1 and L2 Sp2.doc
[2010/07/14 22:06:37 | 000,027,136 | ---- | M] () -- C:\Users\James\Documents\nflw poster contest and ex credit poster info 2009.doc
[2010/07/14 22:05:49 | 000,028,672 | ---- | M] () -- C:\Users\James\Documents\Avanc 2 LP Pra. 1 gustar iop's ser.doc
[2010/07/14 22:05:30 | 000,029,184 | ---- | M] () -- C:\Users\James\Documents\Preterite formation-car-gar-zar.doc
[2010/07/14 22:05:11 | 000,025,600 | ---- | M] () -- C:\Users\James\Documents\adjective agreement worksheet-span 1.doc
[2010/07/14 22:04:41 | 000,028,160 | ---- | M] () -- C:\Users\James\Documents\verb chart-verbs irreg in yo.doc
[2010/07/14 22:04:22 | 000,026,624 | ---- | M] () -- C:\Users\James\Documents\verb conjugation blanks with heading.doc
[2010/07/14 22:03:46 | 000,035,840 | ---- | M] () -- C:\Users\James\Documents\vocab Unidad 2-L1 and L2-Sp2.doc
[2010/07/14 22:03:32 | 000,028,672 | ---- | M] () -- C:\Users\James\Documents\vocab Unidad 3-L1 and L2 Sp2.doc
[2010/07/14 22:02:44 | 000,031,232 | ---- | M] () -- C:\Users\James\Documents\vocab Unidad 1-L1 and L2-Sp2.doc
[2010/07/14 22:02:21 | 000,029,184 | ---- | M] () -- C:\Users\James\Documents\Avancemos 2 vocab lección preliminar p. 29.doc
[2010/07/14 21:55:28 | 000,027,648 | ---- | M] () -- C:\Users\James\Documents\vocab Unidad 4-L1 and L2- Sp 1.doc
[2010/07/14 21:55:14 | 000,030,208 | ---- | M] () -- C:\Users\James\Documents\vocab Unidad 3-L1 and L2-Sp1.doc
[2010/07/14 21:54:35 | 000,031,744 | ---- | M] () -- C:\Users\James\Documents\vocab Unidad 2-L1 and L2-Sp1.doc
[2010/07/14 21:54:11 | 000,029,184 | ---- | M] () -- C:\Users\James\Documents\vocab Unidad 1-L1 and L2-Sp1.doc
[2010/07/14 21:53:26 | 000,031,232 | ---- | M] () -- C:\Users\James\Documents\avancemos 1-vocab leccion preliminar.doc
[2010/07/14 16:14:40 | 000,001,776 | ---- | M] () -- C:\Users\Public\Desktop\SmartMusic 9.lnk
[2010/07/14 16:13:53 | 000,000,219 | ---- | M] () -- C:\Windows\winiini.fin
[2010/07/14 16:13:33 | 000,001,755 | ---- | M] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Finale 2007.lnk
[2010/07/14 16:13:33 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\Finale 2007.lnk
[2010/07/11 23:04:59 | 000,010,900 | ---- | M] () -- C:\Users\James\Documents\Chartres.docx
[2010/07/11 22:16:11 | 000,012,093 | ---- | M] () -- C:\Users\James\Documents\CJAss5.docx
[2010/07/01 10:16:55 | 000,014,477 | ---- | M] () -- C:\Users\James\Documents\Compare and Contrast.docx
[2010/06/30 16:05:34 | 000,011,694 | ---- | M] () -- C:\Users\James\Documents\George Segal.docx
[2010/06/30 15:21:14 | 000,013,365 | ---- | M] () -- C:\Users\James\Documents\CJAss4.docx
[2010/06/29 20:06:21 | 000,013,458 | ---- | M] () -- C:\Users\James\Documents\Nutrition Paper.docx
[2010/06/29 09:59:39 | 000,012,108 | ---- | M] () -- C:\Users\James\Documents\Cash Flow.docx
[2010/06/29 09:40:09 | 000,022,204 | ---- | M] () -- C:\Users\James\Documents\Wellness Physical Activity Results for jpetersen.docx
[2010/06/29 09:30:11 | 000,023,010 | ---- | M] () -- C:\Users\James\Documents\Wellness 2005 Dietary Guidelines.docx
[2010/06/28 13:05:03 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/28 12:54:35 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/06/28 12:54:35 | 000,001,866 | ---- | M] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/25 11:31:27 | 000,012,524 | ---- | M] () -- C:\Users\James\Documents\CJAss3.docx
[2010/06/23 14:20:05 | 000,011,276 | ---- | M] () -- C:\Users\James\Documents\Maurice Sendak.docx
[2010/06/21 14:02:14 | 000,010,961 | ---- | M] () -- C:\Users\James\Documents\Judy Baca.docx
[2010/06/20 10:17:23 | 000,010,127 | ---- | M] () -- C:\Users\James\Documents\Marriage and Family Research Topic.docx
[2010/06/17 19:32:43 | 000,010,880 | ---- | M] () -- C:\Users\James\Documents\Claes Oldenburg.docx
[2010/06/16 17:48:46 | 000,000,162 | -H-- | M] () -- C:\Users\James\Documents\~$aes Oldenburg.docx
[2010/06/15 15:19:00 | 000,011,944 | ---- | M] () -- C:\Users\James\Documents\CJAss2.docx
[2010/06/15 13:50:45 | 000,012,596 | ---- | M] () -- C:\Users\James\Documents\What is art.docx
[2010/06/10 12:10:13 | 000,012,996 | ---- | M] () -- C:\Users\James\Documents\CJAss1.docx
[2010/06/10 10:51:35 | 000,160,976 | ---- | M] () -- C:\Users\James\Documents\Bonnaroo work schedule B11 with camping list.xlsx
[2010/06/09 20:58:44 | 000,014,855 | ---- | M] () -- C:\Users\James\Documents\Booth B-1 Schedule_Bonnaroo_2010.xlsx
[2010/06/08 21:23:23 | 000,014,717 | ---- | M] () -- C:\Users\James\Documents\Booth B-1 Schedule_Bonnaroo_2010 original.xlsx
[2010/06/08 21:21:40 | 000,159,556 | ---- | M] () -- C:\Users\James\Documents\Bonnaroo work schedule B11 original.xlsx
[2010/06/08 15:53:28 | 000,011,645 | ---- | M] () -- C:\Users\James\Documents\Käthe Kollwitz.docx
[2010/06/06 19:00:33 | 000,184,351 | ---- | M] () -- C:\Users\James\Documents\Bonnaroo check-in info.docx
[2010/06/03 15:11:43 | 000,157,672 | ---- | M] () -- C:\Users\James\Documents\Bonnaroo work schedule_hello kitty(1).xlsx
[2010/06/01 19:24:03 | 000,205,450 | ---- | M] () -- C:\Users\James\Documents\Bonnaroo work schedule(1).xlsx
[2010/05/31 11:25:11 | 000,017,559 | ---- | M] () -- C:\Users\James\Documents\Booth B11 Roster.xlsx
[2010/05/26 11:53:52 | 000,048,128 | ---- | M] () -- C:\Windows\SysNative\atmlib.dll
[2010/05/26 09:56:53 | 000,366,080 | ---- | M] () -- C:\Windows\SysNative\atmfd.dll
[2010/05/19 22:57:25 | 000,017,597 | ---- | M] () -- C:\Users\James\Documents\Booth B1 Roster.xlsx
[2010/05/18 16:55:18 | 000,119,584 | ---- | M] () -- C:\Windows\SysNative\dns-sd.exe
[2010/05/18 16:55:18 | 000,095,520 | ---- | M] () -- C:\Windows\SysNative\dnssd.dll
 
========== Files Created - No Company Name ==========
 
[2010/08/05 17:53:23 | 000,001,930 | ---- | C] () -- C:\Users\James\Desktop\HijackThis.lnk
[2010/08/05 16:49:21 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/05 16:49:17 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/04 21:46:08 | 1878,249,472 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/04 18:37:15 | 000,013,048 | ---- | C] () -- C:\Windows\SysNative\avgrssta.dll
[2010/08/04 18:24:43 | 063,040,759 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/08/04 18:24:43 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/08/04 18:24:43 | 000,001,691 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/08/04 18:24:41 | 000,492,629 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg
[2010/08/04 18:24:41 | 000,317,520 | ---- | C] () -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/08/04 18:24:41 | 000,269,904 | ---- | C] () -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/08/04 18:24:41 | 000,142,495 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010/08/04 18:24:41 | 000,035,536 | ---- | C] () -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/08/04 18:24:40 | 006,061,540 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg
[2010/08/04 18:09:26 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/04 16:35:54 | 000,002,858 | ---- | C] () -- C:\Users\James\AppData\Local\ebujosif.dll
[2010/08/04 16:00:53 | 000,002,858 | ---- | C] () -- C:\Users\James\AppData\Local\onuvoqulic.dll
[2010/08/02 22:52:05 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/08/02 20:21:46 | 000,011,522 | ---- | C] () -- C:\Users\James\Documents\personal finance summary.docx
[2010/08/02 17:18:15 | 000,013,365 | ---- | C] () -- C:\Users\James\Documents\Roster -- Period 6 - Spanish 2.xlsx
[2010/08/02 17:16:02 | 000,013,394 | ---- | C] () -- C:\Users\James\Documents\Roster -- Period 5 - Spanish 2.xlsx
[2010/08/02 17:13:42 | 000,012,812 | ---- | C] () -- C:\Users\James\Documents\Roster -- Period 4 - Spanish 1 Honors.xlsx
[2010/08/02 17:11:21 | 000,013,212 | ---- | C] () -- C:\Users\James\Documents\Roster -- Period 3 - Spanish 1 Honors.xlsx
[2010/08/02 17:08:14 | 000,013,464 | ---- | C] () -- C:\Users\James\Documents\Roster -- Period 2 - Spanish 2.xlsx
[2010/08/02 17:04:16 | 000,016,164 | ---- | C] () -- C:\Users\James\Documents\Roster -- Period 1 - Spanish 2.xlsx
[2010/08/01 18:10:38 | 000,013,167 | ---- | C] () -- C:\Users\James\Documents\Marriage Paper Works Cited.docx
[2010/08/01 12:16:54 | 000,014,865 | ---- | C] () -- C:\Users\James\Documents\CJAss8.docx
[2010/07/29 08:35:41 | 000,014,166 | ---- | C] () -- C:\Users\James\Documents\Marriage Paper References.docx
[2010/07/29 08:35:30 | 000,025,526 | ---- | C] () -- C:\Users\James\Documents\Marriage Paper.docx
[2010/07/29 08:09:20 | 000,011,519 | ---- | C] () -- C:\Users\James\Documents\Edvard Munch.docx
[2010/07/29 07:42:32 | 005,581,824 | ---- | C] () -- C:\Users\James\Documents\Beer Shirt.zdl
[2010/07/28 13:33:42 | 000,010,984 | ---- | C] () -- C:\Users\James\Documents\Art Tattoos.docx
[2010/07/25 20:45:00 | 000,014,068 | ---- | C] () -- C:\Users\James\Documents\CJAss7.docx
[2010/07/22 16:34:18 | 000,010,366 | ---- | C] () -- C:\Users\James\Documents\ash's transcript.docx
[2010/07/20 22:14:23 | 000,135,433 | ---- | C] () -- C:\Users\James\Documents\African Art.docx
[2010/07/20 20:33:46 | 000,264,876 | ---- | C] () -- C:\Users\James\Documents\Car Ins Quote.docx
[2010/07/20 14:50:02 | 000,002,044 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2010/07/19 22:05:32 | 000,171,275 | ---- | C] () -- C:\Users\James\Documents\Nok Art.docx
[2010/07/17 08:54:23 | 000,012,643 | ---- | C] () -- C:\Users\James\Documents\CJAss6.docx
[2010/07/16 12:19:09 | 000,011,388 | ---- | C] () -- C:\Users\James\Documents\Cheer Uniform Numbers.xlsx
[2010/07/15 17:22:05 | 000,011,361 | ---- | C] () -- C:\Users\James\Documents\Rush Plans 2010.docx
[2010/07/14 22:07:17 | 000,024,576 | ---- | C] () -- C:\Users\James\Documents\TEST OUTLINE-Sp2 L2-U4.doc
[2010/07/14 22:06:59 | 000,038,400 | ---- | C] () -- C:\Users\James\Documents\vocab Unidad 4-L1 and L2 Sp2.doc
[2010/07/14 22:06:37 | 000,027,136 | ---- | C] () -- C:\Users\James\Documents\nflw poster contest and ex credit poster info 2009.doc
[2010/07/14 22:05:48 | 000,028,672 | ---- | C] () -- C:\Users\James\Documents\Avanc 2 LP Pra. 1 gustar iop's ser.doc
[2010/07/14 22:05:30 | 000,029,184 | ---- | C] () -- C:\Users\James\Documents\Preterite formation-car-gar-zar.doc
[2010/07/14 22:05:11 | 000,025,600 | ---- | C] () -- C:\Users\James\Documents\adjective agreement worksheet-span 1.doc
[2010/07/14 22:04:41 | 000,028,160 | ---- | C] () -- C:\Users\James\Documents\verb chart-verbs irreg in yo.doc
[2010/07/14 22:04:22 | 000,026,624 | ---- | C] () -- C:\Users\James\Documents\verb conjugation blanks with heading.doc
[2010/07/14 22:03:32 | 000,028,672 | ---- | C] () -- C:\Users\James\Documents\vocab Unidad 3-L1 and L2 Sp2.doc
[2010/07/14 22:03:06 | 000,035,840 | ---- | C] () -- C:\Users\James\Documents\vocab Unidad 2-L1 and L2-Sp2.doc
[2010/07/14 22:02:44 | 000,031,232 | ---- | C] () -- C:\Users\James\Documents\vocab Unidad 1-L1 and L2-Sp2.doc
[2010/07/14 22:02:21 | 000,029,184 | ---- | C] () -- C:\Users\James\Documents\Avancemos 2 vocab lección preliminar p. 29.doc
[2010/07/14 21:55:27 | 000,027,648 | ---- | C] () -- C:\Users\James\Documents\vocab Unidad 4-L1 and L2- Sp 1.doc
[2010/07/14 21:55:14 | 000,030,208 | ---- | C] () -- C:\Users\James\Documents\vocab Unidad 3-L1 and L2-Sp1.doc
[2010/07/14 21:54:34 | 000,031,744 | ---- | C] () -- C:\Users\James\Documents\vocab Unidad 2-L1 and L2-Sp1.doc
[2010/07/14 21:54:11 | 000,029,184 | ---- | C] () -- C:\Users\James\Documents\vocab Unidad 1-L1 and L2-Sp1.doc
[2010/07/14 21:53:25 | 000,031,232 | ---- | C] () -- C:\Users\James\Documents\avancemos 1-vocab leccion preliminar.doc
[2010/07/14 21:21:33 | 000,011,170 | ---- | C] () -- C:\Users\James\Documents\Leonardo da Vinci.docx
[2010/07/14 16:14:40 | 000,001,776 | ---- | C] () -- C:\Users\Public\Desktop\SmartMusic 9.lnk
[2010/07/14 16:13:53 | 000,000,219 | ---- | C] () -- C:\Windows\winiini.fin
[2010/07/14 16:13:33 | 000,001,755 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Finale 2007.lnk
[2010/07/14 16:13:33 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\Finale 2007.lnk
[2010/07/11 23:04:59 | 000,010,900 | ---- | C] () -- C:\Users\James\Documents\Chartres.docx
[2010/07/11 21:31:41 | 000,012,093 | ---- | C] () -- C:\Users\James\Documents\CJAss5.docx
[2010/07/01 09:32:06 | 000,014,477 | ---- | C] () -- C:\Users\James\Documents\Compare and Contrast.docx
[2010/06/30 15:28:04 | 000,011,694 | ---- | C] () -- C:\Users\James\Documents\George Segal.docx
[2010/06/29 19:17:31 | 000,013,458 | ---- | C] () -- C:\Users\James\Documents\Nutrition Paper.docx
[2010/06/29 15:10:19 | 000,013,365 | ---- | C] () -- C:\Users\James\Documents\CJAss4.docx
[2010/06/29 09:40:09 | 000,022,204 | ---- | C] () -- C:\Users\James\Documents\Wellness Physical Activity Results for jpetersen.docx
[2010/06/29 09:30:10 | 000,023,010 | ---- | C] () -- C:\Users\James\Documents\Wellness 2005 Dietary Guidelines.docx
[2010/06/28 13:05:03 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/28 12:54:35 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/06/28 12:54:35 | 000,001,866 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/25 11:31:26 | 000,012,524 | ---- | C] () -- C:\Users\James\Documents\CJAss3.docx
[2010/06/23 14:05:42 | 000,011,276 | ---- | C] () -- C:\Users\James\Documents\Maurice Sendak.docx
[2010/06/23 03:01:09 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/23 03:01:09 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/06/23 03:01:09 | 000,100,352 | ---- | C] () -- C:\Windows\SysNative\Mpeg2Data.ax
[2010/06/23 03:01:09 | 000,073,216 | ---- | C] () -- C:\Windows\SysNative\MSDvbNP.ax
[2010/06/23 03:01:03 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/06/23 03:

[jamesnterri]

[2010/06/23 03:01:03 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/06/23 03:01:01 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/06/23 03:01:01 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/06/23 03:00:38 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/06/23 03:00:38 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/06/23 03:00:38 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/23 03:00:38 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/23 03:00:38 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/06/22 18:56:28 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/06/22 18:56:26 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/06/20 10:17:21 | 000,010,127 | ---- | C] () -- C:\Users\James\Documents\Marriage and Family Research Topic.docx
[2010/06/18 18:22:55 | 000,010,961 | ---- | C] () -- C:\Users\James\Documents\Judy Baca.docx
[2010/06/17 16:15:12 | 000,012,108 | ---- | C] () -- C:\Users\James\Documents\Cash Flow.docx
[2010/06/16 17:48:46 | 000,000,162 | -H-- | C] () -- C:\Users\James\Documents\~$aes Oldenburg.docx
[2010/06/16 17:48:45 | 000,010,880 | ---- | C] () -- C:\Users\James\Documents\Claes Oldenburg.docx
[2010/06/15 15:18:59 | 000,011,944 | ---- | C] () -- C:\Users\James\Documents\CJAss2.docx
[2010/06/15 13:35:16 | 000,012,596 | ---- | C] () -- C:\Users\James\Documents\What is art.docx
[2010/06/13 01:24:53 | 000,002,044 | ---- | C] () -- C:\Users\James\Desktop\Google Chrome.lnk
[2010/06/13 01:24:53 | 000,002,006 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/06/13 01:23:07 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3623049184-4265544790-1677474580-1000UA.job
[2010/06/13 01:23:06 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3623049184-4265544790-1677474580-1000Core.job
[2010/06/09 17:37:10 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/06/09 17:37:08 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/06/09 17:37:04 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
[2010/06/09 17:36:58 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/06/09 17:36:50 | 005,690,368 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/06/09 17:36:48 | 007,006,208 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/06/09 17:36:47 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/06/09 17:36:46 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/06/09 17:36:46 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/06/09 17:36:43 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/06/09 17:36:43 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/06/09 17:36:40 | 000,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/09 17:36:39 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/09 17:36:39 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/09 17:36:38 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/06/09 17:36:37 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010/06/09 17:36:36 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/09 17:36:35 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/06/09 17:36:34 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/06/09 17:36:34 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2010/06/09 17:36:31 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/06/09 17:36:28 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/06/09 17:36:16 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/06/09 15:29:05 | 000,012,996 | ---- | C] () -- C:\Users\James\Documents\CJAss1.docx
[2010/06/08 21:23:22 | 000,014,717 | ---- | C] () -- C:\Users\James\Documents\Booth B-1 Schedule_Bonnaroo_2010 original.xlsx
[2010/06/08 21:21:39 | 000,159,556 | ---- | C] () -- C:\Users\James\Documents\Bonnaroo work schedule B11 original.xlsx
[2010/06/08 15:53:27 | 000,011,645 | ---- | C] () -- C:\Users\James\Documents\Käthe Kollwitz.docx
[2010/06/06 19:00:31 | 000,184,351 | ---- | C] () -- C:\Users\James\Documents\Bonnaroo check-in info.docx
[2010/06/03 15:08:50 | 000,014,855 | ---- | C] () -- C:\Users\James\Documents\Booth B-1 Schedule_Bonnaroo_2010.xlsx
[2010/06/02 13:01:02 | 000,160,976 | ---- | C] () -- C:\Users\James\Documents\Bonnaroo work schedule B11 with camping list.xlsx
[2010/06/01 21:49:44 | 000,157,672 | ---- | C] () -- C:\Users\James\Documents\Bonnaroo work schedule_hello kitty(1).xlsx
[2010/06/01 19:24:01 | 000,205,450 | ---- | C] () -- C:\Users\James\Documents\Bonnaroo work schedule(1).xlsx
[2010/05/31 11:20:09 | 000,017,559 | ---- | C] () -- C:\Users\James\Documents\Booth B11 Roster.xlsx
[2010/05/26 03:50:29 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/05/19 22:57:23 | 000,017,597 | ---- | C] () -- C:\Users\James\Documents\Booth B1 Roster.xlsx
[2010/05/18 16:55:18 | 000,119,584 | ---- | C] () -- C:\Windows\SysNative\dns-sd.exe
[2010/05/18 16:55:18 | 000,095,520 | ---- | C] () -- C:\Windows\SysNative\dnssd.dll
[2010/05/17 06:53:42 | 000,013,824 | ---- | C] () -- C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/11 19:01:04 | 000,974,848 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2009/06/24 16:32:34 | 000,089,352 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2009/06/24 16:31:46 | 000,059,144 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2009/06/24 16:31:00 | 000,234,760 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2005/08/17 12:08:19 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\sfarkxt.dll
[2005/08/17 12:08:18 | 000,068,096 | ---- | C] () -- C:\Windows\SysWow64\SFARKL.DLL
 
========== LOP Check ==========
 
[2010/08/04 15:53:25 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Acoustica
[2010/07/28 21:40:51 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Avery
[2009/10/20 21:14:26 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Pogo Games
[2010/08/04 15:54:50 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\uTorrent
[2010/08/05 17:47:43 | 000,026,360 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/06 18:19:33 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7BB1E196-9927-458B-A486-233FEF568D24}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< c:\$recycle.bin\*.* /s >
[2010/05/09 11:50:50 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-20\desktop.ini
[2010/08/04 18:16:39 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3623049184-4265544790-1677474580-1000\$I0C2T92.scr
[2010/08/04 18:05:18 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3623049184-4265544790-1677474580-1000\$I0J2F9K
[2010/08/04 17:33:47 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3623049184-4265544790-1677474580-1000\$I4GGI16.com
[2010/08/04 17:32:28 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3623049184-4265544790-1677474580-1000\$II3F2V0.exe
[2010/08/04 18:16:37 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3623049184-4265544790-1677474580-1000\$INLO5GU.exe
[2010/08/04 20:34:04 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3623049184-4265544790-1677474580-1000\$IOQ41WY.exe
[2010/08/04 18:05:23 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3623049184-4265544790-1677474580-1000\$IOQTIMU.2
[2010/08/04 17:07:04 | 000,363,520 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3623049184-4265544790-1677474580-1000\$R0C2T92.scr
[2010/08/04 17:06:55 | 000,363,520 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3623049184-4265544790-1677474580-1000\$R4GGI16.com
[2010/08/04 17:06:42 | 000,363,520 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3623049184-4265544790-1677474580-1000\$RI3F2V0.exe
[2010/08/04 17:05:10 | 009,213,248 | ---- | M] (SUPERAntiSpyware.com) -- c:\$recycle.bin\S-1-5-21-3623049184-4265544790-1677474580-1000\$RNLO5GU.exe
[2009/12/01 23:42:49 | 000,891,248 | ---- | M] (AVG Technologies) -- c:\$recycle.bin\S-1-5-21-3623049184-4265544790-1677474580-1000\$ROQ41WY.exe
[2009/09/22 23:02:14 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3623049184-4265544790-1677474580-1000\desktop.ini
[2010/08/04 15:52:33 | 000,006,974 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3623049184-4265544790-1677474580-1000\$R0J2F9K\air.nfo
[2010/08/04 15:52:33 | 000,000,448 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3623049184-4265544790-1677474580-1000\$R0J2F9K\file_id.diz
[2010/08/04 15:52:41 | 004,922,346 | ---- | M] (                                                            ) -- c:\$recycle.bin\S-1-5-21-3623049184-4265544790-1677474580-1000\$R0J2F9K\setup.exe
[2010/08/04 15:52:32 | 000,000,047 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3623049184-4265544790-1677474580-1000\$R0J2F9K\Torrent downloaded from Demonoid.com.txt
[2010/08/04 15:48:57 | 000,473,201 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3623049184-4265544790-1677474580-1000\$ROQTIMU.2\Acoustica-Mixcraft-4-Installer.exe
[2010/08/04 15:48:56 | 000,003,625 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3623049184-4265544790-1677474580-1000\$ROQTIMU.2\info.txt
[2009/09/22 23:07:43 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3623049184-4265544790-1677474580-1001\desktop.ini
[2009/09/12 13:31:11 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3623049184-4265544790-1677474580-500\desktop.ini
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
 
< MD5 for: AGP440.SYS  >
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008/01/20 21:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/24 22:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2009/04/11 02:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009/04/24 22:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys
 
< MD5 for: AUTOCHK.EXE  >
[2009/04/11 01:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008/01/20 21:50:26 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\SysWOW64\autochk.exe
[2008/01/20 21:50:26 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\SysWOW64\autochk.exe
[2008/01/20 21:50:26 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2009/04/11 02:09:58 | 000,734,720 | ---- | M] (Microsoft Corporation) MD5=E24D4475713CB382A720D003BDDA9628 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_3ffe01d977405f71\autochk.exe
[2008/01/20 21:49:38 | 000,733,696 | ---- | M] (Microsoft Corporation) MD5=F74203F70337352EEABADAE16A05EAEA -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_3e1288cd7a1e9425\autochk.exe
 
< MD5 for: CNGAUDIT.DLL  >
[2006/11/02 06:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/04/24 22:53:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2009/04/24 22:53:48 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe
[2009/04/24 22:53:48 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe
[2009/04/24 22:53:48 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2009/04/24 22:53:48 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2009/04/24 22:53:47 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/04/24 22:53:48 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2009/04/24 22:53:47 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe
[2009/04/24 22:53:47 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009/04/24 22:53:47 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2009/04/24 22:53:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 21:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 21:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008/01/20 21:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: IMM32.DLL  >
[2009/04/11 02:11:15 | 000,163,840 | ---- | M] (Microsoft Corporation) MD5=62C15795629FA290656C6A7E5CD25F52 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.0.6002.18005_none_ba6032a62fea3984\imm32.dll
[2009/04/11 01:26:43 | 000,116,224 | ---- | M] (Microsoft Corporation) MD5=B8FBE5F40B09F5D20E1E5CCFEF893D62 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.0.6002.18005_none_c4b4dcf8644afb7f\imm32.dll
[2008/01/20 21:49:24 | 000,116,224 | ---- | M] (Microsoft Corporation) MD5=CA3091655E2257B3E3EA86F79A696C56 -- C:\Windows\SysWOW64\imm32.dll
[2008/01/20 21:49:24 | 000,116,224 | ---- | M] (Microsoft Corporation) MD5=CA3091655E2257B3E3EA86F79A696C56 -- C:\Windows\SysWOW64\imm32.dll
[2008/01/20 21:49:24 | 000,116,224 | ---- | M] (Microsoft Corporation) MD5=CA3091655E2257B3E3EA86F79A696C56 -- C:\Windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_c2c963ec67293033\imm32.dll
[2008/01/20 21:48:44 | 000,163,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_b874b99a32c86e38\imm32.dll
 
< MD5 for: KERNEL32.DLL  >
[2009/09/12 15:41:19 | 001,233,920 | ---- | M] (Microsoft Corporation) MD5=08E8EF6A8D18BD1D89896903DCD103D2 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_ee74eaec2aa8523e\kernel32.dll
[2008/01/20 21:48:14 | 001,213,952 | ---- | M] (Microsoft Corporation) MD5=1122C8BE4BC4F392598A9543DC1014E0 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_efdc80c50ea8f9e4\kernel32.dll
[2009/09/12 15:41:19 | 001,233,408 | ---- | M] (Microsoft Corporation) MD5=1A5CE3CDE414ED758D4E1616F422C20B -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_ede0a61311929b23\kernel32.dll
[2009/09/12 15:41:19 | 000,858,112 | ---- | M] (Microsoft Corporation) MD5=1B5BE39A927C36B3162ADA23B6CA001E -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_fa751df65c5ab198\kernel32.dll
[2009/09/12 15:41:19 | 001,210,880 | ---- | M] (Microsoft Corporation) MD5=2EEE45C483BA534A84CACC9D8001FE0E -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_f02073a427f9ef9d\kernel32.dll
[2009/09/12 15:41:19 | 000,841,216 | ---- | M] (Microsoft Corporation) MD5=4118366CDDA655F8AEDB20CD03DEBAE9 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_f8c9953e5f091439\kernel32.dll
[2009/09/12 15:41:20 | 000,840,704 | ---- | M] (Microsoft Corporation) MD5=444A00544B4EDFEDD8FCCD281EDE3ED4 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_f835506545f35d1e\kernel32.dll
[2008/01/20 21:48:58 | 000,855,552 | ---- | M] (Microsoft Corporation) MD5=799EEDF377F3B72DB30192AD9FD3C7F3 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_fa312b174309bbdf\kernel32.dll
[2009/04/11 02:11:15 | 001,217,536 | ---- | M] (Microsoft Corporation) MD5=A1489655AB04BBB5290C3FC274D33E57 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_f1c7f9d10bcac530\kernel32.dll
[2009/04/11 01:26:44 | 000,858,112 | ---- | M] (Microsoft Corporation) MD5=A5830F679B5B38AE9700A72087178745 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_fc1ca423402b872b\kernel32.dll
[2009/09/12 15:41:19 | 000,855,552 | ---- | M] (Microsoft Corporation) MD5=D4902D1DC60CB71197EFE4474A582841 -- C:\Windows\SysWOW64\kernel32.dll
[2009/09/12 15:41:19 | 000,855,552 | ---- | M] (Microsoft Corporation) MD5=D4902D1DC60CB71197EFE4474A582841 -- C:\Windows\SysWOW64\kernel32.dll
[2009/09/12 15:41:19 | 000,855,552 | ---- | M] (Microsoft Corporation) MD5=D4902D1DC60CB71197EFE4474A582841 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_fa2b6069430d50d1\kernel32.dll
[2009/09/12 15:41:19 | 001,208,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_efd6b6170eac8ed6\kernel32.dll
 
< MD5 for: MSWSOCK.DLL  >
[2008/01/20 21:50:56 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=66306D7E90650EBE667811C1AF010BAC -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_1471f289e5a92fc4\mswsock.dll
[2009/04/11 01:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 21:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\SysWOW64\mswsock.dll
[2008/01/20 21:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\SysWOW64\mswsock.dll
[2008/01/20 21:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2009/04/11 02:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_165d6b95e2cafb10\mswsock.dll
 
< MD5 for: NDIS.SYS  >
[2008/01/20 21:50:38 | 000,739,384 | ---- | M] (Microsoft Corporation) MD5=2A2EE457AF36C5C9A6808C768BD3A12B -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_03e5c74ad46c7e4e\ndis.sys
[2008/02/07 23:41:30 | 000,643,640 | ---- | M] (Microsoft Corporation) MD5=37A917C8586225B0D04E407C11639B7E -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.20768_none_02504837f08cff85\ndis.sys
[2009/04/11 02:15:34 | 000,738,264 | ---- | M] (Microsoft Corporation) MD5=65950E07329FCEE8E6516B17C8D0ABB6 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_05d14056d18e499a\ndis.sys
[2008/02/08 12:31:28 | 000,739,384 | ---- | M] (Microsoft Corporation) MD5=F9A3AE5C9F047D71A36A99F9ABCA7D02 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.22110_none_04649429ed923a09\ndis.sys
 
< MD5 for: NETLOGON.DLL  >
[2008/01/20 21:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 02:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NTFS.SYS  >
[2009/04/11 02:15:34 | 001,515,496 | ---- | M] (Microsoft Corporation) MD5=BAC869DFB98E499BA4D9BB1FB43270E1 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_047b3e4cd26ad615\ntfs.sys
[2008/01/20 21:50:39 | 001,540,152 | ---- | M] (Microsoft Corporation) MD5=FE86BA5AC3B50E2CA911E9C60C07B638 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_028fc540d5490ac9\ntfs.sys
 
< MD5 for: NTMSSVC.DLL  >
[2008/01/20 21:52:05 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=96E310EC2BB1FC55FA4D32839AA990A2 -- C:\Windows\winsxs\amd64_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_6a5ccd73c670213d\ntmssvc.dll
 
< MD5 for: NVSTOR.SYS  >
[2008/01/20 21:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: PROQUOTA.EXE  >
[2006/11/02 06:16:03 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=98559F204D7547D50176CEE965B623A1 -- C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_81aed15f4dd7884b\proquota.exe
[2006/11/02 04:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\SysWOW64\proquota.exe
[2006/11/02 04:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\SysWOW64\proquota.exe
[2006/11/02 04:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe
 
< MD5 for: QMGR.DLL  >
[2009/04/11 02:11:22 | 001,081,856 | ---- | M] (Microsoft Corporation) MD5=6D316F4859634071CC25C4FD4589AD2C -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_819ad97caef1480e\qmgr.dll
[2008/01/20 21:50:12 | 001,082,368 | ---- | M] (Microsoft Corporation) MD5=D896A0D43F8AB81ECB1FC6C24DECFD58 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_7faf6070b1cf7cc2\qmgr.dll
 
< MD5 for: SCECLI.DLL  >
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 21:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 02:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: SPOOLSV.EXE  >
[2008/01/20 21:49:35 | 000,267,264 | ---- | M] (Microsoft Corporation) MD5=E6519A9E756D74DC51C697BA62162F51 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_326a3ea579e6364c\spoolsv.exe
[2009/04/11 02:10:56 | 000,268,288 | ---- | M] (Microsoft Corporation) MD5=EADA445EAEDD1D7DF4C5EB42B3612729 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_3455b7b177080198\spoolsv.exe
 
< MD5 for: SVCHOST.EXE  >
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe
 
< MD5 for: TERMSRV.DLL  >
[2009/04/11 02:11:26 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=5CDD30BC217082DAC71A9878D9BFD566 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_eca9565809c353e4\termsrv.dll
[2008/01/20 21:48:12 | 000,546,816 | ---- | M] (Microsoft Corporation) MD5=F870A5589D6A94B426EFB13689023946 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_eabddd4c0ca18898\termsrv.dll
 
< MD5 for: USERINIT.EXE  >
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WS2_32.DLL  >
[2008/01/20 21:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
[2008/01/20 21:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
[2008/01/20 21:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[2008/01/20 21:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6002.18005_none_f4a329cecb77d110\ws2_32.dll
[2009/04/11 02:11:31 | 000,264,704 | ---- | M] (Microsoft Corporation) MD5=BAB10B35E2D5EE0DC3DE05A177C52C50 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6002.18005_none_50c1c55283d54246\ws2_32.dll
[2008/01/20 21:49:45 | 000,265,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_4ed64c4686b376fa\ws2_32.dll
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/20 21:49:43 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2008/01/20 21:49:43 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:B203B914
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:A73EAFFB
< End of report >

[jamesnterri]

and here is the Extras log:

OTL Extras logfile created on: 8/7/2010 9:05:35 AM - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\James\Desktop\spyware removal crap
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 194.84 Gb Free Space | 68.75% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 13.58 Gb Free Space | 92.71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JAMES-APT
Current User Name: James
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C7F6AA3-11D4-4050-9CEF-F70902C452CB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{13AB2547-E412-4F20-A31E-BC5D221D3AE9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2FFBBBE3-8409-4300-8028-F1FDC5DDA35F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4A1E734F-2357-40AD-9563-82CB7DBC02B6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5B8824AC-FDAB-49C5-992C-8654833E0177}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73E953AE-DD2C-41CB-8075-852025EA6C82}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{8EB4D576-908A-4CA1-8A4A-1CA4F3A0CEA6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A523C1C5-3F6E-4D0E-9358-A0232443B67C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B5D8A430-268C-45CA-AF8F-2D16B8985A21}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D069D96F-49FC-47AC-9042-3ADA961C7975}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D852F489-5CDC-4B8A-9339-ED3905DF21C0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E6F3BCC5-8D59-4FD3-AD72-E4052FB0258E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A9079A-48A0-4F7E-B63E-5666EBC57701}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{073F8037-09E0-4EF4-93FD-6C13665AA7EF}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0AF2112E-46B2-4A9F-86C7-FAF485585D22}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{13CEA0E0-DFA5-4AD7-9CCC-54442C02A1FC}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{17754652-3AA6-4958-AEDA-8CEB14767CDC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1B587C54-45D5-427E-B571-AB33851C2C3F}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{250090E5-5142-4B2A-8110-94BA55BDA58D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2D90B5D0-34A5-4A1C-8C99-86E93B6634A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{324063BB-9D3D-470C-8868-A38664728F54}" = protocol=6 | dir=out | app=system |
"{3A2BA084-3B56-4AE5-9B6A-B8D27F7EF551}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5050A8CF-737D-4F44-9996-5AD67D2F4F6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{50F78765-A03F-4045-87DC-BE38EAA0B0E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{583C6D94-B81E-4243-8D5E-7E1424FC9BB1}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{5F70146B-DD41-4697-BA7C-D8DF330F13C0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6A28B4D7-5EFE-44C6-86AF-95BF1EC81D7C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{7318D29B-D99D-4D58-9538-07B47ABDB6E7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{774C2249-2D1F-4B03-956F-76E4EB15D365}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{77B012A5-BA8D-4847-AFC1-6B0820A1C489}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{78C1003D-F6F8-477B-A376-53C70D43DACC}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{8527D284-D012-471A-A271-446CE13EF194}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{896FE54D-8E60-4B6A-9F32-E39EE83F552E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8E08FE42-25DE-4580-99EF-38C1E03DD54C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{95B35C5C-1CB1-4DF5-A979-5B2A40AF84B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A02A8CB3-21A5-44E6-8D18-9DA0D47D1C55}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{A77C938D-14E7-49E9-A634-2CE27235F70C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AA48B9E1-1A94-4699-A6F3-62498704AFAB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{AEB4673A-ED55-4D27-8D8E-F1715F5DC62D}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
"{B0338786-CF86-46D0-9094-3DA2B20A144A}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{B19D5B03-06EB-4596-9C97-9ABAA84295A1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B430875C-1285-4C73-A931-4298C362A887}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B555EB7F-75C3-484F-A0F7-52881BCCBD4D}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{BA1F64A2-53B5-454D-8DB6-F1D6F91FE04F}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{D81C51C5-D412-484D-9499-0094F3522496}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{D8F81AB5-FC3B-48EE-9A65-A97D26B7F64E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DC4062A0-0127-49F7-85A8-A0624D5BD731}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DE74DD39-4432-4A5B-B692-219847F77A91}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E7E6160E-9C3F-4C9C-A41E-E455A57618B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E9F36707-DAAB-4AC8-BEEC-A469A5919D97}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EBA18FBC-F64B-462F-9AA6-127067DB5A44}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F6D8B04F-2F0A-404E-B2D3-0511DE8B6C64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA42BFB5-16AC-4087-B090-25712E47E74D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{FFF47094-992C-4C2C-A369-DCFB15F26660}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B4735ADA-2C32-4DB1-809C-D3D424343ED9}" = FastAccess
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76CB3301-6463-4D01-8BE2-A3C99692EB31}" = OSD
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114780403}" = Word Riot Deluxe
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DB3A8AA8-4B1C-435D-AEBC-7F755284C30D}" = Cozi
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}" = DesignPro 5
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AVG9Uninstall" = AVG Free 9.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8 D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Finale 2007" = Finale 2007
"Garritan Ambiance Installer" = Garritan Ambiance Installer
"HijackThis" = HijackThis 2.0.2
"InstallShield_{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}" = DesignPro 5
"Little Shop Of Treasures 2_is1" = Little Shop Of Treasures 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Native Instruments Finale GPO 2.0" = Native Instruments Finale GPO 2.0
"SmartMusic 9" = SmartMusic 9
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 7/11/2010 6:17:45 PM | Computer Name = James-APT | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 7/11/2010 6:21:56 PM | Computer Name = James-APT | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 7/11/2010 6:22:12 PM | Computer Name = James-APT | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 7/11/2010 6:27:44 PM | Computer Name = James-APT | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 7/12/2010 9:22:07 PM | Computer Name = James-APT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18470, time stamp
 0x4be05134, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a783,
 exception code 0xc0000374, fault offset 0x000aada3,  process id 0x12b0, application
 start time 0x01cb2146d19b21cb.
 
Error - 7/14/2010 11:20:28 AM | Computer Name = James-APT | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 7/14/2010 2:09:57 PM | Computer Name = James-APT | Source = WinMgmt | ID = 10
Description =
 
Error - 7/14/2010 2:23:07 PM | Computer Name = James-APT | Source = EventSystem | ID = 4621
Description =
 
Error - 7/14/2010 2:25:37 PM | Computer Name = James-APT | Source = WinMgmt | ID = 10
Description =
 
Error - 7/14/2010 2:34:01 PM | Computer Name = James-APT | Source = EventSystem | ID = 4621
Description =
 
[ System Events ]
Error - 11/20/2009 9:47:49 PM | Computer Name = James-APT | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 11/20/2009 9:47:49 PM | Computer Name = James-APT | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 11/20/2009 9:47:49 PM | Computer Name = James-APT | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 11/20/2009 9:47:49 PM | Computer Name = James-APT | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 11/20/2009 9:47:49 PM | Computer Name = James-APT | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 11/20/2009 9:47:49 PM | Computer Name = James-APT | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 11/20/2009 9:47:49 PM | Computer Name = James-APT | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 11/21/2009 5:18:06 AM | Computer Name = James-APT | Source = HTTP | ID = 15016
Description =
 
Error - 2/13/2010 2:56:18 PM | Computer Name = James-APT | Source = HTTP | ID = 15016
Description =
 
Error - 2/13/2010 3:31:37 PM | Computer Name = James-APT | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >

[jamesnterri]

i installed 7-zip and installed.
i tried to install rootkit unhooker, but when i got to the part where i try to run the randomly named file, i got the following error:

Error loading driver, NTSTATUS code: 0xC000036B

[SuperDave]

i installed 7-zip and installed.
i tried to install rootkit unhooker, but when i got to the part where i try to run the randomly named file, i got the following error:
Error loading driver, NTSTATUS code: 0xC000036B

Just as I thought; It won't run on 64 bit machines.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
O33 - MountPoints2\{31d77cd1-3cef-11df-83de-0024e8133572}\Shell\AutoRun\command - "" = G:\Recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\Bcuzz.exe -- File not found
O33 - MountPoints2\{31d77cd1-3cef-11df-83de-0024e8133572}\Shell\open\command - "" = G:\Recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\Bcuzz.exe -- File not found

:Files
C:\Users\James\AppData\Local\ebujosif.dll
C:\Users\James\AppData\Local\onuvoqulic.dll

:COMMANDS
[resethosts]
[purity]
[clearrestorepoints]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.

=================================

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[jamesnterri]

log after running OTL again with custom code:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31d77cd1-3cef-11df-83de-0024e8133572}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31d77cd1-3cef-11df-83de-0024e8133572}\ not found.
File G:\Recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\Bcuzz.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31d77cd1-3cef-11df-83de-0024e8133572}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31d77cd1-3cef-11df-83de-0024e8133572}\ not found.
File G:\Recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\Bcuzz.exe not found.
========== FILES ==========
C:\Users\James\AppData\Local\ebujosif.dll moved successfully.
C:\Users\James\AppData\Local\onuvoqulic.dll moved successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
Error: Unable to interpret <[clearrestorepoints]> in the current context!
 
[EMPTYTEMP]
 
User: All Users
 
User: Anna
->Temp folder emptied: 197432 bytes
->Temporary Internet Files folder emptied: 59524308 bytes
->Java cache emptied: 72402272 bytes
->Flash cache emptied: 12130 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: James
->Temp folder emptied: 805122866 bytes
->Temporary Internet Files folder emptied: 88203917 bytes
->Java cache emptied: 301072485 bytes
->Google Chrome cache emptied: 415054147 bytes
->Flash cache emptied: 64850 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36881567 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
RecycleBin emptied: 18761176 bytes
 
Total Files Cleaned = 1,714.00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 08072010_182711

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File\Folder C:\Users\James\AppData\Local\Temp\Low\hsperfdata_James\5760 not found!
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R875OBOL\0,,20408795,00[1].htm moved successfully.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R875OBOL\radioAdEmbed[10].htm moved successfully.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R875OBOL\radioAdEmbed[2].htm moved successfully.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R875OBOL\radioAdEmbed[9].htm moved successfully.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MUV0FUOU\avitar[1].htm moved successfully.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MUV0FUOU\fan[1].htm moved successfully.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MUV0FUOU\getAds[1].htm moved successfully.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MUV0FUOU\login_status[1].htm moved successfully.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MUV0FUOU\pogo_com[3].htm moved successfully.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JANL4QGK\adbrite[2].htm moved successfully.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JANL4QGK\comments[1].htm moved successfully.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JANL4QGK\getAds[1].htm moved successfully.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JANL4QGK\google[2].htm moved successfully.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JANL4QGK\homepageBackButtonFrameIE[2].htm moved successfully.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JANL4QGK\like[1].htm moved successfully.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JANL4QGK\login_status[2].htm moved successfully.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JANL4QGK\pandora_com[1].htm moved successfully.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JANL4QGK\radioAdEmbed[5].htm moved successfully.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JANL4QGK\topic,108415.0[2].htm moved successfully.
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JANL4QGK\xd_receiver[1].htm moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C7A9WVO9\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C671EOCN\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\APKL0Y0Z\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\41JMI3U5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AW935XO\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[jamesnterri]

ESET finished with No Threats Found.  The log file is as follows:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

[SuperDave]

James, how is your computer working now?