TechSpot

8 Steps Done on 64 Bit System

By rjmontalvo
Nov 9, 2010
  1. Hello,

    I completed all the steps and the programs seemed to work but the only one that I'm able to show a log for is GMER. Both Mbam and DDS seem to have problems due to me running Vista in 64 bit. Is there anyway to get around this so I can properly paste my logs on the forum?

    Thanks!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    DDS and MBAM will run on 64-bit.
    What kind of problems are you having with those programs and what are your computer issues?

    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. rjmontalvo

    rjmontalvo TS Rookie Topic Starter Posts: 19

    When I run MBAM it completes fine but puts up an error saying: Please check whether you're running 32-Bit or 64-Bit Operating System and contact Program provider. The log is created but that same error comes up whenever I click on it through program. I also looked where the file should be on hard drive and there's no log folder or txt files.

    At the end of the of DDS the program attempts to open up Notepad and fails to do so saying just about the same error as I listed above.

    As for PC probs, whenever I boot up the laptop I get a few error windows. One is "Failed to load Commonres.dll" as well as a few random
    files from Avira and Openoffice with the error "Bad Image" attached to each. There are quite a few programs now that just refuse to run out of
    no where. Unfortunately I'm at work right now so the exact wordings of the errors aren't in front of me but I will repost with exact details later.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    OK, please post GMER and MBRCheck logs then.
     
  5. rjmontalvo

    rjmontalvo TS Rookie Topic Starter Posts: 19

    Below is the GMER log, how do I get a MBRCheck log? I looked online and found another forum speaking of it, but the version I downloaded and used said I had a unknown MBR code and my attempt to dump to a log file ended up with a bunch of gibberish (which I'll paste below GMER)

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-11-09 22:16:22
    Windows 6.0.6001 Service Pack 1
    Running: y724pt7t.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application@Sources MSDMine?STacS
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0E 0x87 0x98 0x83 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x38 0xE7 0x2B 0x83 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x85 0x2C 0xD3 0x5F ...
    Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application@Sources MSDMine?STacS
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Application@Sources MSDMine?STacS
    Reg HKLM\SYSTEM\ControlSet004\Services\Eventlog\Application@Sources MSDMine?STacS
    Reg HKLM\SYSTEM\ControlSet005\Services\Eventlog\Application@Sources MSDMine?STacS
    Reg HKLM\SYSTEM\ControlSet006\Services\Eventlog\Application@Sources MSDMine?STacS
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x23 0xC6 0xEA 0x2C ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x38 0xE7 0x2B 0x83 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x85 0x2C 0xD3 0x5F ...
    Reg HKLM\SYSTEM\ControlSet007\Services\Eventlog\Application@Sources MSDMine?STacS
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x42 0x99 0x59 0x7D ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x38 0xE7 0x2B 0x83 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x85 0x2C 0xD3 0x5F ...
    Reg HKLM\SYSTEM\ControlSet008\Services\Eventlog\Application@Sources MSDMine?STacS
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x50 0x5F 0x22 0x65 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x38 0xE7 0x2B 0x83 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x85 0x2C 0xD3 0x5F ...
    Reg HKLM\SYSTEM\ControlSet009\Services\Eventlog\Application@Sources MSDMine?STacS
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8C 0x99 0xB5 0x1B ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x38 0xE7 0x2B 0x83 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x85 0x2C 0xD3 0x5F ...
    Reg HKLM\SYSTEM\ControlSet010\Services\Eventlog\Application@Sources MSDMine?STacS
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0E 0x87 0x98 0x83 ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x38 0xE7 0x2B 0x83 ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x85 0x2C 0xD3 0x5F ...

    ---- EOF - GMER 1.0.15 ----

    MBR Check

    1ÀŽÐ¼ |ûPPü¾|¿PW¹åó¤Ë¿ 1À²€ÍsOtëóëþ½ž€~ Ztjº R´Ít ´Í€üqtWé; f¸d f»@B f÷ãf»í: f÷óf‰Áäa$8àtøˆÄfIfù wëZJú uµé ¾¾±8,|u Æ âô‰õéo éi ½¾f‹^`h h fSh h |h h ´B²€‰æÍaas Ot0ä²€ÍëÍè{ ½¾ÆF €ÆF ÆF ÆF *Ÿ¨t€N$*Ÿ¨t€N4èr h h |˽Îf‹^`h h fSh h |h h ´B²€‰æÍaas Ot0ä²€ÍëÍè ½¾€~'tºÆF'è% 뱿 1ÀŽÀ» ~¸µ ±¶ ²€Ís Ot0äÍ
    ëÞÿ 1ÀŽÀ» ~¸µ ±¶ ²€Ís Ot0äÍ
    ëÞà Acer&3 system bz™î
    a! ! 'þÿÿ  *€þÿÿþÿÿ *ø‡µ þÿÿþÿÿ U Hí Uª
     
  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Ooops, sorry for MBRCheck :)

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  7. rjmontalvo

    rjmontalvo TS Rookie Topic Starter Posts: 19

    LOL I totally didn't notice that the program put the log on my desktop. Here it is ;P

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 1 (build 6001), 64-bit
    Base Board Manufacturer: Gateway
    BIOS Manufacturer: Gateway
    System Manufacturer: Gateway
    System Product Name: M-6888u
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 153):
    0x02615000 \SystemRoot\system32\ntoskrnl.exe
    0x02B2D000 \SystemRoot\system32\hal.dll
    0x0060E000 \SystemRoot\system32\kdcom.dll
    0x00618000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00645000 \SystemRoot\system32\PSHED.dll
    0x00659000 \SystemRoot\system32\CLFS.SYS
    0x006B6000 \SystemRoot\system32\CI.dll
    0x00802000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008DC000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00A07000 \SystemRoot\System32\Drivers\spqg.sys
    0x00B2D000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x00B36000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x00B64000 \SystemRoot\system32\drivers\acpi.sys
    0x00BBA000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00BC4000 \SystemRoot\system32\drivers\pci.sys
    0x008EA000 \SystemRoot\System32\drivers\partmgr.sys
    0x00BF4000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x008FF000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x0090B000 \SystemRoot\system32\drivers\volmgr.sys
    0x0091F000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00BF8000 \SystemRoot\system32\drivers\intelide.sys
    0x00985000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x00995000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00C0E000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x00D12000 \SystemRoot\system32\drivers\atapi.sys
    0x00D1A000 \SystemRoot\system32\drivers\ataport.SYS
    0x00D3E000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00D84000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00768000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00E0F000 \SystemRoot\system32\drivers\ndis.sys
    0x00D98000 \SystemRoot\system32\drivers\msrpc.sys
    0x009A8000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01002000 \SystemRoot\System32\drivers\tcpip.sys
    0x01176000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01208000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0138C000 \SystemRoot\system32\drivers\volsnap.sys
    0x013D0000 \SystemRoot\System32\Drivers\spldr.sys
    0x013D8000 \SystemRoot\System32\Drivers\mup.sys
    0x011A2000 \SystemRoot\System32\drivers\ecache.sys
    0x013EA000 \SystemRoot\system32\drivers\disk.sys
    0x011CE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x00FD2000 \SystemRoot\system32\drivers\crcdisk.sys
    0x02309000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x02315000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x0231E000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x02331000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x02604000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x02408000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x024E7000 \SystemRoot\System32\drivers\watchdog.sys
    0x024F6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x02509000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x02515000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x0255B000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x0256C000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
    0x02C0F000 \SystemRoot\system32\DRIVERS\NETw4v64.sys
    0x02F26000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x02F3C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x02F4A000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x02F99000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x02F9B000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x02FA7000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x02FC3000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0x02595000 \SystemRoot\System32\Drivers\a0th9a8e.SYS
    0x02B50000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x02B88000 \SystemRoot\system32\DRIVERS\storport.sys
    0x02FD0000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02FDD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x02C00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x02336000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x025DA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x02367000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x02BE5000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x025EA000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x02C0C000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x02385000 \SystemRoot\system32\DRIVERS\ks.sys
    0x023B9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x023C4000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x03208000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x0324F000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x03263000 \SystemRoot\system32\drivers\HdAudio.sys
    0x032AC000 \SystemRoot\system32\drivers\portcls.sys
    0x032E7000 \SystemRoot\system32\drivers\drmk.sys
    0x0330A000 \SystemRoot\system32\drivers\ksthunk.sys
    0x03310000 \SystemRoot\system32\drivers\stwrt64.sys
    0x03374000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
    0x04E08000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
    0x04C0C000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
    0x04CD4000 \SystemRoot\system32\drivers\modem.sys
    0x04CE3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x04CFF000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x04D29000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x04D33000 \SystemRoot\System32\Drivers\Null.SYS
    0x04D46000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x04D4E000 \SystemRoot\System32\drivers\vga.sys
    0x04D5C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x04D81000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x04D8A000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x04D93000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x04D9E000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x04DAF000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x04DB8000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x04DD5000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x04DE5000 \SystemRoot\system32\DRIVERS\smb.sys
    0x04F82000 \SystemRoot\system32\drivers\afd.sys
    0x04C00000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x0500D000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x05051000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x0506F000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x0507E000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x05099000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x050E7000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x050F3000 \SystemRoot\System32\Drivers\dfsc.sys
    0x05110000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x05133000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x02200000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x05141000 \SystemRoot\system32\drivers\RTSTOR64.SYS
    0x05155000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x0515E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x05170000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x0517A000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x000F0000 \SystemRoot\System32\win32k.sys
    0x05185000 \SystemRoot\System32\drivers\Dxapi.sys
    0x05191000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00420000 \SystemRoot\System32\TSDDD.dll
    0x00660000 \SystemRoot\System32\cdd.dll
    0x051A4000 \SystemRoot\system32\drivers\luafv.sys
    0x051C6000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x05000000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x06C0E000 \SystemRoot\system32\drivers\spsys.sys
    0x06CA8000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x06CBC000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x06CF0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x06CFB000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x06D13000 \SystemRoot\system32\drivers\HTTP.sys
    0x06DB2000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x06DDB000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x033C8000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x023D4000 \SystemRoot\system32\drivers\mrxdav.sys
    0x07408000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x07431000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0747A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x07499000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x074CB000 \SystemRoot\System32\DRIVERS\srv.sys
    0x07579000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x07C06000 \SystemRoot\system32\drivers\peauth.sys
    0x07CBC000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x07CC7000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x07CD6000 \SystemRoot\system32\DRIVERS\xaudio64.sys
    0x07CDE000 \SystemRoot\system32\drivers\tdtcp.sys
    0x07CEB000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
    0x07CF9000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0x07D35000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x775A0000 \Windows\System32\ntdll.dll

    Processes (total 67):
    0 System Idle Process
    4 System
    444 C:\Windows\System32\smss.exe
    568 csrss.exe
    620 C:\Windows\System32\wininit.exe
    640 csrss.exe
    676 C:\Windows\System32\services.exe
    688 C:\Windows\System32\lsass.exe
    700 C:\Windows\System32\lsm.exe
    740 C:\Windows\System32\winlogon.exe
    868 C:\Windows\System32\svchost.exe
    956 C:\Windows\System32\svchost.exe
    388 C:\Windows\System32\Ati2evxx.exe
    520 C:\Windows\System32\svchost.exe
    12 C:\Windows\System32\svchost.exe
    864 C:\Windows\System32\svchost.exe
    1064 C:\Windows\System32\audiodg.exe
    1100 C:\Windows\System32\SLsvc.exe
    1132 C:\Windows\System32\svchost.exe
    1204 C:\Windows\System32\Ati2evxx.exe
    1308 C:\Windows\System32\svchost.exe
    1440 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1740 C:\Windows\System32\spoolsv.exe
    1764 C:\Windows\System32\svchost.exe
    1956 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1992 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2012 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    940 C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
    2004 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2120 C:\Windows\System32\svchost.exe
    2136 C:\Windows\System32\Locator.exe
    2188 C:\Program Files (x86)\IDT\WDM\stacsv64.exe
    2524 C:\Windows\System32\taskeng.exe
    2536 C:\Windows\System32\dwm.exe
    2608 C:\Windows\explorer.exe
    2648 C:\Windows\System32\taskeng.exe
    2868 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2876 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    2904 C:\Windows\sttray64.exe
    2956 C:\Windows\ehome\ehtray.exe
    3036 C:\Windows\System32\svchost.exe
    2060 C:\Windows\System32\svchost.exe
    2564 C:\Windows\System32\SearchIndexer.exe
    2716 C:\Windows\System32\drivers\XAudio64.exe
    3084 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    3124 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3180 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3188 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    3196 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3272 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    3284 C:\Windows\ehome\ehmsas.exe
    3524 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    3908 C:\Program Files\iPod\bin\iPodService.exe
    3900 C:\Windows\System32\wbem\unsecapp.exe
    2840 WmiPrvSE.exe
    4360 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3504 C:\Users\Rich\AppData\Local\Google\Chrome\Application\chrome.exe
    3340 C:\Users\Rich\AppData\Local\Google\Chrome\Application\chrome.exe
    2720 C:\Program Files\Windows Media Player\wmpnscfg.exe
    340 C:\Users\Rich\AppData\Local\Google\Chrome\Application\chrome.exe
    2348 C:\Users\Rich\AppData\Local\Google\Chrome\Application\chrome.exe
    4460 C:\Users\Rich\AppData\Local\Google\Chrome\Application\chrome.exe
    2456 C:\Windows\System32\SearchProtocolHost.exe
    1212 C:\Windows\System32\SearchFilterHost.exe
    4316 dllhost.exe
    2224 dllhost.exe
    2312 C:\Users\Rich\Downloads\MBRCheck (1).exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`40100000 (NTFS)
    \\.\F: --> \\.\PhysicalDrive0 at offset 0x00000032`ab200000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 16320FCDEEF27AEA4D198A0877B9A7EECB751892


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  8. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    It looks like we have problem with your MBR...

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
  9. rjmontalvo

    rjmontalvo TS Rookie Topic Starter Posts: 19

    Post NTBR Boot CD Log

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 1 (build 6001), 64-bit
    Base Board Manufacturer: Gateway
    BIOS Manufacturer: Gateway
    System Manufacturer: Gateway
    System Product Name: M-6888u
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 153):
    0x0260B000 \SystemRoot\system32\ntoskrnl.exe
    0x02B23000 \SystemRoot\system32\hal.dll
    0x0060B000 \SystemRoot\system32\kdcom.dll
    0x00615000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00642000 \SystemRoot\system32\PSHED.dll
    0x00656000 \SystemRoot\system32\CLFS.SYS
    0x006B3000 \SystemRoot\system32\CI.dll
    0x0080C000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008E6000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00A0E000 \SystemRoot\System32\Drivers\splz.sys
    0x00B34000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x00B3D000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x00B6B000 \SystemRoot\system32\drivers\acpi.sys
    0x00BC1000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00BCB000 \SystemRoot\system32\drivers\pci.sys
    0x008F4000 \SystemRoot\System32\drivers\partmgr.sys
    0x00BFB000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00A00000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00909000 \SystemRoot\system32\drivers\volmgr.sys
    0x0091D000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00983000 \SystemRoot\system32\drivers\intelide.sys
    0x0098B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x0099B000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00C0A000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x00D0E000 \SystemRoot\system32\drivers\atapi.sys
    0x00D16000 \SystemRoot\system32\drivers\ataport.SYS
    0x00D3A000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00D80000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00765000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00E00000 \SystemRoot\system32\drivers\ndis.sys
    0x00D94000 \SystemRoot\system32\drivers\msrpc.sys
    0x01000000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01058000 \SystemRoot\System32\drivers\tcpip.sys
    0x011CC000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01208000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0138C000 \SystemRoot\system32\drivers\volsnap.sys
    0x013D0000 \SystemRoot\System32\Drivers\spldr.sys
    0x013D8000 \SystemRoot\System32\Drivers\mup.sys
    0x00FC3000 \SystemRoot\System32\drivers\ecache.sys
    0x013EA000 \SystemRoot\system32\drivers\disk.sys
    0x009AE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x00FEF000 \SystemRoot\system32\drivers\crcdisk.sys
    0x0230C000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x02318000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x02321000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x02334000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x0260C000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x02C05000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x02CE4000 \SystemRoot\System32\drivers\watchdog.sys
    0x02CF3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x02D06000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x02D12000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x02D58000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x02D69000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
    0x02E07000 \SystemRoot\system32\DRIVERS\NETw4v64.sys
    0x0311E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x03134000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x03142000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x03191000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x03193000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x0319F000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x031BB000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0x02D92000 \SystemRoot\System32\Drivers\acarrct0.SYS
    0x031C8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x02B58000 \SystemRoot\system32\DRIVERS\storport.sys
    0x02DD7000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02BB5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x02DE4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x02339000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x02DF0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x02BD8000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x0236A000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x02382000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x02E00000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x02394000 \SystemRoot\system32\DRIVERS\ks.sys
    0x02600000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x023C8000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x03207000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x0324E000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x03262000 \SystemRoot\system32\drivers\HdAudio.sys
    0x032AB000 \SystemRoot\system32\drivers\portcls.sys
    0x032E6000 \SystemRoot\system32\drivers\drmk.sys
    0x03309000 \SystemRoot\system32\drivers\ksthunk.sys
    0x0330F000 \SystemRoot\system32\drivers\stwrt64.sys
    0x03373000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
    0x04C06000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
    0x04E04000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
    0x04ECC000 \SystemRoot\system32\drivers\modem.sys
    0x04EDB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x04EE5000 \SystemRoot\System32\Drivers\Null.SYS
    0x04EF8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x04F00000 \SystemRoot\System32\drivers\vga.sys
    0x04F0E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x04F33000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x04F3C000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x04F45000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x04F50000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x04F61000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x04F6A000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x04F87000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x04F97000 \SystemRoot\system32\DRIVERS\smb.sys
    0x04D80000 \SystemRoot\system32\drivers\afd.sys
    0x04FB2000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x04FBC000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x033C7000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x04DED000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x033E5000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x04A07000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x04A55000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x04A61000 \SystemRoot\System32\Drivers\dfsc.sys
    0x04A7E000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x04AA1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x04ABD000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x04AE7000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x04AF5000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x023D8000 \SystemRoot\system32\drivers\RTSTOR64.SYS
    0x04EEE000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x023EC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x02BF6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x02200000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x00000000 \SystemRoot\System32\win32k.sys
    0x0220B000 \SystemRoot\System32\drivers\Dxapi.sys
    0x02217000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00490000 \SystemRoot\System32\TSDDD.dll
    0x00610000 \SystemRoot\System32\cdd.dll
    0x0222A000 \SystemRoot\system32\drivers\luafv.sys
    0x0224C000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x02286000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x06C06000 \SystemRoot\system32\drivers\spsys.sys
    0x06CA0000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x06CB4000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x06CE8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x06CF3000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x06D0B000 \SystemRoot\system32\drivers\HTTP.sys
    0x06DAA000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x06DD3000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x0228F000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x022A9000 \SystemRoot\system32\drivers\mrxdav.sys
    0x022D0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0720A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x07253000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x07272000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x072A4000 \SystemRoot\System32\DRIVERS\srv.sys
    0x07352000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x07A0F000 \SystemRoot\system32\drivers\peauth.sys
    0x07AC5000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x07AD0000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x07ADF000 \SystemRoot\system32\DRIVERS\xaudio64.sys
    0x07AE7000 \SystemRoot\system32\drivers\tdtcp.sys
    0x07AF4000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
    0x07B02000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0x07B3E000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x772B0000 \Windows\System32\ntdll.dll

    Processes (total 65):
    0 System Idle Process
    4 System
    492 C:\Windows\System32\smss.exe
    568 csrss.exe
    620 C:\Windows\System32\wininit.exe
    640 csrss.exe
    676 C:\Windows\System32\services.exe
    688 C:\Windows\System32\lsass.exe
    696 C:\Windows\System32\lsm.exe
    740 C:\Windows\System32\winlogon.exe
    884 C:\Windows\System32\svchost.exe
    964 C:\Windows\System32\svchost.exe
    508 C:\Windows\System32\Ati2evxx.exe
    524 C:\Windows\System32\svchost.exe
    572 C:\Windows\System32\svchost.exe
    820 C:\Windows\System32\svchost.exe
    1064 C:\Windows\System32\audiodg.exe
    1100 C:\Windows\System32\SLsvc.exe
    1128 C:\Windows\System32\svchost.exe
    1304 C:\Windows\System32\svchost.exe
    1348 C:\Windows\System32\Ati2evxx.exe
    1436 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1728 C:\Windows\System32\spoolsv.exe
    1752 C:\Windows\System32\svchost.exe
    1924 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1972 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1996 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    2032 C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
    1788 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2084 C:\Windows\System32\svchost.exe
    2108 C:\Windows\System32\Locator.exe
    2136 C:\Program Files (x86)\IDT\WDM\stacsv64.exe
    2240 C:\Windows\System32\svchost.exe
    2276 C:\Windows\System32\svchost.exe
    2304 C:\Windows\System32\SearchIndexer.exe
    2348 C:\Windows\System32\drivers\XAudio64.exe
    2784 C:\Windows\System32\dwm.exe
    2824 C:\Windows\explorer.exe
    2928 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2940 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    2960 C:\Windows\sttray64.exe
    3048 C:\Windows\ehome\ehtray.exe
    3064 C:\Program Files (x86)\Steam\Steam.exe
    880 C:\Windows\ehome\ehmsas.exe
    1532 C:\Windows\System32\taskeng.exe
    1008 C:\Windows\System32\taskeng.exe
    2124 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    3128 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3184 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    3376 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3424 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3440 WmiPrvSE.exe
    3516 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    3572 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    3596 C:\Windows\System32\mobsync.exe
    3920 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    4052 C:\Program Files\iPod\bin\iPodService.exe
    3472 C:\Windows\System32\wbem\unsecapp.exe
    3420 WmiPrvSE.exe
    3956 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    3952 C:\Windows\System32\SearchProtocolHost.exe
    1036 C:\Windows\System32\SearchFilterHost.exe
    3492 dllhost.exe
    2508 dllhost.exe
    4072 C:\Users\Rich\Downloads\MBRCheck (1).exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`40100000 (NTFS)
    \\.\F: --> \\.\PhysicalDrive0 at offset 0x00000032`ab200000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  10. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Looks good :)

    See, if this will run...

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/


    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    • Close SUPERAntiSpyware.
    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    • Open SUPERAntiSpyware.
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Post SUPERAntiSpyware log.
     
  11. rjmontalvo

    rjmontalvo TS Rookie Topic Starter Posts: 19

    The laptop shut off twice while almost done with scan, seemed like it was overheating. Then refuses to go more than a few minutes without doin the same. Going to leave it for a bit n come back to it tomm.

    Didn't want to seem like I fixed it n left ya. Thanks for the help thus far.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    If the laptop is overheating, leaving it off for a while won't solve overheating issue.
    I suggest, you buy a can of compressed air and clean well all vents.
    IF it's an overheating problem avoid using the laptop until the issue is solved, or can cause permanent CPU damage.
     
  13. rjmontalvo

    rjmontalvo TS Rookie Topic Starter Posts: 19

    Thanks for the heads up, did a good air can clean up and seems ok. Here's the log:


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/11/2010 at 06:12 PM

    Application Version : 4.45.1000

    Core Rules Database Version : 5843
    Trace Rules Database Version: 3655

    Scan type : Complete Scan
    Total Scan Time : 01:07:14

    Memory items scanned : 255
    Memory threats detected : 0
    Registry items scanned : 11500
    Registry threats detected : 0
    File items scanned : 141040
    File threats detected : 2

    Rogue.Agent/Gen-Nullo[DLL]
    C:\WINDOWS\SYSTEM32\DDRAWEX.DLL
    C:\WINDOWS\SYSTEM32\NAPIPSEC.DLL
     
  14. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Good :)

    How is computer doing overall?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  15. rjmontalvo

    rjmontalvo TS Rookie Topic Starter Posts: 19

    The OTL log is too big for one post, here's first section:

    OTL logfile created on: 11/11/2010 6:47:16 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Rich\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
    8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 189.67 Gb Total Space | 63.89 Gb Free Space | 33.69% Space Free | Partition Type: NTFS
    Drive F: | 95.42 Gb Total Space | 75.01 Gb Free Space | 78.61% Space Free | Partition Type: NTFS

    Computer Name: LAPPY | User Name: Rich | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/11 18:45:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe
    PRC - [2010/11/01 16:36:03 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Users\Rich\AppData\Local\Google\Chrome\Application\chrome.exe
    PRC - [2010/10/17 08:25:41 | 000,030,192 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2007/10/03 18:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/11 18:45:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe
    MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV:64bit: - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV:64bit: - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2008/07/16 13:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
    SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2008/01/09 08:58:26 | 000,830,464 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
    SRV:64bit: - [2007/01/29 08:24:38 | 000,410,624 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
    SRV - [2010/11/10 19:01:26 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/10/17 08:25:41 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
    SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2007/07/26 20:49:46 | 000,119,296 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files (x86)\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV - [2007/01/19 15:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\MSN Messenger\usnsvc.exe -- (usnjsvc)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
    DRV:64bit: - [2010/10/19 22:12:49 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010/09/07 09:47:33 | 000,061,008 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/02/29 01:59:32 | 001,252,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2008/01/25 03:46:52 | 000,150,016 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2008/01/20 21:46:57 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
    DRV:64bit: - [2008/01/09 11:44:54 | 004,168,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2008/01/03 19:57:26 | 000,062,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
    DRV:64bit: - [2007/10/30 21:44:38 | 003,197,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel(R)
    DRV:64bit: - [2007/09/30 02:03:32 | 000,384,024 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
    DRV:64bit: - [2007/07/26 20:50:24 | 000,391,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2007/05/23 20:47:28 | 000,020,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV:64bit: - [2007/01/29 08:24:06 | 000,009,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
    DRV:64bit: - [2006/12/21 08:33:28 | 001,511,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
    DRV:64bit: - [2006/12/21 08:30:50 | 000,300,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
    DRV:64bit: - [2006/12/21 08:29:48 | 000,731,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2006/11/17 01:22:06 | 000,297,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
    DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2006/06/18 10:27:24 | 000,017,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
    DRV - [2008/07/16 12:56:06 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1010&m=m-6888u
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1010&m=m-6888u
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1010&m=m-6888u
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1010&m=m-6888u

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1010&m=m-6888u
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: seotoolbar@seobook.com:1.0.20
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/01 16:32:48 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/01 16:32:48 | 000,000,000 | ---D | M]

    [2010/10/18 17:00:14 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\Mozilla\Extensions
    [2010/11/08 18:42:45 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\shqru1oa.default\extensions
    [2010/10/24 21:37:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\shqru1oa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/10/19 17:57:14 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\shqru1oa.default\extensions\seotoolbar@seobook.com
    [2010/10/18 16:52:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

    O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray64.exe (IDT, Inc.)
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [eRecoveryService] File not found
    O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.87.77.134 68.87.72.134
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll ()
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll ()
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll ()
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll ()
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll ()
    O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Rich\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Rich\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{1eed668e-d9a2-11df-9104-000325249adc}\Shell\AutoRun\command - "" = G:\wdsync.exe -- File not found
    O33 - MountPoints2\{9e12a464-e370-11df-a761-000325249adc}\Shell\AutoRun\command - "" = G:\slacker.synclauncher.exe -- File not found
    O33 - MountPoints2\{9e12a464-e370-11df-a761-000325249adc}\Shell\slacker\command - "" = G:\slacker.synclauncher.exe -- File not found
    O33 - MountPoints2\{d129d577-dbf8-11df-8cd8-001f3cacead8}\Shell - "" = AutoRun
    O33 - MountPoints2\{d129d577-dbf8-11df-8cd8-001f3cacead8}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
    Drivers32: msacm.clmp3enc - C:\Program Files (x86)\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/11 18:45:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe
    [2010/11/10 20:56:11 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\SUPERAntiSpyware.com
    [2010/11/10 20:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/11/10 20:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2010/11/10 20:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/11/10 20:33:54 | 000,000,000 | ---D | C] -- C:\Users\Rich\Desktop\NTBR_CD
    [2010/11/09 23:57:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
    [2010/11/09 23:56:58 | 000,000,000 | ---D | C] -- C:\63f0913c402f0067fff127f1
    [2010/11/09 23:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010/11/09 21:32:55 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Malwarebytes
    [2010/11/09 21:32:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/11/09 21:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/11/09 21:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/11/08 22:15:45 | 000,000,000 | ---D | C] -- C:\Users\Rich\Documents\The KMPlayer
    [2010/11/08 22:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
    [2010/11/07 20:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2010/11/07 20:38:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
    [2010/11/07 20:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2010/11/07 19:23:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise Disk Cleaner
    [2010/11/07 19:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise Registry Cleaner
    [2010/11/07 11:02:03 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\PeerNetworking
    [2010/11/07 10:53:35 | 000,000,000 | ---D | C] -- C:\Users\Rich\Desktop\OpenOffice.org 3.2 (en-US) Installation Files
    [2010/11/06 15:44:43 | 000,000,000 | -HSD | C] -- C:\found.000
    [2010/11/06 15:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\InterActual
    [2010/10/28 22:16:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2010/10/27 17:40:48 | 000,000,000 | ---D | C] -- C:\Users\Rich\Documents\All-in-One Submission 8.88
    [2010/10/27 17:40:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\All-in-One Submission 8.0
    [2010/10/27 17:29:52 | 000,000,000 | ---D | C] -- C:\Users\Rich\Documents\All-in-One Submission 9.088.8
    [2010/10/26 16:51:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2010/10/24 12:36:34 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\OpenOffice.org
    [2010/10/24 10:31:28 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Adobe
    [2010/10/22 22:42:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
    [2010/10/21 18:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Pismo File Mount Audit Package
    [2010/10/21 18:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\KernSafe
    [2010/10/21 18:00:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\All-in-One Submission 9.0
    [2010/10/19 22:12:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
    [2010/10/19 22:12:09 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\DAEMON Tools Lite
    [2010/10/19 22:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
    [2010/10/19 20:12:04 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2010/10/18 20:45:43 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\LolClient
    [2010/10/18 16:53:06 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Mozilla
    [2010/10/18 16:53:06 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Mozilla
    [2010/10/18 16:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2010/10/17 20:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
    [2010/10/17 20:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
    [2010/10/17 19:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
    [2010/10/17 19:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
    [2010/10/17 19:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010/10/17 18:54:21 | 000,000,000 | ---D | C] -- C:\Riot Games
    [2010/10/17 18:12:26 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\PMB Files
    [2010/10/17 18:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
    [2010/10/17 18:12:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
    [2010/10/17 08:26:51 | 000,000,000 | ---D | C] -- C:\Users\Rich\Documents\My Google Gadgets
    [2010/10/17 08:09:35 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Apple Computer
    [2010/10/17 08:09:35 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Apple Computer
    [2010/10/17 08:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/10/17 08:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/10/17 08:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2010/10/17 08:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    [2010/10/17 08:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2010/10/17 08:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2010/10/17 08:07:23 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Apple
    [2010/10/17 08:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2010/10/17 08:06:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2010/10/17 08:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/10/17 08:06:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2010/10/17 08:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
    [2010/10/17 08:05:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
    [2010/10/17 06:40:00 | 000,000,000 | ---D | C] -- C:\Users\Rich\Documents\Rich
    [2010/10/17 01:35:11 | 000,425,984 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray64.exe
    [2010/10/17 01:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
    [2010/10/17 01:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\es-MX
    [2010/10/17 01:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\es-MX
    [2010/10/17 01:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\es-AR
    [2010/10/17 01:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\es-AR
    [2010/10/17 01:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
    [2010/10/17 01:31:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
    [2010/10/17 01:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
    [2010/10/17 01:25:34 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2010/10/17 01:23:30 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2010/10/17 00:03:01 | 000,000,000 | ---D | C] -- C:\Users\Rich\Games
    [2010/10/16 23:44:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
    [2010/10/16 23:44:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
    [2010/10/16 23:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [2010/10/16 23:36:57 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Macromedia
    [2010/10/16 23:36:53 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Adobe
    [2010/10/16 23:11:05 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Google
    [2010/10/16 22:49:16 | 000,017,952 | ---- | C] (Acer, Inc.) -- C:\Windows\SysWow64\drivers\int15_64.sys
    [2010/10/16 22:49:16 | 000,015,392 | ---- | C] (Acer, Inc.) -- C:\Windows\SysWow64\drivers\int15.sys
    [2010/10/16 22:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\GATEWAY
    [2010/10/16 22:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
    [2010/10/16 22:45:50 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\ATI
    [2010/10/16 22:45:50 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\ATI
    [2010/10/16 22:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2010/10/16 22:45:46 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Symantec
    [2010/10/16 22:45:37 | 000,000,000 | R--D | C] -- C:\Users\Rich\Searches
    [2010/10/16 22:45:29 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Identities
    [2010/10/16 22:45:27 | 000,000,000 | R--D | C] -- C:\Users\Rich\Contacts
    [2010/10/16 22:45:25 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\VirtualStore
    [2010/10/16 22:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Application Data
    [2010/10/16 22:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\eBay
    [2010/10/16 22:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
    [2010/10/16 22:43:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2010/10/16 22:43:14 | 000,000,000 | --SD | C] -- C:\Users\Rich\AppData\Roaming\Microsoft
    [2010/10/16 22:43:14 | 000,000,000 | R--D | C] -- C:\Users\Rich\Videos
    [2010/10/16 22:43:14 | 000,000,000 | R--D | C] -- C:\Users\Rich\Saved Games
    [2010/10/16 22:43:14 | 000,000,000 | R--D | C] -- C:\Users\Rich\Pictures
    [2010/10/16 22:43:14 | 000,000,000 | R--D | C] -- C:\Users\Rich\Music
    [2010/10/16 22:43:14 | 000,000,000 | R--D | C] -- C:\Users\Rich\Links
    [2010/10/16 22:43:14 | 000,000,000 | R--D | C] -- C:\Users\Rich\Favorites
    [2010/10/16 22:43:14 | 000,000,000 | R--D | C] -- C:\Users\Rich\Downloads
    [2010/10/16 22:43:14 | 000,000,000 | R--D | C] -- C:\Users\Rich\Documents
    [2010/10/16 22:43:14 | 000,000,000 | R--D | C] -- C:\Users\Rich\Desktop
    [2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\AppData\Local\Temporary Internet Files
    [2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Templates
    [2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Start Menu
    [2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\SendTo
    [2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Recent
    [2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\PrintHood
    [2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\NetHood
    [2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Documents\My Videos
    [2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Documents\My Pictures
    [2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Documents\My Music
    [2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\My Documents
    [2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Local Settings
    [2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\AppData\Local\History
    [2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Cookies
    [2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Application Data
    [2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\AppData\Local\Application Data
    [2010/10/16 22:43:14 | 000,000,000 | -H-D | C] -- C:\Users\Rich\AppData
    [2010/10/16 22:43:14 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Temp
    [2010/10/16 22:43:14 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Microsoft
    [2010/10/16 22:43:14 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Media Center Programs
    [2010/10/16 22:39:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
    [2010/10/16 22:39:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
    [2010/10/16 22:39:36 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
    [2010/10/16 22:39:36 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
    [2010/10/16 22:39:36 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
    [2010/10/16 22:39:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
    [2010/10/16 22:39:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
    [2010/10/16 22:39:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
    [2010/10/16 22:39:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
    [2010/10/16 22:08:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
    [2010/10/16 22:08:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    [2010/10/16 22:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
    [2010/10/16 22:03:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
    [2010/10/16 22:02:53 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\uTorrent
    [2010/10/16 22:01:28 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\DivX
    [2010/10/16 22:01:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
    [2010/10/16 22:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
    [2010/10/16 21:58:19 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2010/10/16 21:58:19 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/10/16 21:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
    [2010/10/16 21:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2010/10/16 21:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/10/16 21:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX

    ========== Files - Modified Within 30 Days ==========
     
  16. rjmontalvo

    rjmontalvo TS Rookie Topic Starter Posts: 19

    Extras.txt:


    OTL Extras logfile created on: 11/11/2010 6:47:16 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Rich\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
    8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 189.67 Gb Total Space | 63.89 Gb Free Space | 33.69% Space Free | Partition Type: NTFS
    Drive F: | 95.42 Gb Total Space | 75.01 Gb Free Space | 78.61% Space Free | Partition Type: NTFS

    Computer Name: LAPPY | User Name: Rich | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE ()
    .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE ()
    .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE ()

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- C:\Users\Rich\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
    InternetShortcut [print] -- rundll32.exe C:\Windows\SysWOW64\mshtml.dll,PrintHTML "%1" ()
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" ()
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" ()
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0ACF8820-AF4F-476F-92A5-157C5DF63175}" = lport=139 | protocol=6 | dir=in | app=system |
    "{0C62328E-FD96-40C0-AD1D-089252BB6893}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{0F660956-9983-4042-9909-C4079F9298B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{10ABDF92-FF57-421F-A1A0-A5F111C7C2CC}" = rport=10244 | protocol=6 | dir=out | app=system |
    "{1716921E-777C-4672-94F7-BF8D7499527D}" = lport=137 | protocol=17 | dir=in | app=system |
    "{1F686ADF-BF38-424E-953A-940268F858D1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{299B16F0-FD3F-4A90-98ED-47BD75252045}" = rport=139 | protocol=6 | dir=out | app=system |
    "{2D04C7FE-5B9F-4FBF-B69D-B48422E1D461}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3039ABEF-7DF0-4C10-BA97-5EC586C0B37C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3342C912-2999-471B-94A5-1B5A546AC5CE}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{35E2EE2E-FB2C-4D81-A777-F9D388195324}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{35FA5CA9-4AAC-4369-BCFB-71F7AE6574E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{380E02C6-FCAA-48A6-91EF-B615C931B22B}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{3F8317D7-6DEC-479D-9CB6-4955EE660E1F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{578A78EF-21D1-4773-B432-D4014AE43D97}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5A205909-00AA-4850-B847-21F2DA8AEBEA}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |
    "{5B328C01-948D-42D5-A580-DEE80057FED4}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{5ECA3FE0-CB51-406B-B6B4-14BFAF90C8BB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{663B95E5-9D38-4BDA-9811-8AAD2A1224DD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{672DC7A3-DA7E-4031-BFBA-1C90E97E0A89}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{67C90BC9-D27A-4EB1-9F11-18D8151D63CE}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{6B3AD33C-C8B8-48E6-B4BC-BD04086D01E4}" = rport=138 | protocol=17 | dir=out | app=system |
    "{7184FCCB-F9F8-4DEB-B5C8-295B06A7A12F}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{780E7CBA-3601-4498-A644-C496334C724B}" = lport=138 | protocol=17 | dir=in | app=system |
    "{81DE3A6B-AD6A-4945-8970-403D01112816}" = rport=445 | protocol=6 | dir=out | app=system |
    "{84BED730-B0DA-4C20-BBAF-98B5C9260EA3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{88DEC4FD-2214-4CE5-81B0-994093C49C04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{8DFB53B7-D2F0-4DF6-BC0A-8B1A6E2B6136}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8E9D298A-37E9-4A8B-BAFF-A4A6A5B33635}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |
    "{8FD1DA27-C1F5-4D98-861A-450B4503478B}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{96069BD6-1A01-4BF1-8233-167D8C0F4C63}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{A33D7CC6-3B54-4883-9763-4FC3B17D5866}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{A5CEDB33-206F-4A4A-A944-D84F68063FE2}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{ACB78BCE-E84C-479F-AC3A-F079E09A520C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B7B66F05-9538-4642-9085-522DF3D66745}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |
    "{C16620F6-B172-47B4-88D6-DDBC85AD467B}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |
    "{C7A04B63-F2DE-4825-A53D-F7443FEBFEC0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CC3766D6-2FEA-4ACA-AB13-6DF175A9F5B7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D41132F9-BCCE-4340-B104-49EEBBB92C28}" = lport=445 | protocol=6 | dir=in | app=system |
    "{D622E90F-0933-465B-BC28-9C72139F0F15}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D8367F76-F1AF-4D3B-BBF2-EE6181F9E833}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EE586195-71BE-4744-A0D6-B0B121431EE2}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{F0E0E5D4-9A0D-44C0-9813-B7274C76D0A4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{F4346086-5479-4A6E-8F14-7D08F0044573}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F79EF5E0-07A5-45D6-8ABD-873393EAAF63}" = rport=10244 | protocol=6 | dir=out | app=system |
    "{F8214975-6638-4B6C-98DD-F6825A8E4191}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{FD61B718-0B52-4192-B30C-B77C0F12042D}" = rport=137 | protocol=17 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00DC0B52-5A56-4EEE-9670-B1810E7AB0EF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{05548E06-FFAF-45B7-BF01-46A1A4969BDE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{09F109BA-EBB5-4B00-8A4C-2A73254AF33C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{150408AC-6193-4A9D-97A6-22BE2BF71140}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{15F64D16-FE86-41CB-8C83-CD55310A2F67}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{16072775-CDD1-417D-9FB3-72B316174FBF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{177E8C87-5003-4A50-8E44-8DE4F39BDC3A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{178D5A19-D3D8-433E-A45D-7E323B42120F}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
    "{29EDFB8B-36C5-4A95-8987-D1DD6F0B5CB1}" = protocol=6 | dir=out | app=system |
    "{2BCC85A8-107F-4195-B914-0153BACEB590}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
    "{2CFCB24E-CD6C-4AD4-BF69-9B1535DDD9FB}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
    "{2D4C5015-7F4C-4FBB-9561-9650751C1804}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{32313330-4147-46FB-8FC7-41BBEA4FBDEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{3EDAA361-981F-427F-A8C4-4CC6160414C3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{42530451-6FAF-4F94-8468-B3DE22F1D0E3}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
    "{42C303BE-A595-422E-86E7-B7FD5DCE959A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{42EB8B50-A952-4079-8480-4491AA4F1B97}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{46687D51-3326-41BD-B4D9-D6513FFE707F}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
    "{4D320262-6550-4456-BC11-FF3FB57B654F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
    "{524F73B5-C2EC-44EF-9A1D-ADC6CC823964}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\peggle deluxe\peggle.exe |
    "{53A45FE4-FE9E-4556-8AD1-AB0CEF3A892A}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{62E04200-BE0A-4B7F-BAF8-00B9EDF2D7E3}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{64C80C53-3E27-4E3F-98DE-F4426B3146AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{69966BFE-013C-4333-948C-73965CA726ED}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{6E1C63DB-0F20-4308-823A-7B6037B3FD2C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{72C7BA79-B483-4C72-8266-55B428EC2A4C}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{78D7609C-D0D1-42FA-B555-CA1ED77B0663}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe |
    "{80EDABC2-068E-4B1E-83B5-AB6498905AB3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{83117609-0C01-40B7-8511-07E31A5DB822}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{8E6A1ABC-4CD4-456B-8AF0-2C43211D1D71}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{90B5F76D-F15C-4AB9-8C92-EC0AF7380BBA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{95D92EE3-CDA5-4E6A-8AA2-16C057F7F642}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{9AEFF480-C3AC-4E1C-91BA-F3043D7FF6A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9B402E82-BEA6-40A4-AE52-4484B3102664}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
    "{A090019D-DB4C-44A5-A5C9-0C098FF9CD80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A16FC2B5-9E97-4096-9459-3BFA0E08856B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{A2C67DE6-F8C7-4BFE-8875-67FEBF870EEE}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{A508627D-C152-40E2-A5B2-BE94EAD4941D}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
    "{ADE62309-0D00-49E9-AD74-C765F8BA3E73}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{AE3B2A38-29EF-4F18-92EE-5B1863F1535E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B6B911C1-499A-42F4-AE36-6E63B6811193}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{BB02B24F-2C9E-4109-8FA8-5C284433BEF7}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
    "{BD52FDFA-4355-4048-8DDE-4A6D5DB1444E}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
    "{C1E7B4DC-6DAA-4197-86AD-2402F7B77FC3}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{C5ABA733-6162-4D23-BCFE-93E1C13743E6}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{D4306AC8-3962-4E36-9836-04E4200CE382}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{D45AD202-2554-4AB7-A82E-CA2F651CB163}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D4B06294-732B-4131-BDB0-930092974D77}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{DC9E6640-A5BF-4ACA-8BA6-6316F1FDE6C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\peggle deluxe\peggle.exe |
    "{DEC3D8C3-8AB4-4F78-AD5F-B72F2F47E17D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DF2630BF-6ACD-4576-916E-B800EE18C53B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{E088300B-D131-44BD-864B-1E1D1D690948}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
    "{E82C1A43-2FF4-4D51-9C98-D0B50AA4999F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{EC1C1E65-8F24-46FD-AB84-B3CCDB4FAC5A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EC2AF791-150C-4FBC-9986-0FF819996F39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F14DC130-4983-47A3-AAF6-267162B54B33}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{F251DF85-DAA8-4330-AF04-E7466D904A4B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{FCE85782-4A57-46EA-AF3D-B66C9E6921DC}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "TCP Query User{5660A6A4-6AC2-46DC-8CA8-22C7560EBFC7}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
    "UDP Query User{98A669FD-74C0-42C0-AC6A-2A1A6B070293}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
    "{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{A7BA97DD-1072-D308-572D-07FE97251A5F}" = ATI Catalyst Install Manager
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D7F364C7-D626-85EE-D162-2D4F98B6435C}" = ccc-utility64
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
    "{0FBF1ACF-D04A-D6E7-D8BC-0FA4B2240ADD}" = Catalyst Control Center Localization Chinese Standard
    "{12D64CE1-EC3C-5F31-10C1-59E1C75118D0}" = Skins
    "{1C26E2F5-1BD2-A98C-B884-371A14CADA68}" = Catalyst Control Center Core Implementation
    "{1C357AB8-42FB-8C16-D85C-182113227C3B}" = CCC Help Japanese
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{240FE07E-2A08-DADA-F347-F285E89728FC}" = CCC Help French
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3F7948F2-1DD2-1F76-756C-892D2BB6EC60}" = Catalyst Control Center Localization Italian
    "{40196CDF-14BB-3513-0992-2CC5FF1A10C9}" = Catalyst Control Center Graphics Full Existing
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{480065EF-6F1D-D076-5B7B-0583B7368F0D}" = Catalyst Control Center Localization German
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
    "{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
    "{62D62257-AFE9-1B5A-1E2E-B2D3C362F2BF}" = CCC Help Spanish
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{6C4BA523-0741-A046-6FB5-3E2AD1B04D63}" = CCC Help German
    "{6E0C614F-C661-5927-7A2A-C8C1460AF978}" = Catalyst Control Center Graphics Previews Common
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7F15E73A-DB15-A9CA-CDCD-C8779F43D4A9}" = Catalyst Control Center Graphics Light
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95EA8E8F-E947-9811-31F0-923F0BAB543B}" = Catalyst Control Center Localization Portuguese
    "{97ABE6F8-CB59-EA31-DA82-F2E67C84E9DD}" = CCC Help English
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{AE7ACE9F-C729-8CB0-F117-BAC5462C67AF}" = ccc-core-static
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C5C8ABD5-7AA8-181F-18AC-B7551D65325E}" = Catalyst Control Center Localization French
    "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
    "{CBAAFFD7-1BC7-EBBD-9ACC-F615E2CB3A9D}" = CCC Help Portuguese
    "{D2998E9F-DDCB-71F0-887B-BD4D6709EB1B}" = Catalyst Control Center Graphics Full New
    "{DABDC72A-7C98-502A-1649-7B81AE79085C}" = CCC Help Chinese Standard
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{DF7CFCDF-08ED-4BFA-8980-9F8F3A9596B3}" = All-in-One Submission 8.88
    "{DFA89221-6DFA-9DA7-0F83-ECF5121F6877}" = Catalyst Control Center Localization Japanese
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E671920A-7534-D05E-F33C-3D566EAA1F93}" = Catalyst Control Center Localization Spanish
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E79E2417-00F8-9EDE-60C7-D6887F42BD85}" = Catalyst Control Center Graphics Previews Vista
    "{FFC2B2AE-5695-ABA9-D0BF-185573515CFF}" = CCC Help Italian
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "avast5" = avast! Free Antivirus
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Dungeon Keeper II" = Dungeon Keeper 2
    "Google Desktop" = Google Desktop
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "Steam App 3480" = Peggle Deluxe
    "Steam App 3590" = Plants vs. Zombies: Game of the Year
    "Steam App 440" = Team Fortress 2
    "The KMPlayer" = The KMPlayer (remove only)
    "uTorrent" = µTorrent
    "World of Warcraft" = World of Warcraft

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/6/2010 8:40:59 PM | Computer Name = Lappy | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/6/2010 8:40:59 PM | Computer Name = Lappy | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/6/2010 8:40:59 PM | Computer Name = Lappy | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/6/2010 8:40:59 PM | Computer Name = Lappy | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/6/2010 8:41:18 PM | Computer Name = Lappy | Source = Application Error | ID = 1000
    Description = Faulting application soffice.bin, version 3.2.9498.500, time stamp
    0x4bf4c207, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a783,
    exception code 0xc000012f, fault offset 0x0006ecfb, process id 0x880, application
    start time 0x01cb7e146e660965.

    Error - 11/6/2010 8:43:35 PM | Computer Name = Lappy | Source = Microsoft-Windows-CertificateServicesClient | ID = 1001
    Description =

    Error - 11/6/2010 8:43:35 PM | Computer Name = Lappy | Source = Microsoft-Windows-CertificateServicesClient | ID = 1003
    Description =

    Error - 11/6/2010 8:43:42 PM | Computer Name = Lappy | Source = Microsoft-Windows-CertificateServicesClient | ID = 1001
    Description =

    Error - 11/6/2010 8:43:42 PM | Computer Name = Lappy | Source = Microsoft-Windows-CertificateServicesClient | ID = 1003
    Description =

    Error - 11/6/2010 8:49:19 PM | Computer Name = Lappy | Source = EventSystem | ID = 4621
    Description =

    [ Media Center Events ]
    Error - 11/5/2010 10:30:29 AM | Computer Name = Lappy | Source = Mcx2Prov | ID = 507
    Description =

    Error - 11/5/2010 10:30:29 AM | Computer Name = Lappy | Source = Mcx2Dvcs | ID = 405
    Description =

    [ System Events ]
    Error - 10/19/2010 11:13:24 PM | Computer Name = Lappy | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description =

    Error - 10/19/2010 11:13:24 PM | Computer Name = Lappy | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description =

    Error - 10/19/2010 11:13:24 PM | Computer Name = Lappy | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description =

    Error - 10/19/2010 11:13:24 PM | Computer Name = Lappy | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description =

    Error - 10/19/2010 11:13:24 PM | Computer Name = Lappy | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description =

    Error - 10/19/2010 11:13:24 PM | Computer Name = Lappy | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description =

    Error - 10/19/2010 11:13:43 PM | Computer Name = Lappy | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description =

    Error - 10/19/2010 11:20:37 PM | Computer Name = Lappy | Source = HTTP | ID = 15016
    Description =

    Error - 10/19/2010 11:21:11 PM | Computer Name = Lappy | Source = Service Control Manager | ID = 7000
    Description =

    Error - 10/19/2010 11:27:51 PM | Computer Name = Lappy | Source = cdrom | ID = 262151
    Description = The device, \Device\CdRom2, has a bad block.


    < End of report >
     
  17. rjmontalvo

    rjmontalvo TS Rookie Topic Starter Posts: 19

    For some reason second section to OTL.txt did not post:


    [2010/11/11 18:51:04 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595617421-2560146394-377733985-1000UA.job
    [2010/11/11 18:45:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe
    [2010/11/11 18:24:37 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/11/11 18:24:37 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/11/11 18:24:37 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/11/11 18:18:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
    [2010/11/11 18:18:53 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/11 18:18:53 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/11 18:18:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/11 18:18:40 | 4293,320,704 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/10 20:56:05 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/11/10 20:32:03 | 002,565,432 | ---- | M] () -- C:\Users\Rich\Desktop\NTBR_CD.exe
    [2010/11/10 18:15:21 | 000,089,088 | ---- | M] () -- C:\mbr.exe
    [2010/11/10 00:51:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595617421-2560146394-377733985-1000Core.job
    [2010/11/09 23:37:43 | 000,061,034 | ---- | M] () -- C:\Users\Rich\Documents\cc_20101109_233731.reg
    [2010/11/08 22:15:29 | 000,000,836 | ---- | M] () -- C:\Users\Rich\Desktop\KMPlayer.lnk
    [2010/11/07 20:39:34 | 002,255,006 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2010/11/07 18:01:52 | 000,424,717 | ---- | M] () -- C:\Users\Rich\Documents\firefox bookmarks.html
    [2010/11/07 18:01:00 | 000,396,292 | ---- | M] () -- C:\Users\Rich\Documents\chrome bookmarks.html
    [2010/11/07 11:02:05 | 000,029,216 | ---- | M] () -- C:\Users\Rich\AppData\Roaming\UserTile.png
    [2010/11/06 18:16:02 | 000,081,920 | ---- | M] () -- C:\Users\Rich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/06 15:38:39 | 000,000,000 | ---- | M] () -- C:\Windows\iPlayer.INI
    [2010/11/06 14:58:43 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/10/29 21:31:18 | 016,639,523 | ---- | M] () -- C:\Users\Rich\B.o.B feat. Hayley Williams and Eminem- Airplanes.mp3
    [2010/10/29 16:54:52 | 000,172,227 | ---- | M] () -- C:\Users\Rich\Documents\wsdirect 10.29.csv
    [2010/10/29 16:26:14 | 000,162,836 | ---- | M] () -- C:\Users\Rich\Documents\wsblog submiossion 10.29.csv
    [2010/10/29 15:20:33 | 000,153,964 | ---- | M] () -- C:\Users\Rich\Documents\blog submission report 10.29.csv
    [2010/10/29 13:41:43 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\All-in-One Submission 8.88 Scheduler.lnk
    [2010/10/29 13:41:43 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\All-in-One Submission 8.88.lnk
    [2010/10/27 17:28:17 | 000,001,944 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\All-in-One Submission 9.088.8.lnk
    [2010/10/25 18:33:58 | 000,000,629 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Play League of Legends.lnk
    [2010/10/24 17:23:35 | 000,019,442 | ---- | M] () -- C:\Users\Rich\Documents\anniversary 2010.odt
    [2010/10/24 16:54:26 | 000,032,630 | ---- | M] () -- C:\Users\Rich\Documents\The Mechanic.odt
    [2010/10/24 12:38:29 | 000,001,032 | ---- | M] () -- C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
    [2010/10/21 18:26:11 | 000,001,699 | ---- | M] () -- C:\Users\Rich\Desktop\Notepad.lnk
    [2010/10/21 17:06:57 | 000,001,614 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
    [2010/10/21 07:22:58 | 000,319,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/10/19 22:12:49 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
    [2010/10/18 21:03:22 | 000,001,804 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2010/10/18 21:03:09 | 000,000,905 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\World of Warcraft.lnk
    [2010/10/18 20:44:49 | 000,001,027 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\OpenOffice.org 3.2.lnk
    [2010/10/18 16:54:12 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
    [2010/10/18 16:53:01 | 000,001,804 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/10/17 06:37:23 | 000,000,970 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/10/17 01:37:38 | 000,047,092 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2010/10/17 01:34:05 | 000,000,741 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    [2010/10/17 01:31:19 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
    [2010/10/16 23:49:46 | 000,002,001 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/10/16 23:24:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    [2010/10/16 22:52:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\Gateway_M-6888u_N-A_N1C9641000346.MRK
    [2010/10/16 22:03:35 | 000,000,808 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2010/10/16 21:58:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

    ========== Files Created - No Company Name ==========

    [2010/11/11 18:18:40 | 4293,320,704 | -HS- | C] () -- C:\hiberfil.sys
    [2010/11/10 20:56:05 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/11/10 20:32:05 | 002,565,432 | ---- | C] () -- C:\Users\Rich\Desktop\NTBR_CD.exe
    [2010/11/10 18:15:43 | 000,089,088 | ---- | C] () -- C:\mbr.exe
    [2010/11/09 23:37:34 | 000,061,034 | ---- | C] () -- C:\Users\Rich\Documents\cc_20101109_233731.reg
    [2010/11/09 21:32:45 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/11/08 22:15:29 | 000,000,836 | ---- | C] () -- C:\Users\Rich\Desktop\KMPlayer.lnk
    [2010/11/07 21:11:41 | 000,270,720 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
    [2010/11/07 20:39:16 | 002,255,006 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2010/11/07 20:38:44 | 000,557,938 | ---- | C] () -- C:\Users\Rich\AppData\Local\dd_vcredistMSI4A08.txt
    [2010/11/07 20:38:44 | 000,022,422 | ---- | C] () -- C:\Users\Rich\AppData\Local\dd_vcredistUI4A08.txt
    [2010/11/07 20:38:44 | 000,010,566 | ---- | C] () -- C:\Users\Rich\AppData\Local\dd_vcredistUI4A09.txt
    [2010/11/07 18:01:49 | 000,424,717 | ---- | C] () -- C:\Users\Rich\Documents\firefox bookmarks.html
    [2010/11/07 18:01:00 | 000,396,292 | ---- | C] () -- C:\Users\Rich\Documents\chrome bookmarks.html
    [2010/11/07 11:02:05 | 000,029,216 | ---- | C] () -- C:\Users\Rich\AppData\Roaming\UserTile.png
    [2010/11/06 15:38:39 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
    [2010/11/06 14:58:43 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/10/29 21:30:43 | 016,639,523 | ---- | C] () -- C:\Users\Rich\B.o.B feat. Hayley Williams and Eminem- Airplanes.mp3
    [2010/10/29 16:54:52 | 000,172,227 | ---- | C] () -- C:\Users\Rich\Documents\wsdirect 10.29.csv
    [2010/10/29 16:26:14 | 000,162,836 | ---- | C] () -- C:\Users\Rich\Documents\wsblog submiossion 10.29.csv
    [2010/10/29 15:20:33 | 000,153,964 | ---- | C] () -- C:\Users\Rich\Documents\blog submission report 10.29.csv
    [2010/10/29 13:41:43 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\All-in-One Submission 8.88 Scheduler.lnk
    [2010/10/29 13:41:43 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\All-in-One Submission 8.88.lnk
    [2010/10/29 13:41:40 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\dbrename7.exe
    [2010/10/29 13:41:40 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\Recyfull7.ico
    [2010/10/27 17:28:17 | 000,001,944 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\All-in-One Submission 9.088.8.lnk
    [2010/10/26 16:58:58 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
    [2010/10/26 16:58:55 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
    [2010/10/25 18:33:58 | 000,000,629 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Play League of Legends.lnk
    [2010/10/24 17:23:33 | 000,019,442 | ---- | C] () -- C:\Users\Rich\Documents\anniversary 2010.odt
    [2010/10/24 12:40:43 | 000,032,630 | ---- | C] () -- C:\Users\Rich\Documents\The Mechanic.odt
    [2010/10/24 12:38:29 | 000,001,032 | ---- | C] () -- C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
    [2010/10/23 02:01:50 | 000,049,160 | ---- | C] () -- C:\Windows\SysNative\infocardcpl.cpl
    [2010/10/23 02:01:38 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\icardres.dll
    [2010/10/23 02:01:34 | 001,168,928 | ---- | C] () -- C:\Windows\SysNative\PresentationNative_v0300.dll
    [2010/10/23 02:01:34 | 000,167,432 | ---- | C] () -- C:\Windows\SysNative\infocardapi.dll
    [2010/10/23 02:01:33 | 001,383,936 | ---- | C] () -- C:\Windows\SysNative\icardagt.exe
    [2010/10/23 02:01:13 | 000,126,520 | ---- | C] () -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
    [2010/10/22 16:43:18 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
    [2010/10/22 16:43:18 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
    [2010/10/22 16:43:17 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
    [2010/10/22 16:43:17 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
    [2010/10/22 16:43:17 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
    [2010/10/21 18:26:11 | 000,001,699 | ---- | C] () -- C:\Users\Rich\Desktop\Notepad.lnk
    [2010/10/21 17:06:57 | 000,001,614 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
    [2010/10/21 16:59:05 | 000,442,368 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll
    [2010/10/21 16:58:40 | 000,461,824 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
    [2010/10/21 16:58:40 | 000,179,712 | ---- | C] () -- C:\Windows\SysNative\srvsvc.dll
    [2010/10/21 16:58:40 | 000,175,104 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
    [2010/10/21 16:58:40 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
    [2010/10/21 16:58:39 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
    [2010/10/21 16:58:39 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\sscore.dll
    [2010/10/21 16:58:33 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
    [2010/10/21 07:03:19 | 000,316,416 | ---- | C] () -- C:\Windows\SysNative\msshsq.dll
    [2010/10/19 22:12:49 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
    [2010/10/19 22:08:11 | 000,158,208 | ---- | C] () -- C:\Windows\SysNative\mscorier.dll
    [2010/10/19 22:07:59 | 000,076,288 | ---- | C] () -- C:\Windows\SysNative\mscories.dll
    [2010/10/19 22:04:00 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll
    [2010/10/19 22:03:56 | 000,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys
    [2010/10/19 22:03:56 | 000,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll
    [2010/10/19 21:58:44 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
    [2010/10/19 21:58:44 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
    [2010/10/19 21:58:40 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
    [2010/10/19 21:58:39 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
    [2010/10/19 21:58:39 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
    [2010/10/19 17:31:22 | 000,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
    [2010/10/19 17:30:37 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
    [2010/10/19 17:30:33 | 001,923,584 | ---- | C] () -- C:\Windows\SysNative\ole32.dll
    [2010/10/19 17:30:26 | 000,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
    [2010/10/19 17:30:26 | 000,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
    [2010/10/19 17:30:26 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\iyuv_32.dll
    [2010/10/19 17:30:26 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\msvidc32.dll
    [2010/10/19 17:30:26 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\msyuv.dll
    [2010/10/19 17:30:26 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\msrle32.dll
    [2010/10/19 17:30:26 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\tsbyuv.dll
    [2010/10/19 17:30:25 | 000,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
    [2010/10/19 17:30:24 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\msvfw32.dll
    [2010/10/19 17:29:49 | 000,791,552 | ---- | C] () -- C:\Windows\SysNative\localspl.dll
    [2010/10/19 17:29:34 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
    [2010/10/19 17:29:33 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
    [2010/10/19 17:29:33 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
    [2010/10/19 17:29:29 | 001,280,512 | ---- | C] () -- C:\Windows\SysNative\rpcrt4.dll
    [2010/10/19 17:29:17 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
    [2010/10/19 17:28:48 | 000,656,384 | ---- | C] () -- C:\Windows\SysNative\kerberos.dll
    [2010/10/19 17:28:40 | 000,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll
    [2010/10/19 17:28:36 | 000,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
    [2010/10/19 17:28:29 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
    [2010/10/19 17:28:25 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
    [2010/10/19 17:28:17 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
    [2010/10/19 17:28:16 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
    [2010/10/19 17:28:16 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
    [2010/10/19 17:28:11 | 000,189,952 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
    [2010/10/19 17:28:08 | 000,633,856 | ---- | C] () -- C:\Windows\SysNative\comctl32.dll
    [2010/10/19 17:28:04 | 000,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll
    [2010/10/19 17:28:04 | 000,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll
    [2010/10/19 17:27:58 | 001,208,832 | ---- | C] () -- C:\Windows\SysNative\kernel32.dll
    [2010/10/19 17:27:55 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\amxread.dll
    [2010/10/19 17:27:55 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\apilogen.dll
    [2010/10/19 17:27:53 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
    [2010/10/19 17:27:49 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
    [2010/10/19 17:27:47 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
    [2010/10/19 17:27:43 | 002,751,488 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
    [2010/10/19 17:27:28 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
    [2010/10/19 17:27:26 | 000,324,608 | ---- | C] () -- C:\Windows\SysNative\PortableDeviceApi.dll
    [2010/10/19 17:27:23 | 002,423,296 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
    [2010/10/19 17:27:18 | 000,880,640 | ---- | C] () -- C:\Windows\SysNative\timedate.cpl
    [2010/10/19 17:27:02 | 013,425,152 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
    [2010/10/19 17:26:59 | 010,624,512 | ---- | C] () -- C:\Windows\SysWow64\wmp.dll
    [2010/10/19 17:26:55 | 008,147,456 | ---- | C] () -- C:\Windows\SysWow64\wmploc.DLL
    [2010/10/19 17:26:54 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
    [2010/10/19 17:26:31 | 001,030,656 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelinesvc.exe
    [2010/10/19 17:26:28 | 000,718,336 | ---- | C] () -- C:\Windows\SysNative\rpcss.dll
    [2010/10/19 17:26:26 | 000,231,424 | ---- | C] () -- C:\Windows\SysNative\sdohlp.dll
    [2010/10/19 17:26:26 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\iasrecst.dll
    [2010/10/19 17:26:26 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\iasads.dll
    [2010/10/19 17:26:26 | 000,061,440 | ---- | C] () -- C:\Windows\SysNative\iasdatastore.dll
    [2010/10/19 17:26:26 | 000,036,352 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelineprxy.dll
    [2010/10/19 17:26:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysNative\iashost.exe
    [2010/10/19 17:25:28 | 000,594,944 | ---- | C] () -- C:\Windows\SysNative\RMActivate_isv.exe
    [2010/10/19 17:25:28 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\RMActivate.exe
    [2010/10/19 17:25:24 | 000,413,696 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
    [2010/10/19 17:25:23 | 000,535,040 | ---- | C] () -- C:\Windows\SysNative\secproc.dll
    [2010/10/19 17:25:23 | 000,534,016 | ---- | C] () -- C:\Windows\SysNative\secproc_isv.dll
    [2010/10/19 17:25:23 | 000,409,600 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp.exe
    [2010/10/19 17:25:21 | 000,457,216 | ---- | C] () -- C:\Windows\SysNative\msdrm.dll
    [2010/10/19 17:25:21 | 000,159,232 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp_isv.dll
    [2010/10/19 17:25:21 | 000,158,720 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp.dll
    [2010/10/19 17:25:18 | 000,753,152 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
    [2010/10/19 17:25:09 | 002,452,872 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dat
    [2010/10/19 17:25:06 | 005,692,928 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
    [2010/10/19 17:25:04 | 007,015,424 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
    [2010/10/19 17:25:03 | 003,587,584 | ---- | C] () -- C:\Windows\SysWow64\mshtml.dll
    [2010/10/19 17:25:02 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
    [2010/10/19 17:25:02 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
    [2010/10/19 17:25:01 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
    [2010/10/19 17:24:59 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
    [2010/10/19 17:24:59 | 000,590,848 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
    [2010/10/19 17:24:59 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
    [2010/10/19 17:24:58 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
    [2010/10/19 17:24:57 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
    [2010/10/19 17:24:57 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
    [2010/10/19 17:24:57 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
    [2010/10/19 17:24:56 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
    [2010/10/19 17:24:56 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
    [2010/10/19 17:24:56 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
    [2010/10/19 17:24:55 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
    [2010/10/19 17:24:55 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
    [2010/10/19 17:24:55 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
    [2010/10/19 17:24:40 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
    [2010/10/19 17:24:35 | 002,900,480 | ---- | C] () -- C:\Windows\SysNative\WMVCORE.DLL
    [2010/10/19 17:24:32 | 003,547,136 | ---- | C] () -- C:\Windows\SysNative\mf.dll
    [2010/10/19 17:24:24 | 001,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll
    [2010/10/19 17:24:24 | 000,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
    [2010/10/19 17:24:24 | 000,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll
    [2010/10/19 17:24:23 | 000,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys
    [2010/10/19 17:24:23 | 000,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll
    [2010/10/19 17:24:23 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe
    [2010/10/19 17:24:20 | 000,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll
    [2010/10/19 17:23:53 | 000,141,312 | ---- | C] () -- C:\Windows\SysNative\netiohlp.dll
    [2010/10/19 17:23:52 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\NETSTAT.EXE
    [2010/10/19 17:23:52 | 000,023,040 | ---- | C] () -- C:\Windows\SysNative\ARP.EXE
    [2010/10/19 17:23:52 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\MRINFO.EXE
    [2010/10/19 17:23:51 | 000,021,504 | ---- | C] () -- C:\Windows\SysNative\ROUTE.EXE
    [2010/10/19 17:23:51 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\finger.exe
    [2010/10/19 17:23:51 | 000,010,752 | ---- | C] () -- C:\Windows\SysNative\TCPSVCS.EXE
    [2010/10/19 17:23:51 | 000,010,240 | ---- | C] () -- C:\Windows\SysNative\HOSTNAME.EXE
    [2010/10/19 17:23:15 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
    [2010/10/19 17:23:12 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
    [2010/10/19 17:23:11 | 000,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
    [2010/10/19 17:23:08 | 000,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll
    [2010/10/19 17:23:05 | 000,730,112 | ---- | C] () -- C:\Windows\SysNative\msdtcprx.dll
    [2010/10/19 17:23:05 | 000,048,640 | ---- | C] () -- C:\Windows\SysNative\xolehlp.dll
    [2010/10/19 17:23:03 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm
    [2010/10/19 17:23:01 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
    [2010/10/19 17:22:39 | 000,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll
    [2010/10/19 17:22:37 | 000,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll
    [2010/10/19 17:22:37 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx
    [2010/10/19 17:22:37 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll
    [2010/10/19 17:22:34 | 000,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb
    [2010/10/19 17:22:34 | 000,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb
    [2010/10/19 17:22:29 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
    [2010/10/19 17:22:27 | 001,090,048 | ---- | C] () -- C:\Windows\SysNative\wmpmde.dll
    [2010/10/19 17:22:24 | 002,608,803 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
    [2010/10/19 17:22:23 | 000,353,280 | ---- | C] () -- C:\Windows\SysNative\wlanmsm.dll
    [2010/10/19 17:22:22 | 000,615,936 | ---- | C] () -- C:\Windows\SysNative\wlansvc.dll
    [2010/10/19 17:22:22 | 000,376,832 | ---- | C] () -- C:\Windows\SysNative\wlansec.dll
    [2010/10/19 17:22:22 | 000,157,184 | ---- | C] () -- C:\Windows\SysNative\L2SecHC.dll
    [2010/10/19 17:22:22 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\wlanhlp.dll
    [2010/10/19 17:22:22 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\wlanapi.dll
    [2010/10/18 21:03:22 | 000,001,804 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2010/10/18 21:03:09 | 000,000,905 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\World of Warcraft.lnk
    [2010/10/18 20:44:49 | 000,001,027 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\OpenOffice.org 3.2.lnk
    [2010/10/18 16:54:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/10/18 16:53:01 | 000,001,804 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/10/18 16:41:23 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll
    [2010/10/18 16:41:22 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll
    [2010/10/18 16:33:28 | 002,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
    [2010/10/18 16:33:28 | 000,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
    [2010/10/18 16:33:28 | 000,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
    [2010/10/18 16:33:27 | 002,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
    [2010/10/18 16:33:15 | 000,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
    [2010/10/18 16:33:15 | 000,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
    [2010/10/18 16:33:15 | 000,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
    [2010/10/18 16:33:04 | 000,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
    [2010/10/18 16:33:04 | 000,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
    [2010/10/17 19:41:30 | 000,428,078 | ---- | C] () -- C:\Users\Rich\AppData\Local\dd_vcredistMSI356F.txt
    [2010/10/17 19:41:30 | 000,012,138 | ---- | C] () -- C:\Users\Rich\AppData\Local\dd_vcredistUI356F.txt
    [2010/10/17 18:56:44 | 003,851,784 | ---- | C] () -- C:\Windows\SysWow64\D3DX9_39.dll
    [2010/10/17 08:09:25 | 000,126,312 | ---- | C] () -- C:\Windows\SysNative\GEARAspi64.dll
    [2010/10/17 08:09:25 | 000,034,152 | ---- | C] () -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
    [2010/10/17 06:37:23 | 000,000,970 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/10/17 06:25:44 | 000,607,232 | ---- | C] () -- C:\Users\Rich\Documents\Person Motion Test 1.avi
    [2010/10/17 06:25:43 | 002,394,112 | ---- | C] () -- C:\Users\Rich\Documents\Human Test 2.avi
    [2010/10/17 06:25:43 | 002,393,808 | ---- | C] () -- C:\Users\Rich\Documents\Stop Motion 6.avi
    [2010/10/17 06:25:43 | 002,311,916 | ---- | C] () -- C:\Users\Rich\Documents\Stop Motion 3.avi
    [2010/10/17 06:25:43 | 001,458,968 | ---- | C] () -- C:\Users\Rich\Documents\Stop Motion 4.avi
    [2010/10/17 06:25:43 | 001,320,264 | ---- | C] () -- C:\Users\Rich\Documents\Stop Motion 2.avi
    [2010/10/17 06:25:43 | 001,190,614 | ---- | C] () -- C:\Users\Rich\Documents\Stop Motion 1.avi
    [2010/10/17 06:25:43 | 000,607,172 | ---- | C] () -- C:\Users\Rich\Documents\Stop Motion 5.avi
    [2010/10/17 06:25:30 | 000,386,560 | ---- | C] () -- C:\Users\Rich\Documents\Motion 23.avi
    [2010/10/17 06:25:23 | 000,081,920 | ---- | C] () -- C:\Users\Rich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/17 01:35:11 | 001,603,584 | ---- | C] () -- C:\Windows\SysNative\stlang64.dll
    [2010/10/17 01:35:11 | 000,119,296 | ---- | C] () -- C:\Windows\SysNative\stacsv64.exe
    [2010/10/17 01:35:10 | 005,593,088 | ---- | C] () -- C:\Windows\SysNative\IDTSG64.cpl
    [2010/10/17 01:34:40 | 000,620,544 | ---- | C] () -- C:\Windows\SysNative\stapo64.dll
    [2010/10/17 01:34:40 | 000,364,544 | ---- | C] () -- C:\Windows\SysNative\stapi64.dll
    [2010/10/17 01:34:40 | 000,347,648 | ---- | C] () -- C:\Windows\SysNative\stcplx64.dll
    [2010/10/17 01:34:06 | 000,293,376 | ---- | C] () -- C:\Windows\SysNative\BtwRSupport.dll
    [2010/10/17 01:34:05 | 000,000,741 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    [2010/10/17 01:31:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/10/16 23:49:46 | 000,002,001 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/10/16 23:46:45 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595617421-2560146394-377733985-1000UA.job
    [2010/10/16 23:46:45 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595617421-2560146394-377733985-1000Core.job
    [2010/10/16 23:24:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    [2010/10/16 22:52:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\Gateway_M-6888u_N-A_N1C9641000346.MRK
    [2010/10/16 22:49:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\LogConfigTemp.xml
    [2010/10/16 22:49:23 | 000,585,216 | ---- | C] () -- C:\Windows\SysNative\INT15_64.dll
    [2010/10/16 22:49:23 | 000,017,952 | ---- | C] () -- C:\Windows\SysNative\drivers\int15_64.sys
    [2010/10/16 22:47:15 | 005,631,520 | ---- | C] () -- C:\Windows\System\DriveIcon.dll
    [2010/10/16 22:47:15 | 000,062,464 | ---- | C] () -- C:\Windows\SysNative\drivers\RTSTOR64.sys
    [2010/10/16 22:47:15 | 000,038,660 | ---- | C] () -- C:\Windows\System\sd.ico
    [2010/10/16 22:47:15 | 000,037,300 | ---- | C] () -- C:\Windows\System\cf.ico
    [2010/10/16 22:47:15 | 000,037,041 | ---- | C] () -- C:\Windows\System\sm.ico
    [2010/10/16 22:47:15 | 000,034,530 | ---- | C] () -- C:\Windows\System\ms.ico
    [2010/10/16 22:47:15 | 000,005,430 | ---- | C] () -- C:\Windows\System\MyMulti.ico
    [2010/10/16 22:43:14 | 000,000,258 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2010/10/16 22:43:14 | 000,000,240 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2010/10/16 22:03:35 | 000,000,808 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2010/10/16 21:58:49 | 000,121,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys
    [2010/10/16 21:58:49 | 000,020,048 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2010/10/16 21:58:48 | 000,051,280 | ---- | C] () -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2010/10/16 21:58:48 | 000,028,752 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2010/10/16 21:58:47 | 000,061,008 | ---- | C] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2010/10/16 21:58:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2010/10/16 21:58:25 | 000,426,230 | ---- | C] () -- C:\Users\Rich\AppData\Local\dd_vcredistMSI5014.txt
    [2010/10/16 21:58:24 | 000,012,286 | ---- | C] () -- C:\Users\Rich\AppData\Local\dd_vcredistUI5014.txt
    [2009/03/04 13:33:35 | 001,695,744 | ---- | C] () -- C:\Windows\SysWow64\gameux.dll
    [2009/03/04 13:06:36 | 003,936,256 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dll
    [2008/01/20 21:50:15 | 000,127,488 | ---- | C] () -- C:\Windows\SysWow64\aclui.dll
    [2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2008/01/20 21:49:00 | 002,226,688 | ---- | C] () -- C:\Windows\SysWow64\networkexplorer.dll

    ========== LOP Check ==========

    [2010/10/19 22:29:40 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\DAEMON Tools Lite
    [2010/10/18 20:45:43 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\LolClient
    [2010/10/24 12:36:34 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\OpenOffice.org
    [2010/11/07 11:02:03 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\PeerNetworking
    [2010/11/08 23:27:13 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\uTorrent
    [2010/11/10 21:01:11 | 000,026,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/01/20 21:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
    [2009/03/04 13:09:41 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2010/11/11 18:18:40 | 4293,320,704 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 07:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
    [2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 07:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 07:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 07:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 07:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 07:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 07:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 07:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 07:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 07:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2009/03/04 15:32:38 | 000,000,165 | ---- | M] () -- C:\Labelprint.log
    [2010/11/10 18:15:21 | 000,089,088 | ---- | M] () -- C:\mbr.exe
    [2010/11/10 18:17:31 | 000,000,227 | ---- | M] () -- C:\mbr.log
    [2005/09/23 02:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2010/11/11 18:18:38 | 311,955,455 | -HS- | M] () -- C:\pagefile.sys
    [2010/10/16 22:51:01 | 000,000,163 | ---- | M] () -- C:\power2go.log
    [2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 07:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 07:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 10:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/07 10:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/10/21 17:06:57 | 000,000,344 | -HS- | M] () -- C:\Users\Rich\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/10 20:32:03 | 002,565,432 | ---- | M] () -- C:\Users\Rich\Desktop\NTBR_CD.exe
    [2010/11/11 18:45:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/10/16 22:45:40 | 000,000,402 | -HS- | M] () -- C:\Users\Rich\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    < End of report >
     
  18. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Please, uninstall Wise Registry Cleaner.
    Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

    ========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
      O4 - HKLM..\Run: [eRecoveryService] File not found
      O33 - MountPoints2\{1eed668e-d9a2-11df-9104-000325249adc}\Shell\AutoRun\command - "" = G:\wdsync.exe -- File not found
      O33 - MountPoints2\{9e12a464-e370-11df-a761-000325249adc}\Shell\AutoRun\command - "" = G:\slacker.synclauncher.exe -- File not found
      O33 - MountPoints2\{9e12a464-e370-11df-a761-000325249adc}\Shell\slacker\command - "" = G:\slacker.synclauncher.exe -- File not found
      O33 - MountPoints2\{d129d577-dbf8-11df-8cd8-001f3cacead8}\Shell - "" = AutoRun
      O33 - MountPoints2\{d129d577-dbf8-11df-8cd8-001f3cacead8}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
      [2010/10/16 23:44:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
      [2010/10/16 22:45:46 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Symantec
      @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ========================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  19. rjmontalvo

    rjmontalvo TS Rookie Topic Starter Posts: 19

    I've had an issue trying to install Java. The link doesn't allow me to auto detect what version I have so I downloaded the file manually. While installing I keep getting this error and it resets once I click ok:

    Warning - Java(TM) Update
    bin\net.dll: Old File not found. However, a file of the same name was found. No update done since file contents do not match.

    Also, for some reason I can't find Wise Registry Cleaner in my programs under Control Panel and no Uninstall link is in start up so will have to do some searching for that.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Regrading Java....run JavaRa first.
    Then, try updating.

    Regarding Wise Registry Cleaner, probably just a a folder left in Program Files. Remove it.
     
  21. rjmontalvo

    rjmontalvo TS Rookie Topic Starter Posts: 19

    I ran OTL and unfortunately I pasted the log into a the quick reply on here without clicking sending before running the other programs that needed a reboot. Would rerunning still give you the correct results, or is there a way to get the old results back? Also unfortunately the Security Check program is having the same problem DDS did with attempting to open Notepad but failing with an error saying it's not for 64-bit systems.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    You can safely re-run OTL fix.

    Right click on SecurityCheck.exe and click "Run As Administrator".
     
  23. rjmontalvo

    rjmontalvo TS Rookie Topic Starter Posts: 19

    I tried running Security Check as Admin but it still shows same message when it attempts to open up Notebook so I'm unable to get that log. Here's the one for OTL. Will get online virus log soon.

    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eed668e-d9a2-11df-9104-000325249adc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1eed668e-d9a2-11df-9104-000325249adc}\ not found.
    File G:\wdsync.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e12a464-e370-11df-a761-000325249adc}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e12a464-e370-11df-a761-000325249adc}\ not found.
    File G:\slacker.synclauncher.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e12a464-e370-11df-a761-000325249adc}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e12a464-e370-11df-a761-000325249adc}\ not found.
    File G:\slacker.synclauncher.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d129d577-dbf8-11df-8cd8-001f3cacead8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d129d577-dbf8-11df-8cd8-001f3cacead8}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d129d577-dbf8-11df-8cd8-001f3cacead8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d129d577-dbf8-11df-8cd8-001f3cacead8}\ not found.
    File E:\autorun.exe not found.
    Folder C:\Users\Public\Documents\Symantec\ not found.
    Folder C:\Users\Rich\AppData\Roaming\Symantec\ not found.
    Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Mcx1
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: Rich
    ->Temp folder emptied: 494517 bytes
    ->Temporary Internet Files folder emptied: 184978 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 9364860 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 521 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 10.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Mcx1

    User: Public

    User: Rich
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11122010_105020

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XTD92DDX\desktop.ini scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHK8EHZ1\desktop.ini scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNGWUF52\desktop.ini scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CA8AHTNZ\desktop.ini scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  24. rjmontalvo

    rjmontalvo TS Rookie Topic Starter Posts: 19

    Doesn't look like ESET found at Threats as it did not allow for me to export a log.
     
  25. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...