TechSpot

All started w/ think point virus

By Palamm
Dec 6, 2010
  1. Which i removed then installed norton 360 after I though I had cleaned it out ... Still get bsod on most restates ... When I do get in ... Ie9 was routing to ask.com and other sites ... So I reverted to ie8 which is now super slow ... And norton tells me it is blocking attacks every time i open it .., seems to be coming from device/harddiskvolume4/windows/system32/svchost.exe. Except I can't find that folder or path ... Norton find nothing on scan and I also ran registry booster which did nothing ... Going to try and remove ie8 and go to safari njust so I can access this site and hopefully get this resolved .... Thanks in advance for any suggestions.
     
  2. Palamm

    Palamm TS Rookie Topic Starter Posts: 23

    Malware Scan Results

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5258

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    12/6/2010 6:07:40 PM
    mbam-log-2010-12-06 (18-07-40).txt

    Scan type: Quick scan
    Objects scanned: 153448
    Time elapsed: 1 minute(s), 6 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  3. Palamm

    Palamm TS Rookie Topic Starter Posts: 23

    Gmer log blank ...
     
  4. Palamm

    Palamm TS Rookie Topic Starter Posts: 23

    Dds freezes up system ... About 1/2 way through ... On try 6 now ... Even hangs in safe mode
     
  5. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  6. Palamm

    Palamm TS Rookie Topic Starter Posts: 23

    Thank you!! at least no BSOD now .... and ie seems better so far ... here is log


    2010/12/06 20:13:09.0716 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
    2010/12/06 20:13:09.0716 ================================================================================
    2010/12/06 20:13:09.0716 SystemInfo:
    2010/12/06 20:13:09.0716
    2010/12/06 20:13:09.0716 OS Version: 6.1.7600 ServicePack: 0.0
    2010/12/06 20:13:09.0716 Product type: Workstation
    2010/12/06 20:13:09.0716 ComputerName: MATTHEW-OFFICE
    2010/12/06 20:13:09.0716 UserName: Matthew
    2010/12/06 20:13:09.0716 Windows directory: C:\Windows
    2010/12/06 20:13:09.0716 System windows directory: C:\Windows
    2010/12/06 20:13:09.0716 Running under WOW64
    2010/12/06 20:13:09.0716 Processor architecture: Intel x64
    2010/12/06 20:13:09.0716 Number of processors: 8
    2010/12/06 20:13:09.0716 Page size: 0x1000
    2010/12/06 20:13:09.0716 Boot type: Normal boot
    2010/12/06 20:13:09.0716 ================================================================================
    2010/12/06 20:13:09.0716 Utility is running under WOW64
    2010/12/06 20:13:09.0841 Initialize success
    2010/12/06 20:13:15.0051 ================================================================================
    2010/12/06 20:13:15.0051 Scan started
    2010/12/06 20:13:15.0051 Mode: Manual;
    2010/12/06 20:13:15.0051 ================================================================================
    2010/12/06 20:13:15.0784 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    2010/12/06 20:13:15.0816 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    2010/12/06 20:13:15.0831 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    2010/12/06 20:13:15.0862 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2010/12/06 20:13:15.0878 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2010/12/06 20:13:15.0894 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2010/12/06 20:13:15.0925 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    2010/12/06 20:13:15.0956 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    2010/12/06 20:13:15.0972 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    2010/12/06 20:13:15.0987 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    2010/12/06 20:13:16.0003 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2010/12/06 20:13:16.0081 amdkmdag (cc0b8b1912967d429c4a2d2bd7a9e52d) C:\Windows\system32\DRIVERS\atikmdag.sys
    2010/12/06 20:13:16.0159 amdkmdap (b855c99c23a57edeca29f49a3210b95c) C:\Windows\system32\DRIVERS\atikmpag.sys
    2010/12/06 20:13:16.0174 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2010/12/06 20:13:16.0206 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    2010/12/06 20:13:16.0221 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2010/12/06 20:13:16.0237 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    2010/12/06 20:13:16.0252 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    2010/12/06 20:13:16.0284 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2010/12/06 20:13:16.0299 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2010/12/06 20:13:16.0330 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/12/06 20:13:16.0346 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    2010/12/06 20:13:16.0362 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
    2010/12/06 20:13:16.0455 atikmdag (cc0b8b1912967d429c4a2d2bd7a9e52d) C:\Windows\system32\DRIVERS\atikmdag.sys
    2010/12/06 20:13:16.0502 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2010/12/06 20:13:16.0518 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2010/12/06 20:13:16.0549 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2010/12/06 20:13:16.0580 BHDrvx64 (446b2c459a7d11cd71350235d6977e2a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx64.sys
    2010/12/06 20:13:16.0596 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2010/12/06 20:13:16.0627 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2010/12/06 20:13:16.0642 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2010/12/06 20:13:16.0658 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2010/12/06 20:13:16.0689 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2010/12/06 20:13:16.0705 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2010/12/06 20:13:16.0720 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2010/12/06 20:13:16.0736 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2010/12/06 20:13:16.0752 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2010/12/06 20:13:16.0767 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
    2010/12/06 20:13:16.0798 ccHP (da66e851e76766d2c84502fe682ab175) C:\Windows\system32\drivers\N360x64\0402000.00C\ccHPx64.sys
    2010/12/06 20:13:16.0830 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/12/06 20:13:16.0845 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/12/06 20:13:16.0876 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2010/12/06 20:13:16.0892 CLBStor (125327df629324fad78d9a95ccd0f425) C:\Windows\system32\DRIVERS\CLBStor.sys
    2010/12/06 20:13:16.0908 CLBUDF (9c0cd75fea24e7e0e835eee7f14406f7) C:\Windows\system32\drivers\CLBUDF.sys
    2010/12/06 20:13:16.0939 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2010/12/06 20:13:16.0970 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/12/06 20:13:16.0986 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    2010/12/06 20:13:17.0017 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    2010/12/06 20:13:17.0032 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2010/12/06 20:13:17.0048 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2010/12/06 20:13:17.0079 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2010/12/06 20:13:17.0110 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
    2010/12/06 20:13:17.0142 CT20XUT (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\system32\drivers\CT20XUT.SYS
    2010/12/06 20:13:17.0157 CT20XUT.SYS (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\System32\drivers\CT20XUT.SYS
    2010/12/06 20:13:17.0173 ctac32k (eb3843a91a10150c9e05607cbcb44090) C:\Windows\system32\drivers\ctac32k.sys
    2010/12/06 20:13:17.0220 ctaud2k (bc06efb59a2316537765462dfe40f764) C:\Windows\system32\drivers\ctaud2k.sys
    2010/12/06 20:13:17.0251 CTEXFIFX (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\system32\drivers\CTEXFIFX.SYS
    2010/12/06 20:13:17.0282 CTEXFIFX.SYS (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\System32\drivers\CTEXFIFX.SYS
    2010/12/06 20:13:17.0298 CTHWIUT (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\system32\drivers\CTHWIUT.SYS
    2010/12/06 20:13:17.0313 CTHWIUT.SYS (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\System32\drivers\CTHWIUT.SYS
    2010/12/06 20:13:17.0329 ctprxy2k (ebc9548ef5838cb5aa8f18b3ac28af12) C:\Windows\system32\drivers\ctprxy2k.sys
    2010/12/06 20:13:17.0344 ctsfm2k (459bee1682121842285c162e2d98d81a) C:\Windows\system32\drivers\ctsfm2k.sys
    2010/12/06 20:13:17.0376 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    2010/12/06 20:13:17.0391 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2010/12/06 20:13:17.0407 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2010/12/06 20:13:17.0438 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2010/12/06 20:13:17.0454 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/12/06 20:13:17.0516 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2010/12/06 20:13:17.0547 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    2010/12/06 20:13:17.0578 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2010/12/06 20:13:17.0610 emupia (c26133b6165928fbd156c6fe570f9ed2) C:\Windows\system32\drivers\emupia2k.sys
    2010/12/06 20:13:17.0610 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2010/12/06 20:13:17.0641 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    2010/12/06 20:13:17.0672 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2010/12/06 20:13:17.0703 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2010/12/06 20:13:17.0797 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2010/12/06 20:13:17.0812 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2010/12/06 20:13:17.0828 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2010/12/06 20:13:17.0844 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/12/06 20:13:17.0875 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    2010/12/06 20:13:17.0890 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2010/12/06 20:13:17.0906 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/12/06 20:13:17.0937 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2010/12/06 20:13:17.0953 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2010/12/06 20:13:17.0968 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2010/12/06 20:13:18.0015 ha20x2k (a3f010d5dbfb589a3b3288c05c2ea3f9) C:\Windows\system32\drivers\ha20x2k.sys
    2010/12/06 20:13:18.0031 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2010/12/06 20:13:18.0046 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    2010/12/06 20:13:18.0062 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/12/06 20:13:18.0078 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2010/12/06 20:13:18.0109 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2010/12/06 20:13:18.0124 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2010/12/06 20:13:18.0140 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/12/06 20:13:18.0171 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2010/12/06 20:13:18.0202 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    2010/12/06 20:13:18.0218 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    2010/12/06 20:13:18.0234 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/12/06 20:13:18.0265 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    2010/12/06 20:13:18.0280 IDSVia64 (6f9b281bc4afff5fe784d7da699d347f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101201.001\IDSvia64.sys
    2010/12/06 20:13:18.0312 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2010/12/06 20:13:18.0358 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\Windows\system32\drivers\RTKVHD64.sys
    2010/12/06 20:13:18.0374 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    2010/12/06 20:13:18.0390 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/12/06 20:13:18.0421 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/12/06 20:13:18.0436 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2010/12/06 20:13:18.0452 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2010/12/06 20:13:18.0468 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2010/12/06 20:13:18.0499 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    2010/12/06 20:13:18.0514 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/12/06 20:13:18.0530 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/12/06 20:13:18.0546 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    2010/12/06 20:13:18.0561 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    2010/12/06 20:13:18.0577 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    2010/12/06 20:13:18.0592 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2010/12/06 20:13:18.0624 LADF_DHP2 (86dcbf8a41c78561a1da07ab5e7b1ccc) C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
    2010/12/06 20:13:18.0639 LADF_SBVM (175c04c7813ce64616b5cb046e5e1383) C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
    2010/12/06 20:13:18.0670 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
    2010/12/06 20:13:18.0686 LGPBTDD (f705a641c18df31b48b5dbda94b425e4) C:\Windows\system32\Drivers\LGPBTDD.sys
    2010/12/06 20:13:19.0142 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
    2010/12/06 20:13:19.0163 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    2010/12/06 20:13:19.0184 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/12/06 20:13:19.0213 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    2010/12/06 20:13:19.0237 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2010/12/06 20:13:19.0254 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2010/12/06 20:13:19.0271 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2010/12/06 20:13:19.0288 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2010/12/06 20:13:19.0306 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2010/12/06 20:13:19.0328 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2010/12/06 20:13:19.0343 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2010/12/06 20:13:19.0359 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2010/12/06 20:13:19.0375 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2010/12/06 20:13:19.0406 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/12/06 20:13:19.0421 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2010/12/06 20:13:19.0437 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    2010/12/06 20:13:19.0453 MpFilter (c4d8c3031c7cd5884ca856b15307e997) C:\Windows\system32\DRIVERS\MpFilter.sys
    2010/12/06 20:13:19.0468 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    2010/12/06 20:13:19.0484 MpNWMon (a768f58c55d3f303e686a7646348aec3) C:\Windows\system32\DRIVERS\MpNWMon.sys
    2010/12/06 20:13:19.0499 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2010/12/06 20:13:19.0531 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    2010/12/06 20:13:19.0546 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/12/06 20:13:19.0562 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/12/06 20:13:19.0577 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/12/06 20:13:19.0593 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    2010/12/06 20:13:19.0624 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    2010/12/06 20:13:19.0640 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2010/12/06 20:13:19.0671 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2010/12/06 20:13:19.0687 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    2010/12/06 20:13:19.0702 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/12/06 20:13:19.0733 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/12/06 20:13:19.0749 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2010/12/06 20:13:19.0765 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    2010/12/06 20:13:19.0796 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/12/06 20:13:19.0811 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2010/12/06 20:13:19.0827 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2010/12/06 20:13:19.0843 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
    2010/12/06 20:13:19.0858 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2010/12/06 20:13:19.0889 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/12/06 20:13:19.0905 NAVENG (956f589c6a7dde71dc6b03be633ebf23) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101206.024\ENG64.SYS
    2010/12/06 20:13:19.0936 NAVEX15 (ee7a0e2478e7cd1a199d1b82e3a69b3e) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101206.024\EX64.SYS
    2010/12/06 20:13:19.0983 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    2010/12/06 20:13:20.0014 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2010/12/06 20:13:20.0030 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/12/06 20:13:20.0045 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/12/06 20:13:20.0061 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/12/06 20:13:20.0077 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    2010/12/06 20:13:20.0123 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2010/12/06 20:13:20.0139 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    2010/12/06 20:13:20.0170 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2010/12/06 20:13:20.0186 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2010/12/06 20:13:20.0217 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2010/12/06 20:13:20.0248 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    2010/12/06 20:13:20.0295 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2010/12/06 20:13:20.0311 nusb3hub (a61b0af4d6b934928cfd1140deea5c8d) C:\Windows\system32\DRIVERS\nusb3hub.sys
    2010/12/06 20:13:20.0342 nusb3xhc (fa4b2f20561bdbcc6b9ac3e3bdcd7e3f) C:\Windows\system32\DRIVERS\nusb3xhc.sys
    2010/12/06 20:13:20.0357 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    2010/12/06 20:13:20.0373 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    2010/12/06 20:13:20.0389 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    2010/12/06 20:13:20.0404 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    2010/12/06 20:13:20.0435 ossrv (0e2de427ebe106e7e5b52869d5c99f68) C:\Windows\system32\drivers\ctoss2k.sys
    2010/12/06 20:13:20.0451 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2010/12/06 20:13:20.0482 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    2010/12/06 20:13:20.0498 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    2010/12/06 20:13:20.0513 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    2010/12/06 20:13:20.0529 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2010/12/06 20:13:20.0545 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2010/12/06 20:13:20.0576 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2010/12/06 20:13:20.0623 pnarp (fb83b6c62dff5abe36304351d2bed581) C:\Windows\system32\DRIVERS\pnarp.sys
    2010/12/06 20:13:20.0654 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/12/06 20:13:20.0669 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2010/12/06 20:13:20.0685 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    2010/12/06 20:13:20.0747 purendis (1b3434642ce3c26e6f24d3a76d749c2a) C:\Windows\system32\DRIVERS\purendis.sys
    2010/12/06 20:13:20.0779 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2010/12/06 20:13:20.0810 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2010/12/06 20:13:20.0825 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2010/12/06 20:13:20.0841 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/12/06 20:13:20.0857 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2010/12/06 20:13:20.0888 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/12/06 20:13:20.0903 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/12/06 20:13:20.0919 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/12/06 20:13:20.0950 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/12/06 20:13:20.0966 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2010/12/06 20:13:20.0981 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/12/06 20:13:20.0997 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
    2010/12/06 20:13:21.0013 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2010/12/06 20:13:21.0044 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2010/12/06 20:13:21.0059 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    2010/12/06 20:13:21.0091 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    2010/12/06 20:13:21.0106 RemoteControl-USBLAN (bfa4873cd96d7144dc0059a70e1e358f) C:\Windows\system32\DRIVERS\rcblan.sys
    2010/12/06 20:13:21.0137 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/12/06 20:13:21.0153 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
    2010/12/06 20:13:21.0184 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
    2010/12/06 20:13:21.0200 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    2010/12/06 20:13:21.0215 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    2010/12/06 20:13:21.0247 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2010/12/06 20:13:21.0278 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2010/12/06 20:13:21.0293 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2010/12/06 20:13:21.0309 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2010/12/06 20:13:21.0340 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    2010/12/06 20:13:21.0356 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2010/12/06 20:13:21.0371 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2010/12/06 20:13:21.0387 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2010/12/06 20:13:21.0418 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2010/12/06 20:13:21.0434 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2010/12/06 20:13:21.0449 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2010/12/06 20:13:21.0465 snapman (8ac15211eb4bf019aab0022781cc8ad0) C:\Windows\system32\DRIVERS\snapman.sys
    2010/12/06 20:13:21.0512 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2010/12/06 20:13:21.0543 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\N360x64\0402000.00C\SRTSP64.SYS
    2010/12/06 20:13:21.0574 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\N360x64\0402000.00C\SRTSPX64.SYS
    2010/12/06 20:13:21.0621 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
    2010/12/06 20:13:21.0637 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
    2010/12/06 20:13:21.0668 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/12/06 20:13:21.0715 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2010/12/06 20:13:22.0105 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    2010/12/06 20:13:22.0136 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2010/12/06 20:13:22.0151 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
    2010/12/06 20:13:22.0167 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    2010/12/06 20:13:22.0198 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\N360x64\0402000.00C\SYMDS64.SYS
    2010/12/06 20:13:22.0245 SymEFA (42c952d131eff724a9959bb6d78c1b63) C:\Windows\system32\drivers\N360x64\0402000.00C\SYMEFA64.SYS
    2010/12/06 20:13:22.0276 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    2010/12/06 20:13:22.0292 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\N360x64\0402000.00C\Ironx64.SYS
    2010/12/06 20:13:22.0339 SYMTDIv (8abb6e5b7d75cd3f0a988695d0d9186a) C:\Windows\System32\Drivers\N360x64\0402000.00C\SYMTDIV.SYS
    2010/12/06 20:13:22.0401 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
    2010/12/06 20:13:22.0448 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/12/06 20:13:22.0479 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    2010/12/06 20:13:22.0495 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2010/12/06 20:13:22.0510 tdrpman (ac1fc18d04b92bac16cbd85de2a08a0b) C:\Windows\system32\DRIVERS\tdrpman.sys
    2010/12/06 20:13:22.0541 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2010/12/06 20:13:22.0557 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    2010/12/06 20:13:22.0588 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    2010/12/06 20:13:22.0604 tifsfilter (3e24b7fe52bc455da8d6e2cc2b4ca23f) C:\Windows\system32\DRIVERS\tifsfilt.sys
    2010/12/06 20:13:22.0635 timounter (ec4fd4d147985a97e881729e808e6f34) C:\Windows\system32\DRIVERS\timntr.sys
    2010/12/06 20:13:22.0682 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/12/06 20:13:22.0697 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/12/06 20:13:22.0729 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2010/12/06 20:13:22.0744 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    2010/12/06 20:13:22.0775 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2010/12/06 20:13:22.0791 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    2010/12/06 20:13:22.0807 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2010/12/06 20:13:22.0838 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
    2010/12/06 20:13:22.0853 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
    2010/12/06 20:13:22.0869 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/12/06 20:13:22.0885 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    2010/12/06 20:13:22.0900 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/12/06 20:13:22.0916 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/12/06 20:13:22.0947 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2010/12/06 20:13:22.0963 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2010/12/06 20:13:22.0978 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/12/06 20:13:22.0994 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/12/06 20:13:23.0009 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2010/12/06 20:13:23.0041 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/12/06 20:13:23.0056 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2010/12/06 20:13:23.0072 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    2010/12/06 20:13:23.0087 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    2010/12/06 20:13:23.0103 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
    2010/12/06 20:13:23.0119 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2010/12/06 20:13:23.0134 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    2010/12/06 20:13:23.0165 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    2010/12/06 20:13:23.0181 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    2010/12/06 20:13:23.0197 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2010/12/06 20:13:23.0228 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    2010/12/06 20:13:23.0243 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2010/12/06 20:13:23.0259 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/12/06 20:13:23.0275 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/12/06 20:13:23.0306 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2010/12/06 20:13:23.0321 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2010/12/06 20:13:23.0353 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2010/12/06 20:13:23.0368 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2010/12/06 20:13:23.0415 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
    2010/12/06 20:13:23.0431 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2010/12/06 20:13:23.0462 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/12/06 20:13:23.0493 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    2010/12/06 20:13:23.0509 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/12/06 20:13:23.0540 yukonw7 (b2818bfab7817f7e7ee886f58b15b35c) C:\Windows\system32\DRIVERS\yk62x64.sys
    2010/12/06 20:13:23.0618 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (74983addca2d9618512c088d856d6615) E:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
    2010/12/06 20:13:23.0633 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2010/12/06 20:13:23.0649 ================================================================================
    2010/12/06 20:13:23.0649 Scan finished
    2010/12/06 20:13:23.0649 ================================================================================
    2010/12/06 20:13:23.0665 Detected object count: 1
    2010/12/06 20:13:55.0877 \HardDisk0 - will be cured after reboot
    2010/12/06 20:13:55.0877 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2010/12/06 20:14:13.0583 Deinitialize success
     
  7. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Good, we just killed a rootkit.

    See, if you can run DDS now.
     
  8. Palamm

    Palamm TS Rookie Topic Starter Posts: 23

    DDS (Ver_10-12-05.01) - NTFS_AMD64
    Run by Matthew at 20:37:38.13 on Mon 12/06/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.12279.9777 [GMT -8:00]

    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\ASUS.SYS\CONFIG\DVMExportService.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ccSvcHst.exe
    C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\DeviceVM\Splashtop Remote Software Updater\WCUService.exe
    c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    E:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Logitech\SetPointP\LBTWiz.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    E:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
    C:\Users\Matthew\AppData\Local\Apps\2.0\050NO893.YKW\Q86MGDYV.887\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Users\Matthew\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
    C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
    E:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files\Logitech\SetPointG\SetPointII.exe
    E:\Program Files (x86)\ASUS\TurboV\TurboV.exe
    E:\Program Files (x86)\AirPort\APAgent.exe
    E:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
    C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
    C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
    E:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    E:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
    E:\Program Files (x86)\Logitech\G35\G35.exe
    C:\Windows\SysWOW64\Ctxfihlp.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\SysWOW64\CTXFISPI.EXE
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Uniblue\PowerSuite\powersuite.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe
    C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Windows\system32\taskhost.exe
    E:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    E:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    E:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    E:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Matthew\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.com/ig
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    mWinlogon: Userinit=userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - E:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - E:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - E:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\coIEPlg.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - E:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [PowerSuite] "C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe" delay 20000 -m
    mRun: [NUSB3MON] "E:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [TurboV] "E:\Program Files (x86)\ASUS\TurboV\TurboV.exe" -b
    mRun: [AirPort Base Station Agent] "E:\Program Files (x86)\AirPort\APAgent.exe"
    mRun: [QFan Help] "E:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
    mRun: [Cpu Level Up help] "E:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
    mRun: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
    mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
    mRun: [HP Software Update] E:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [MSN Toolbar] "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe"
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun: [nmapp] "E:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    mRun: [Logitech G35] E:\Program Files (x86)\Logitech\G35\G35.exe
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    dRun: [CtxfiReg] CTXFIREG.exe /FAIL1
    StartupFolder: C:\Users\Matthew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BUFFAL~1.LNK - C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
    StartupFolder: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    StartupFolder: C:\Users\Matthew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MLBTVN~1.LNK - C:\Users\Matthew\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
    StartupFolder: C:\Users\Matthew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NASSCH~1.LNK - C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - E:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
    DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/virtualmark/tc/FMSI.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://codestreet.webex.com/client/T27LB/webex/ieatgpc1.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
    LSA: Authentication Packages = msv1_0 relog_ap
    mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
    BHO-X64: LastPass Browser Helper Object - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
    mRun-x64: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    mRun-x64: [Seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
    mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
    mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\r5m2goou.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - component: C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\r5m2goou.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
    FF - plugin: E:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    FF - plugin: E:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: E:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    FF - HiddenExtension: Java Console: No Registry Reference - E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0402000.00C\symds64.sys [2010-12-5 433200]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0402000.00C\symefa64.sys [2010-12-5 221232]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-23 953904]
    R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0402000.00C\cchpx64.sys [2010-12-5 615040]
    R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\System32\drivers\CLBStor.sys [2010-4-25 24560]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101201.001\IDSviA64.sys [2010-12-6 476792]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2009-12-2 173984]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0402000.00C\ironx64.sys [2010-12-5 150064]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0402000.00C\symtdiv.sys [2010-12-5 451120]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/04/25 16:22:49];E:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-8-28 146928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-5 202752]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-4-25 90112]
    R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\System32\drivers\CLBUDF.sys [2010-4-25 376304]
    R2 MDES;DVM Meta Data Export Service;C:\ASUS.SYS\CONFIG\DVMExportService.exe [2009-3-24 319488]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ccsvchst.exe [2010-12-5 126392]
    R2 NasPmService;NAS PM Service;C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
    R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 606048]
    R2 STRWCUService;Splashtop Remote Software Updater Service;C:\Program Files (x86)\DeviceVM\Splashtop Remote Software Updater\WCUService.exe [2010-8-18 897168]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-12-5 6659072]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-12-5 195584]
    R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-6 132656]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
    R3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\System32\drivers\LGPBTDD.sys [2009-7-1 30728]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-9-25 73728]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-9-25 178688]
    R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-2-15 401696]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SBSDWSCService;SBSD Security Center Service; [x]
    S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2010-11-24 35840]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-4-25 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-4-25 79360]
    S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
    S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
    S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
    S3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\System32\drivers\ladfDHP2amd64.sys [2010-9-29 62168]
    S3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\System32\drivers\ladfSBVMamd64.sys [2010-9-29 377176]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2009-12-2 40832]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RemoteControl-USBLAN;RemoteControl-USBLAN;C:\Windows\System32\drivers\rcblan.sys [2010-4-27 46616]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-26 1255736]

    =============== Created Last 30 ================

    2010-12-07 01:14:10 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{D32B9A92-0FB1-44C6-8177-E6D5A5689BD9}\mpengine.dll
    2010-12-06 06:12:06 615040 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\cchpx64.sys
    2010-12-06 06:12:06 505392 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\srtsp64.sys
    2010-12-06 06:12:06 451120 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\symtdiv.sys
    2010-12-06 06:12:06 433200 ----a-r- C:\Windows\System32\drivers\N360x64\0402000.00C\symds64.sys
    2010-12-06 06:12:06 32304 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\srtspx64.sys
    2010-12-06 06:12:06 221232 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\symefa64.sys
    2010-12-06 06:12:06 150064 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\ironx64.sys
    2010-12-06 06:12:03 -------- d-----w- C:\Windows\System32\drivers\N360x64\0402000.00C
    2010-12-06 03:24:20 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2010-12-06 03:23:17 34152 ----a-r- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2010-12-06 03:23:17 126312 ----a-r- C:\Windows\System32\GEARAspi64.dll
    2010-12-06 03:23:17 107368 ----a-r- C:\Windows\SysWow64\GEARAspi.dll
    2010-12-06 03:23:16 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2010-12-06 03:23:16 -------- d-----w- C:\Program Files\Symantec
    2010-12-06 03:23:16 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2010-12-06 03:22:37 -------- d-----w- C:\Windows\System32\drivers\N360x64
    2010-12-06 03:22:36 -------- d-----w- C:\Program Files (x86)\Norton 360 Premier Edition
    2010-12-06 03:20:25 -------- d-----w- C:\PROGRA~3\Norton
    2010-12-06 03:19:52 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2010-12-06 03:19:52 -------- d-----w- C:\PROGRA~3\NortonInstaller
    2010-12-06 01:26:10 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
    2010-12-06 01:26:10 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
    2010-12-06 01:19:12 -------- d-sh--w- C:\Windows\BitLockerDiscoveryVolumeContents
    2010-12-06 01:19:12 -------- d-----w- C:\Windows\RemotePackages
    2010-12-06 01:04:14 -------- d-----w- C:\$WINDOWS.~LS
    2010-12-05 23:40:29 -------- d-----w- C:\PROGRA~3\Uniblue
    2010-12-05 23:39:33 -------- dc-h--w- C:\PROGRA~3\{6DAA3B20-D487-4FA2-81D5-50404CCB868D}
    2010-12-05 23:39:32 -------- d-----w- C:\Windows\SysWow64\RegistryBooster
    2010-12-05 23:39:32 -------- d-----w- C:\Windows\System32\RegistryBooster
    2010-12-05 23:29:48 -------- d-----w- C:\Users\Matthew\AppData\Roaming\Uniblue
    2010-12-05 23:29:45 -------- d-----w- C:\Program Files (x86)\Uniblue
    2010-12-05 23:18:31 -------- d-----w- C:\perflogs
    2010-11-26 23:40:58 -------- d-----w- C:\PROGRA~3\DeviceVM
    2010-11-26 23:35:51 -------- d-----w- C:\Program Files (x86)\DeviceVM
    2010-11-26 23:35:39 -------- d-----w- C:\Program Files (x86)\Downloaded Installations
    2010-11-25 02:58:56 53248 ----a-r- C:\Users\Matthew\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2010-11-25 02:05:24 33328 ----a-w- C:\Windows\System32\drivers\pnarp.sys
    2010-11-25 02:05:18 35376 ----a-w- C:\Windows\System32\drivers\purendis.sys
    2010-11-25 02:05:11 -------- d-----w- C:\Program Files (x86)\Common Files\Pure Networks Shared
    2010-11-25 02:04:55 -------- d-----w- C:\PROGRA~3\Pure Networks
    2010-11-25 01:06:15 35840 ----a-r- C:\Windows\System32\drivers\BVRPMPR5a64.SYS
    2010-11-25 01:03:35 -------- d-----w- C:\Netgear
    2010-11-24 00:53:08 -------- d-----w- C:\Program Files\iPod
    2010-11-24 00:53:07 -------- d-----w- C:\Program Files\iTunes
    2010-11-16 02:29:59 506728 ----a-w- C:\Windows\System32\d3dx10_33.dll
    2010-11-09 23:20:34 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
    2010-11-09 23:19:55 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll
    2010-11-09 23:19:54 1495040 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll
    2010-11-09 23:19:37 -------- d-----w- C:\Program Files (x86)\Feedback Tool
    2010-11-07 19:41:27 -------- d-----w- C:\Program Files (x86)\DKP Profiler Uploader
    2010-11-07 19:41:20 73216 ----a-w- C:\Windows\ST6UNST.EXE
    2010-11-07 19:41:20 249856 ------w- C:\Windows\Setup1.exe

    ==================== Find3M ====================

    2010-11-30 01:42:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-11-25 03:42:41 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
    2010-11-25 03:42:41 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2010-11-25 03:42:41 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
    2010-11-25 03:42:41 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2010-11-25 02:58:45 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-09-29 19:34:50 377176 ----a-w- C:\Windows\System32\drivers\ladfSBVMamd64.sys
    2010-09-29 19:34:48 62168 ----a-w- C:\Windows\System32\drivers\ladfDHP2amd64.sys
    2010-09-29 19:34:26 78168 ----a-w- C:\Windows\System32\LADFCoinst_amd64.dll
    2010-09-28 23:44:52 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2010-09-28 23:44:52 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
    2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2010-09-09 22:39:14 2826240 ----a-w- C:\Windows\SysWow64\GPhotos.scr
    2010-09-08 18:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-09-08 18:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

    ============= FINISH: 20:38:00.36 ===============
     
  9. Palamm

    Palamm TS Rookie Topic Starter Posts: 23

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-05.01)

    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume3
    Install Date: 4/25/2010 6:12:07 AM
    System Uptime: 12/6/2010 8:15:16 PM (0 hours ago)

    Motherboard: ASUSTeK Computer INC. | | P6X58D PREMIUM
    Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz | LGA1366 | 2801/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 238 GiB total, 142.872 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 1863 GiB total, 1808.861 GiB free.
    F: is FIXED (NTFS) - 1863 GiB total, 1312.027 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet 7400 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet 7400 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0000
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter
    PNP Device ID: ROOT\*ISATAP\0000
    Service: tunnel

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0001
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #2
    PNP Device ID: ROOT\*ISATAP\0001
    Service: tunnel

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0002
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #3
    PNP Device ID: ROOT\*ISATAP\0002
    Service: tunnel

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Teredo Tunneling Adapter
    Device ID: ROOT\*TEREDO\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TEREDO\0000
    Service: tunnel

    ==== System Restore Points ===================

    RP296: 12/5/2010 6:46:53 PM - Windows Update
    RP297: 12/5/2010 7:15:11 PM - Post Nightmare I hope
    RP298: 12/5/2010 7:17:13 PM - Windows Backup
    RP299: 12/6/2010 3:00:10 AM - Windows Update
    RP300: 12/6/2010 5:14:02 PM - Windows Update
    RP301: 12/6/2010 5:17:11 PM - Windows Modules Installer

    ==== Installed Programs ======================

    3DMark Vantage
    3DMark06
    7300_Help
    7400
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.4.0
    AGEIA PhysX v7.09.13
    AI Suite
    AIO_CDB_ProductContext
    AIO_CDB_Software
    AIO_Scan
    AirPort
    Amazon MP3 Downloader 1.0.10
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Software Update
    ASUSUpdate
    ATI Catalyst Registration
    Bloomberg Keyboard v10.5
    Bloomberg PFM Upload Tool for Microsoft Excel
    Bloomberg Professional Service
    Bloomberg SFD Data Dictionary
    BUFFALO NAS Navigator
    BufferChm
    Call of Duty: Black Ops
    Call of Duty: Black Ops - Multiplayer
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    ccc-core-static
    CCC Help English
    Cisco Network Magic
    Copy
    Creative ALchemy
    Creative Audio Control Panel
    Creative Console Launcher
    Creative MediaSource 5
    Creative Software AutoUpdate
    Creative Sound Blaster Properties x64 Edition
    Creative WaveStudio 7
    Curse Client
    CyberLink Blu-ray Disc Suite
    CyberLink InstantBurn
    CyberLink LabelPrint
    CyberLink Power2Go
    CyberLink PowerBackup
    CyberLink PowerDirector
    CyberLink PowerDVD 8
    CyberLink PowerProducer
    Destinations
    DeviceDiscovery
    DKP Profiler
    DocProc
    DraftDominator Version 11.0L
    Driver Genius Professional Edition
    EPU-6 Engine
    eReg
    EVE Online (remove only)
    Express Gate Tools
    Fax
    Feedback Tool
    Futuremark SystemInfo
    GPBaseService2
    HP Update
    HPPhotoGadget
    HPProductAssistant
    HPSSupply
    HydraVision
    Java Auto Updater
    Java(TM) 6 Update 21
    Java(TM) SE Development Kit 6 Update 20
    LastPass (uninstall only)
    Logitech Harmony Remote Software 7
    Malwarebytes' Anti-Malware
    MarketResearch
    Marvell Miniport Driver
    Microsoft Default Manager
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft UI Engine
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Mozilla Firefox (3.6.3)
    MSN Toolbar
    MSN Toolbar Platform
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NEC Electronics USB 3.0 Host Controller Driver
    Network Magic
    Norton 360 Premier Edition
    OpenAL
    PC Probe II
    Picasa 3
    Pure Networks Platform
    QuickTime
    Rawr
    Realtek HDMI Audio Driver for ATI
    Realtek High Definition Audio Driver
    Red Light Center 3D Client
    Remote Control USB Driver
    RingCentral Voicemail Player
    Safari
    Scan
    Seagate*DiscWizard
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    SmartWebPrinting
    SolidWorks eDrawings 2010
    SolutionCenter
    Sonos Desktop Controller
    Splashtop Remote Software Updater
    Spybot - Search & Destroy
    Status
    Steam
    Teamwork
    The Lord of the Rings FREE Trial
    Toolbox
    TrayApp
    TurboTax 2008
    TurboTax 2008 wcaiper
    TurboTax 2008 wctiper
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wnyiper
    TurboTax 2008 wrapper
    TurboV
    Uniblue DriverScanner
    Uniblue PowerSuite
    Uniblue RegistryBooster
    Uniblue SpeedUpMyPC
    Uniblue SystemTweaker
    Uninstall of File Security Tool
    UnloadSupport
    WebEx
    WebReg
    World of Warcraft
    World of Warcraft Public Test
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    12/6/2010 8:15:35 PM, Error: Service Control Manager [7000] - The UFD Command Service service failed to start due to the following error: The system cannot find the path specified.
    12/6/2010 8:15:35 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The system cannot find the path specified.
    12/6/2010 8:10:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000469c5a1, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120610-31746-01.
    12/6/2010 6:58:16 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    12/6/2010 6:58:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/6/2010 6:58:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/6/2010 6:58:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    12/6/2010 6:58:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    12/6/2010 6:58:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/6/2010 6:58:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/6/2010 6:58:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff800046d680c, 0xfffff88007367d80, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120610-29702-01.
    12/6/2010 6:57:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AsUpIO BHDrvx64 ccHP CSC DfsC discache eeCtrl IDSVia64 MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SYMTDIv tdx Wanarpv6 WfpLwf
    12/6/2010 6:57:56 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/6/2010 6:57:56 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/6/2010 6:57:56 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    12/6/2010 6:57:56 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/6/2010 6:57:56 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/6/2010 6:57:56 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    12/6/2010 6:57:56 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/6/2010 6:57:56 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/6/2010 6:57:56 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/6/2010 6:57:55 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
    12/6/2010 6:46:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff800046d5cd8, 0xfffff8800d350ab0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120610-31605-01.
    12/6/2010 6:34:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80003a9e2b3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120610-34179-01.
    12/6/2010 6:30:54 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    12/6/2010 6:30:52 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    12/6/2010 6:30:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO BHDrvx64 ccHP discache eeCtrl IDSVia64 MpFilter spldr SRTSPX SymIRON SYMTDIv Wanarpv6
    12/6/2010 6:25:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    12/6/2010 6:04:39 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.50. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer.
    12/6/2010 5:49:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80003e7780c, 0xfffff8800ab6fd80, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120610-26660-01.
    12/5/2010 7:22:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB976422).
    12/5/2010 7:12:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2447568).
    12/5/2010 6:48:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect.
    12/5/2010 6:48:13 PM, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/5/2010 5:34:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AMD External Events Utility service to connect.
    12/5/2010 5:34:52 PM, Error: Service Control Manager [7000] - The AMD External Events Utility service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/5/2010 4:44:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8000296c5e0, 0xfffff880055b8f30, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120510-23181-01.
    12/5/2010 4:44:19 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/5/2010 4:33:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    12/5/2010 4:31:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO discache MpFilter spldr Wanarpv6
    12/5/2010 4:20:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
    12/5/2010 3:52:05 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8000329180c, 0xfffff8800283ed80, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120510-27050-01.
    12/5/2010 3:51:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AsUpIO CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
    12/5/2010 3:16:34 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The system cannot find the file specified.
    12/5/2010 3:16:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff800032f4436). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120510-16192-01.
    12/5/2010 3:09:40 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    12/5/2010 3:09:40 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

    ==== End Of File ===========================
     
  10. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Very good :)

    You're running two AV programs, Microsoft Security Essentials and Norton.
    One of them has to go.
    If Norton, make sure to use this tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

    When done...

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  11. Palamm

    Palamm TS Rookie Topic Starter Posts: 23

    BRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Ultimate Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: ASUSTeK Computer INC.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: System manufacturer
    System Product Name: System Product Name
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 229):
    0x04813000 \SystemRoot\system32\ntoskrnl.exe
    0x04DEF000 \SystemRoot\system32\hal.dll
    0x00BCD000 \SystemRoot\system32\kdcom.dll
    0x00CD2000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00D16000 \SystemRoot\system32\PSHED.dll
    0x00D2A000 \SystemRoot\system32\CLFS.SYS
    0x00C00000 \SystemRoot\system32\CI.dll
    0x00E15000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00EB9000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00EC8000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00F1F000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00F28000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00F32000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00F65000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F72000 \SystemRoot\System32\drivers\partmgr.sys
    0x00F87000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00F9C000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00FF8000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00D88000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00DA2000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x00DAB000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x00DD5000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x010A5000 \SystemRoot\system32\drivers\fltmgr.sys
    0x010F1000 \SystemRoot\system32\drivers\N360x64\0402000.00C\SYMDS64.SYS
    0x0115F000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01173000 \SystemRoot\system32\drivers\N360x64\0402000.00C\SYMEFA64.SYS
    0x0120E000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
    0x013B1000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x0144B000 \SystemRoot\System32\Drivers\cng.sys
    0x014BE000 \SystemRoot\System32\drivers\pcw.sys
    0x014CF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x014D9000 \SystemRoot\system32\drivers\ndis.sys
    0x016BE000 \SystemRoot\system32\drivers\NETIO.SYS
    0x0171E000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01803000 \SystemRoot\System32\drivers\tcpip.sys
    0x01749000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01600000 \SystemRoot\system32\DRIVERS\timntr.sys
    0x01793000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x017A3000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01AAC000 \SystemRoot\system32\DRIVERS\tdrpman.sys
    0x01B40000 \SystemRoot\System32\Drivers\spldr.sys
    0x01B48000 \SystemRoot\system32\DRIVERS\snapman.sys
    0x01B83000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01BBD000 \SystemRoot\System32\Drivers\mup.sys
    0x01BCF000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01A00000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01A3A000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01A50000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x015CB000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x01BEB000 \SystemRoot\system32\DRIVERS\CLBStor.sys
    0x01BF5000 \SystemRoot\System32\Drivers\Null.SYS
    0x01AA3000 \SystemRoot\System32\Drivers\Beep.SYS
    0x017EF000 \SystemRoot\System32\drivers\vga.sys
    0x013CB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x0142D000 \SystemRoot\System32\drivers\watchdog.sys
    0x016B0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x0143D000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x015F5000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x013F0000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x0105E000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x0106F000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x01200000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02E31000 \SystemRoot\System32\Drivers\N360x64\0402000.00C\SYMTDIV.SYS
    0x02EA7000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    0x02EDD000 \SystemRoot\system32\drivers\afd.sys
    0x02F67000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02FAC000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02FB5000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02FDB000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02E00000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02E1B000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x011AE000 \SystemRoot\system32\drivers\N360x64\0402000.00C\Ironx64.SYS
    0x02FEA000 \SystemRoot\system32\drivers\N360x64\0402000.00C\SRTSPX64.SYS
    0x04235000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x04286000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x04292000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x0429D000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101201.001\IDSvia64.sys
    0x04318000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    0x0438E000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x043B3000 \SystemRoot\System32\drivers\discache.sys
    0x044D4000 \SystemRoot\system32\drivers\csc.sys
    0x04557000 \SystemRoot\System32\Drivers\dfsc.sys
    0x04400000 \SystemRoot\system32\drivers\N360x64\0402000.00C\ccHPx64.sys
    0x0449C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x04640000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx64.sys
    0x0472D000 \SystemRoot\SysWow64\drivers\AsUpIO.sys
    0x04733000 \SystemRoot\SysWow64\drivers\AsIO.sys
    0x0475F000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x04775000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
    0x047A5000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x047A7000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x04A6C000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x05292000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x05386000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x053CC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x053F0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x05200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x05256000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x05116000 \SystemRoot\system32\DRIVERS\yk62x64.sys
    0x0548B000 \SystemRoot\system32\drivers\ctaud2k.sys
    0x05531000 \SystemRoot\system32\drivers\portcls.sys
    0x0556E000 \SystemRoot\system32\drivers\drmk.sys
    0x05590000 \SystemRoot\system32\drivers\ks.sys
    0x05400000 \SystemRoot\system32\drivers\ctoss2k.sys
    0x05431000 \SystemRoot\system32\drivers\ctprxy2k.sys
    0x05439000 \SystemRoot\system32\drivers\ksthunk.sys
    0x0543F000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x0547D000 \SystemRoot\system32\DRIVERS\ASACPI.sys
    0x055D3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x055E0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x055E9000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x05267000 \SystemRoot\system32\DRIVERS\serscan.sys
    0x0526F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x0517B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x05285000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x0519F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x051CE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x04A00000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x04A21000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x04A3B000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x04A46000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x04A55000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x055F9000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x055FB000 \SystemRoot\system32\drivers\LGBusEnum.sys
    0x051E9000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x04739000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
    0x04575000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x0681F000 \SystemRoot\system32\drivers\ha20x2k.sys
    0x069A0000 \SystemRoot\system32\drivers\emupia2k.sys
    0x04600000 \SystemRoot\system32\drivers\ctsfm2k.sys
    0x06A53000 \SystemRoot\system32\drivers\ctac32k.sys
    0x06B01000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x06B16000 \SystemRoot\System32\drivers\CTHWIUT.SYS
    0x06B31000 \SystemRoot\System32\drivers\CT20XUT.SYS
    0x06E69000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
    0x06FC6000 \SystemRoot\system32\drivers\RtHDMIVX.sys
    0x07438000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x000F0000 \SystemRoot\System32\win32k.sys
    0x07672000 \SystemRoot\System32\drivers\Dxapi.sys
    0x0767E000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x0768C000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x07698000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x076A1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x076B4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x076D1000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x076DF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x076F8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x07701000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    0x07716000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x07723000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    0x07737000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x07745000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00530000 \SystemRoot\System32\TSDDD.dll
    0x00720000 \SystemRoot\System32\cdd.dll
    0x07753000 \SystemRoot\System32\Drivers\usbaapl64.sys
    0x07764000 \SystemRoot\system32\drivers\luafv.sys
    0x07787000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
    0x0779E000 \SystemRoot\system32\drivers\WudfPf.sys
    0x06B66000 \SystemRoot\System32\Drivers\CLBUDF.SYS
    0x077BF000 \SystemRoot\System32\Drivers\LGPBTDD.sys
    0x077CA000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x06E00000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x07400000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x077E7000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x06E54000 \SystemRoot\system32\DRIVERS\pnarp.sys
    0x06BD0000 \SystemRoot\system32\DRIVERS\purendis.sys
    0x06BDC000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x03ABE000 \SystemRoot\system32\drivers\HTTP.sys
    0x03B86000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x03BA4000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x03BBC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x03A00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x03A4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x03A71000 \SystemRoot\system32\DRIVERS\WinUsb.sys
    0x070DC000 \SystemRoot\system32\drivers\peauth.sys
    0x07182000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0718D000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x071BA000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x071CC000 \??\E:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
    0x07000000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x09AC9000 \SystemRoot\System32\DRIVERS\srv.sys
    0x09B5F000 \SystemRoot\System32\Drivers\N360x64\0402000.00C\SRTSP64.SYS
    0x0B417000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101206.024\EX64.SYS
    0x0B5D5000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101206.024\ENG64.SYS
    0x0B5F5000 \SystemRoot\system32\drivers\LGVirHid.sys
    0x09A00000 \SystemRoot\system32\drivers\mrxdav.sys
    0x09A28000 \SystemRoot\system32\drivers\spsys.sys
    0x771F0000 \Windows\System32\ntdll.dll
    0x48380000 \Windows\System32\smss.exe
    0xFF510000 \Windows\System32\apisetschema.dll
    0xFF120000 \Windows\System32\autochk.exe
    0x770F0000 \Windows\System32\user32.dll
    0xFF380000 \Windows\System32\urlmon.dll
    0xFF370000 \Windows\System32\lpk.dll
    0xFF2D0000 \Windows\System32\msvcrt.dll
    0xFF230000 \Windows\System32\clbcatq.dll
    0xFF200000 \Windows\System32\imm32.dll
    0xFF0D0000 \Windows\System32\wininet.dll
    0xFF080000 \Windows\System32\Wldap32.dll
    0xFEEA0000 \Windows\System32\setupapi.dll
    0xFEDC0000 \Windows\System32\oleaut32.dll
    0xFED40000 \Windows\System32\shlwapi.dll
    0x773C0000 \Windows\System32\psapi.dll
    0xFEAE0000 \Windows\System32\iertutil.dll
    0x76FD0000 \Windows\System32\kernel32.dll
    0xFEAC0000 \Windows\System32\sechost.dll
    0xFE9B0000 \Windows\System32\msctf.dll
    0xFE910000 \Windows\System32\comdlg32.dll
    0xFE890000 \Windows\System32\difxapi.dll
    0xFE820000 \Windows\System32\gdi32.dll
    0xFE750000 \Windows\System32\usp10.dll
    0xFE740000 \Windows\System32\nsi.dll
    0xFE660000 \Windows\System32\advapi32.dll
    0x773B0000 \Windows\System32\normaliz.dll
    0xFE530000 \Windows\System32\rpcrt4.dll
    0xFE320000 \Windows\System32\ole32.dll
    0xFE2D0000 \Windows\System32\ws2_32.dll
    0xFE2B0000 \Windows\System32\imagehlp.dll
    0xFD520000 \Windows\System32\shell32.dll
    0xFD500000 \Windows\System32\devobj.dll
    0xFD490000 \Windows\System32\KernelBase.dll
    0xFD3F0000 \Windows\System32\comctl32.dll
    0xFD3B0000 \Windows\System32\wintrust.dll
    0xFD240000 \Windows\System32\crypt32.dll
    0xFD200000 \Windows\System32\cfgmgr32.dll
    0xFD1F0000 \Windows\System32\msasn1.dll
    0x76810000 \Windows\SysWOW64\normaliz.dll

    Processes (total 114):
    0 System Idle Process
    4 System
    508 C:\Windows\System32\smss.exe
    656 csrss.exe
    740 C:\Windows\System32\wininit.exe
    764 csrss.exe
    796 C:\Windows\System32\services.exe
    816 C:\Windows\System32\lsass.exe
    824 C:\Windows\System32\lsm.exe
    924 C:\Windows\System32\svchost.exe
    1008 C:\Windows\System32\winlogon.exe
    472 C:\Windows\System32\svchost.exe
    940 C:\Windows\System32\atiesrxx.exe
    1092 C:\Windows\System32\svchost.exe
    1168 C:\Windows\System32\svchost.exe
    1196 C:\Windows\System32\svchost.exe
    1332 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    1392 C:\Windows\System32\svchost.exe
    1572 WUDFHost.exe
    1604 C:\Windows\System32\atieclxx.exe
    1640 WUDFHost.exe
    1700 C:\Windows\System32\svchost.exe
    1812 C:\Windows\System32\spoolsv.exe
    1852 C:\Windows\System32\svchost.exe
    1924 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1992 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    2024 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1476 C:\Windows\System32\svchost.exe
    1688 C:\Windows\SysWOW64\svchost.exe
    2052 C:\ASUS.SYS\CONFIG\DVMExportService.exe
    2124 WUDFHost.exe
    2188 C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ccsvchst.exe
    2248 C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
    2284 C:\Windows\System32\svchost.exe
    2340 C:\Windows\System32\svchost.exe
    2400 C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
    2432 C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
    2576 C:\Windows\System32\svchost.exe
    2596 C:\Program Files (x86)\DeviceVM\Splashtop Remote Software Updater\WCUService.exe
    2640 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2708 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    3200 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3764 C:\Windows\System32\svchost.exe
    3788 C:\Windows\System32\SearchIndexer.exe
    3948 C:\Windows\System32\svchost.exe
    3912 C:\Windows\System32\taskhost.exe
    3212 C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ccsvchst.exe
    1684 C:\Windows\System32\taskeng.exe
    4196 E:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
    4272 C:\Windows\System32\dwm.exe
    4316 C:\Windows\explorer.exe
    4624 C:\Program Files\Logitech\SetPointP\LBTWiz.exe
    4672 C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
    4684 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    4768 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    4776 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    4868 C:\Program Files\Logitech\SetPointP\SetPoint.exe
    4924 E:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    4956 C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
    5008 C:\Users\Matthew\AppData\Local\Apps\2.0\050NO893.YKW\Q86MGDYV.887\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe
    5016 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
    5072 C:\Users\Matthew\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
    5104 C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
    4564 E:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    5220 C:\Program Files\Logitech\SetPointG\SetPointII.exe
    5228 E:\Program Files (x86)\ASUS\TurboV\TurboV.exe
    5372 E:\Program Files (x86)\AirPort\APAgent.exe
    5496 E:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
    5784 C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
    5800 C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
    5840 E:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    5884 C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
    5992 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    6076 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    6108 E:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
    1080 E:\Program Files (x86)\Logitech\G35\G35.exe
    5272 C:\Windows\SysWOW64\Ctxfihlp.exe
    5396 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    468 C:\Windows\SysWOW64\CTxfispi.exe
    5952 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    952 C:\Program Files (x86)\Uniblue\PowerSuite\powersuite.exe
    5168 C:\Program Files\Windows Media Player\wmpnetwk.exe
    6340 C:\Windows\System32\svchost.exe
    6752 C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe
    6564 C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
    6940 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    6884 taskhost.exe
    6224 E:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    1496 E:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    1980 E:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    6172 E:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
    7336 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    7412 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
    7604 C:\Windows\System32\sppsvc.exe
    7024 C:\Windows\System32\svchost.exe
    5792 WUDFHost.exe
    6648 C:\Program Files\iPod\bin\iPodService.exe
    10100 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    6012 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    8020 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    9448 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    10684 C:\Windows\servicing\TrustedInstaller.exe
    2236 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    10492 C:\Windows\System32\audiodg.exe
    8360 C:\Windows\System32\msiexec.exe
    10556 C:\Windows\System32\svchost.exe
    2088 C:\Windows\System32\SearchProtocolHost.exe
    10436 C:\Windows\System32\SearchFilterHost.exe
    11168 C:\Windows\SysWOW64\dllhost.exe
    9152 dllhost.exe
    9260 dllhost.exe
    4332 C:\Users\Matthew\Desktop\MBRCheck.exe
    11000 C:\Windows\System32\conhost.exe
    4068 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive2 at offset 0x00000000`06500000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`007e0000 (NTFS)
    \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000 (NTFS)

    PhysicalDrive2 Model Number: CORSAIRCMFSSD-256GBG2D
    PhysicalDrive0 Model Number: ST32000641AS, Rev: CC13
    PhysicalDrive1 Model Number: ST32000641AS, Rev: CC13

    Size Device Name MBR Status
    --------------------------------------------
    238 GB \\.\PhysicalDrive2 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    1863 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
    1863 GB \\.\PhysicalDrive1 Unknown MBR code
    SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  12. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Looks good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. Palamm

    Palamm TS Rookie Topic Starter Posts: 23

    OTL Extras logfile created on: 12/6/2010 9:24:04 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Matthew\Desktop
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    12.00 Gb Total Physical Memory | 9.00 Gb Available Physical Memory | 78.00% Memory free
    30.00 Gb Paging File | 27.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): [Binary data over 100 bytes]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 238.37 Gb Total Space | 142.82 Gb Free Space | 59.92% Space Free | Partition Type: NTFS
    Drive E: | 1863.01 Gb Total Space | 1808.86 Gb Free Space | 97.09% Space Free | Partition Type: NTFS
    Drive F: | 1863.01 Gb Total Space | 1312.03 Gb Free Space | 70.43% Space Free | Partition Type: NTFS

    Computer Name: MATTHEW-OFFICE | User Name: Matthew | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35
    "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
    "{AB3FDAEC-7702-3A47-655B-4A34714CBEFA}" = ccc-utility64
    "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
    "{CDDE7049-3EC8-933E-69C9-C65B3AAD8E24}" = ATI Problem Report Wizard
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DBB03C04-9E78-6758-94C9-5D128401CFF8}" = WMV9/VC-1 Video Playback
    "{E974638C-9F47-48C4-672C-B9C65F2BAD62}" = AMD Drag and Drop Transcoding
    "{EB78DD44-9AEE-7160-4AC3-053636D393C6}" = ATI AVIVO64 Codecs
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{EF5948BA-589D-4BE7-B993-C45DC1A77E24}" = MobileMe Control Panel
    "{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}" = ATI Catalyst Install Manager
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.51
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Office14.SingleImage" = Microsoft Office Home and Business 2010
    "Shop for HP Supplies" = Shop for HP Supplies
    "SP6" = Logitech SetPoint 6.15

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding
    "{034C3647-3240-B744-D10B-637197A1E5B1}" = Catalyst Control Center InstallProxy
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
    "{098BC897-4F0D-4D27-B7D2-9723D432CB41}" = RingCentral Voicemail Player
    "{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
    "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
    "{1401311D-3960-4CEB-AC0B-4214F069E5B9}" = Sonos Desktop Controller
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
    "{214ED689-3F31-4ABC-A79D-870A73ECB086}" = TurboTax 2008 wctiper
    "{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
    "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{2C440596-FD75-9EA6-5472-B2EDBF5D222B}" = ccc-core-static
    "{2D6E56F0-A066-467F-A115-3EE3D7DFBE0A}" = Teamwork
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{30BEFEDE-0B7A-4659-ADD8-C82F00B64288}" = 7400
    "{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
    "{32257980-61DF-4685-A72B-08683838233B}" = 7300_Help
    "{32394A59-A39C-4C90-A9A5-F16B0C7442E1}" = Express Gate Tools
    "{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java(TM) SE Development Kit 6 Update 20
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
    "{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
    "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
    "{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{66468F4D-BC4E-470C-9093-B3B6A1BB378C}" = MSN Toolbar Platform
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74487955-B85B-4040-A3B6-9EAC0A8AD198}" = AirPort
    "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
    "{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
    "{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
    "{7ACEE78A-537D-2857-1A64-72198BC4A67D}" = Catalyst Control Center Graphics Previews Vista
    "{7CD82818-18F2-E4D5-A502-9D1F16C8DF9C}" = Catalyst Control Center Graphics Previews Common
    "{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C22E4E-4543-4906-9058-691F06DE45DE}" = Splashtop Remote Software Updater
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
    "{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A76CFCA-4BEC-C88E-3A7B-7CD18E3B86EA}" = CCC Help English
    "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
    "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
    "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
    "{C3DE07CB-036F-45BC-85BD-D6FFC5D33603}" = TurboTax 2008 wnyiper
    "{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate*DiscWizard
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{C8B31B99-1D1A-4B8E-AFC6-AECB2EE08FC6}" = SolidWorks eDrawings 2010
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "{DBB1F4ED-3212-4F58-A427-9C01DE4A24A5}_is1" = Uniblue SystemTweaker
    "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
    "{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
    "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
    "{E7951681-CCC7-24AA-7BFE-9647F477DCFF}" = HydraVision
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
    "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
    "{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
    "ActiveTouchMeetingClient" = WebEx
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "ALchemy" = Creative ALchemy
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
    "AudioCS" = Creative Audio Control Panel
    "Bloomberg Keyboard v10.5" = Bloomberg Keyboard v10.5
    "Bloomberg PFM Upload Tool for Microsoft Excel" = Bloomberg PFM Upload Tool for Microsoft Excel
    "Bloomberg Professional Service" = Bloomberg Professional Service
    "Bloomberg SFD Data Dictionary" = Bloomberg SFD Data Dictionary
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Console Launcher" = Creative Console Launcher
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
    "DraftDominator_is1" = DraftDominator Version 11.0L
    "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
    "EVE" = EVE Online (remove only)
    "FileHippo.com" = FileHippo.com Update Checker
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Marvell Miniport Driver" = Marvell Miniport Driver
    "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
    "N360" = Norton 360 Premier Edition
    "Network MagicUninstall" = Network Magic
    "OpenAL" = OpenAL
    "Picasa 3" = Picasa 3
    "Red Light Center 3D Client" = Red Light Center 3D Client
    "ST6UNST #1" = DKP Profiler
    "Steam App 42700" = Call of Duty: Black Ops
    "Steam App 42710" = Call of Duty: Black Ops - Multiplayer
    "TurboTax 2008" = TurboTax 2008
    "UN060501" = BUFFALO NAS Navigator
    "UN070209" = Uninstall of File Security Tool
    "Uniblue RegistryBooster" = Uniblue RegistryBooster
    "WaveStudio 7" = Creative WaveStudio 7
    "World of Warcraft" = World of Warcraft
    "World of Warcraft Public Test" = World of Warcraft Public Test
    "Yahoo! Companion" = Yahoo! Toolbar

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "090215de958f1060" = Curse Client
    "834936787.elitistjerks.com" = Rawr
    "LastPass" = LastPass (uninstall only)
    "Teamwork" = Teamwork

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/6/2010 9:18:44 PM | Computer Name = Matthew-Office | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.7600.16671 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 8ed0 Start
    Time: 01cb95ac99efcf8f Termination Time: 7 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id: ecdbdf9e-019f-11e0-8120-485b392852d0

    Error - 12/6/2010 9:19:23 PM | Computer Name = Matthew-Office | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7600.16671,
    time stamp: 0x4c86f9be Faulting module name: LPBar.dll_unloaded, version: 0.0.0.0,
    time stamp: 0x4c39f782 Exception code: 0xc0000005 Fault offset: 0x102a4780 Faulting
    process id: 0x9058 Faulting application start time: 0x01cb95acc64b70d5 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    LPBar.dll Report Id: 05b3f2ae-01a0-11e0-8120-485b392852d0

    Error - 12/6/2010 9:19:57 PM | Computer Name = Matthew-Office | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7600.16671,
    time stamp: 0x4c86f9be Faulting module name: LPBar.dll_unloaded, version: 0.0.0.0,
    time stamp: 0x4c39f782 Exception code: 0xc0000005 Fault offset: 0x102a4780 Faulting
    process id: 0x3010 Faulting application start time: 0x01cb95acdab67c3e Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    LPBar.dll Report Id: 1a03ad81-01a0-11e0-8120-485b392852d0

    Error - 12/6/2010 9:20:12 PM | Computer Name = Matthew-Office | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7600.16671,
    time stamp: 0x4c86f9be Faulting module name: LPBar.dll_unloaded, version: 0.0.0.0,
    time stamp: 0x4c39f782 Exception code: 0xc0000005 Fault offset: 0x102a4780 Faulting
    process id: 0x95f0 Faulting application start time: 0x01cb95ace2c8cbcf Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    LPBar.dll Report Id: 22d04f1c-01a0-11e0-8120-485b392852d0

    Error - 12/6/2010 9:20:31 PM | Computer Name = Matthew-Office | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7600.16671,
    time stamp: 0x4c86f9be Faulting module name: LPBar.dll_unloaded, version: 0.0.0.0,
    time stamp: 0x4c39f782 Exception code: 0xc0000005 Fault offset: 0x102a4780 Faulting
    process id: 0x940c Faulting application start time: 0x01cb95acee65fd18 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    LPBar.dll Report Id: 2e660639-01a0-11e0-8120-485b392852d0

    Error - 12/6/2010 9:21:14 PM | Computer Name = Matthew-Office | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7600.16671,
    time stamp: 0x4c86f9be Faulting module name: LPBar.dll_unloaded, version: 0.0.0.0,
    time stamp: 0x4c39f782 Exception code: 0xc0000005 Fault offset: 0x102a4780 Faulting
    process id: 0x1690 Faulting application start time: 0x01cb95ad07fd4445 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    LPBar.dll Report Id: 4825485c-01a0-11e0-8120-485b392852d0

    Error - 12/6/2010 9:29:48 PM | Computer Name = Matthew-Office | Source = Bonjour Service | ID = 100
    Description = 252: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 12/6/2010 10:16:39 PM | Computer Name = Matthew-Office | Source = Bonjour Service | ID = 100
    Description = 592: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 12/7/2010 12:14:13 AM | Computer Name = Matthew-Office | Source = Bonjour Service | ID = 100
    Description = 600: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 12/7/2010 12:14:23 AM | Computer Name = Matthew-Office | Source = Bonjour Service | ID = 100
    Description = 540: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    [ System Events ]
    Error - 12/6/2010 10:58:16 PM | Computer Name = Matthew-Office | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 12/6/2010 11:05:39 PM | Computer Name = Matthew-Office | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 7:00:48 PM on ?12/?6/?2010 was unexpected.

    Error - 12/6/2010 11:05:43 PM | Computer Name = Matthew-Office | Source = Service Control Manager | ID = 7000
    Description = The UFD Command Service service failed to start due to the following
    error: %%3

    Error - 12/6/2010 11:05:44 PM | Computer Name = Matthew-Office | Source = Service Control Manager | ID = 7000
    Description = The SBSD Security Center Service service failed to start due to the
    following error: %%3

    Error - 12/7/2010 12:10:27 AM | Computer Name = Matthew-Office | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 7:44:29 PM on ?12/?6/?2010 was unexpected.

    Error - 12/7/2010 12:10:41 AM | Computer Name = Matthew-Office | Source = BugCheck | ID = 1001
    Description =

    Error - 12/7/2010 12:10:42 AM | Computer Name = Matthew-Office | Source = Service Control Manager | ID = 7000
    Description = The UFD Command Service service failed to start due to the following
    error: %%3

    Error - 12/7/2010 12:10:42 AM | Computer Name = Matthew-Office | Source = Service Control Manager | ID = 7000
    Description = The SBSD Security Center Service service failed to start due to the
    following error: %%3

    Error - 12/7/2010 12:15:35 AM | Computer Name = Matthew-Office | Source = Service Control Manager | ID = 7000
    Description = The UFD Command Service service failed to start due to the following
    error: %%3

    Error - 12/7/2010 12:15:35 AM | Computer Name = Matthew-Office | Source = Service Control Manager | ID = 7000
    Description = The SBSD Security Center Service service failed to start due to the
    following error: %%3


    < End of report >
     
  14. Palamm

    Palamm TS Rookie Topic Starter Posts: 23

    OTL logfile created on: 12/6/2010 9:24:04 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Matthew\Desktop
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    12.00 Gb Total Physical Memory | 9.00 Gb Available Physical Memory | 78.00% Memory free
    30.00 Gb Paging File | 27.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): [Binary data over 100 bytes]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 238.37 Gb Total Space | 142.82 Gb Free Space | 59.92% Space Free | Partition Type: NTFS
    Drive E: | 1863.01 Gb Total Space | 1808.86 Gb Free Space | 97.09% Space Free | Partition Type: NTFS
    Drive F: | 1863.01 Gb Total Space | 1312.03 Gb Free Space | 70.43% Space Free | Partition Type: NTFS

    Computer Name: MATTHEW-OFFICE | User Name: Matthew | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/06 21:22:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.exe
    PRC - [2010/11/13 11:13:08 | 000,053,088 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\PowerSuite\powersuite.exe
    PRC - [2010/11/12 16:34:52 | 000,056,168 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe
    PRC - [2010/11/10 19:18:32 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/10/05 09:32:58 | 001,811,800 | ---- | M] (Logitech(c)) -- E:\Program Files (x86)\Logitech\G35\G35.exe
    PRC - [2010/08/31 20:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    PRC - [2010/08/18 10:11:16 | 000,897,168 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Splashtop Remote Software Updater\WCUService.exe
    PRC - [2010/07/20 04:02:36 | 000,802,960 | ---- | M] () -- C:\Users\Matthew\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
    PRC - [2010/05/05 19:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
    PRC - [2010/05/05 19:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
    PRC - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ccsvchst.exe
    PRC - [2010/02/12 10:02:08 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
    PRC - [2010/01/13 19:55:10 | 000,611,968 | ---- | M] (ASUSTeK Computer Inc.) -- E:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
    PRC - [2009/11/11 14:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\AirPort\APAgent.exe
    PRC - [2009/10/16 17:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
    PRC - [2009/10/16 17:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
    PRC - [2009/10/16 17:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
    PRC - [2009/10/02 18:42:22 | 006,154,240 | ---- | M] (ASUSTeK Computer Inc.) -- E:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
    PRC - [2009/10/02 16:26:44 | 005,516,800 | ---- | M] (ASUSTeK Computer Inc.) -- E:\Program Files (x86)\ASUS\TurboV\TurboV.exe
    PRC - [2009/09/25 21:59:18 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- E:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2009/08/19 03:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- E:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
    PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2009/03/24 11:36:36 | 000,319,488 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\CONFIG\DVMExportService.exe
    PRC - [2009/02/25 17:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2009/02/24 02:05:30 | 001,557,912 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
    PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    PRC - [2008/07/11 05:22:56 | 000,251,184 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
    PRC - [2008/05/27 05:36:20 | 000,206,128 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/06 21:22:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.exe
    MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/05/06 01:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2010/04/06 18:12:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2010/11/15 18:31:13 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/08/18 10:11:16 | 000,897,168 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Splashtop Remote Software Updater\WCUService.exe -- (STRWCUService)
    SRV - [2010/07/23 15:35:54 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
    SRV - [2010/04/25 15:03:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2010/04/25 14:53:50 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
    SRV - [2009/10/16 17:39:50 | 000,606,048 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
    SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- E:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2009/08/19 03:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
    SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/03/24 11:36:36 | 000,319,488 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\CONFIG\DVMExportService.exe -- (MDES)
    SRV - [2009/02/25 17:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2008/07/11 05:22:56 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
    SRV - [2006/02/15 13:37:12 | 000,069,632 | ---- | M] (Generic) [Auto | Stopped] -- C:\Windows\SysWow64\ufdsvc.exe -- (UFDSVC)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010/12/05 19:23:16 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2010/09/29 11:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
    DRV:64bit: - [2010/09/29 11:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
    DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/05/05 21:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
    DRV:64bit: - [2010/05/05 21:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
    DRV:64bit: - [2010/05/05 21:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV:64bit: - [2010/05/05 21:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV:64bit: - [2010/05/05 21:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
    DRV:64bit: - [2010/05/05 21:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV:64bit: - [2010/05/05 21:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
    DRV:64bit: - [2010/05/05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
    DRV:64bit: - [2010/05/05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
    DRV:64bit: - [2010/05/05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
    DRV:64bit: - [2010/05/05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
    DRV:64bit: - [2010/05/05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
    DRV:64bit: - [2010/05/05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
    DRV:64bit: - [2010/05/05 20:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys -- (SYMTDIv)
    DRV:64bit: - [2010/04/28 21:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2010/04/25 14:29:09 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
    DRV:64bit: - [2010/04/25 14:29:09 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
    DRV:64bit: - [2010/04/25 14:29:09 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
    DRV:64bit: - [2010/04/25 14:29:09 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
    DRV:64bit: - [2010/04/21 19:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2010/04/21 18:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2010/04/21 18:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV:64bit: - [2010/04/06 18:44:06 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2010/04/06 18:44:06 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/04/06 17:23:30 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/03/18 01:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2010/03/18 01:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2010/02/25 16:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys -- (ccHP)
    DRV:64bit: - [2010/02/15 02:24:00 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2010/01/27 10:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
    DRV:64bit: - [2009/11/23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
    DRV:64bit: - [2009/11/23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
    DRV:64bit: - [2009/10/14 19:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.sys -- (SymDS)
    DRV:64bit: - [2009/10/07 13:48:28 | 000,024,560 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLBStor.sys -- (CLBStor)
    DRV:64bit: - [2009/09/30 06:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/09/25 21:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2009/09/25 21:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2009/08/24 20:10:52 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
    DRV:64bit: - [2009/07/15 19:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
    DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
    DRV:64bit: - [2009/07/01 10:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
    DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2007/01/24 15:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcblan.sys -- (RemoteControl-USBLAN)
    DRV - [2010/12/05 19:42:21 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101206.024\EX64.SYS -- (NAVEX15)
    DRV - [2010/12/05 19:42:21 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/12/05 19:42:21 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101206.024\ENG64.SYS -- (NAVENG)
    DRV - [2010/12/05 19:42:20 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2010/11/23 03:34:08 | 000,953,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2010/11/22 23:47:46 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101201.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2009/08/28 17:36:26 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/04/25 16:22:49] [Kernel | Auto | Running] -- E:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 E0 6C 33 F9 6E CA 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
    FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.68.2
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"

    FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/24 03:02:09 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: E:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/10 20:21:29 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/12/05 21:11:41 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/12/05 19:23:21 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: E:\Program Files (x86)\Mozilla Firefox\components [2010/09/26 07:47:35 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: E:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/26 07:47:35 | 000,000,000 | ---D | M]

    [2010/06/21 05:40:24 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Mozilla\Extensions
    [2010/06/21 05:41:27 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\r5m2goou.default\extensions
    [2010/06/21 05:41:26 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\r5m2goou.default\extensions\support@lastpass.com

    O1 HOSTS File: ([2010/08/24 20:40:49 | 000,416,976 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 www.123fporn.info
    O1 - Hosts: 14389 more lines...
    O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - E:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
    O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] File not found
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
    O4 - HKLM..\Run: [AirPort Base Station Agent] E:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [Cpu Level Up help] E:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
    O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
    O4 - HKLM..\Run: [Logitech G35] E:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
    O4 - HKLM..\Run: [MSN Toolbar] c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [nmapp] E:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [NUSB3MON] E:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
    O4 - HKLM..\Run: [QFan Help] E:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [TurboV] E:\Program Files (x86)\ASUS\TurboV\TurboV.exe (ASUSTeK Computer Inc.)
    O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
    O4 - HKCU..\Run: [PowerSuite] C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe (Uniblue Systems Limited)
    O4 - Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
    O4 - Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
    O4 - Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Users\Matthew\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe ()
    O4 - Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
    O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
    O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab (DLM Control)
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/virtualmark/tc/FMSI.cab (Futuremark SystemInfo)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://codestreet.webex.com/client/T27LB/webex/ieatgpc1.cab (GpcContainer Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
    O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/06 21:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
    [2010/12/05 22:12:06 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys
    [2010/12/05 22:12:06 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys
    [2010/12/05 22:12:06 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys
    [2010/12/05 22:12:06 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.sys
    [2010/12/05 22:12:06 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys
    [2010/12/05 22:12:06 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys
    [2010/12/05 22:12:06 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys
    [2010/12/05 22:12:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C
    [2010/12/05 19:24:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
    [2010/12/05 19:23:16 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2010/12/05 19:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2010/12/05 19:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2010/12/05 19:22:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
    [2010/12/05 19:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360 Premier Edition
    [2010/12/05 19:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2010/12/05 19:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
    [2010/12/05 19:19:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
    [2010/12/05 18:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2010/12/05 17:34:39 | 000,055,296 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
    [2010/12/05 17:34:33 | 000,455,168 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
    [2010/12/05 17:34:33 | 000,202,752 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
    [2010/12/05 17:34:33 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
    [2010/12/05 17:34:31 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
    [2010/12/05 17:19:12 | 000,000,000 | -HSD | C] -- C:\Windows\BitLockerDiscoveryVolumeContents
    [2010/12/05 17:19:12 | 000,000,000 | ---D | C] -- C:\Windows\RemotePackages
    [2010/12/05 17:04:14 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~LS
    [2010/12/05 15:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
    [2010/12/05 15:39:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6DAA3B20-D487-4FA2-81D5-50404CCB868D}
    [2010/12/05 15:39:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RegistryBooster
    [2010/12/05 15:39:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RegistryBooster
    [2010/12/05 15:29:48 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\Uniblue
    [2010/12/05 15:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
    [2010/12/05 15:18:31 | 000,000,000 | ---D | C] -- C:\perflogs
    [2010/11/26 15:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\DeviceVM
    [2010/11/26 15:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DeviceVM
    [2010/11/26 15:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloaded Installations
    [2010/11/24 18:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pure Networks Shared
    [2010/11/24 18:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
    [2010/11/24 17:06:15 | 000,035,840 | R--- | C] (Avanquest Software) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS
    [2010/11/24 17:03:35 | 000,000,000 | ---D | C] -- C:\Netgear
    [2010/11/23 16:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/11/23 16:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/11/09 15:19:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
    [2010/11/07 11:41:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DKP Profiler Uploader
    [2010/05/05 19:59:10 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
    END PART 1 TOO LONG
     
  15. Palamm

    Palamm TS Rookie Topic Starter Posts: 23

    PART 2

    ========== Files - Modified Within 30 Days ==========

    [2010/12/06 21:24:34 | 001,210,332 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB
    [2010/12/06 20:56:08 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
    [2010/12/06 20:22:27 | 000,746,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/12/06 20:22:27 | 000,639,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/12/06 20:22:27 | 000,111,178 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/12/06 20:15:59 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
    [2010/12/06 20:15:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/12/06 20:15:28 | 1066,749,950 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/06 20:14:33 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000B-00000000-00000001-00001102-00000005-00231102}.rfx
    [2010/12/06 20:14:33 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000B-00000000-00000001-00001102-00000005-00231102}.rfx
    [2010/12/06 20:14:33 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000B-00000000-00000001-00001102-00000005-00231102}.rfx
    [2010/12/06 20:14:28 | 000,019,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/12/06 20:14:28 | 000,019,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/12/06 20:14:27 | 000,000,038 | ---- | M] () -- C:\dvmaccounts.ini
    [2010/12/06 20:10:23 | 778,072,592 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/12/06 18:05:29 | 000,000,800 | ---- | M] () -- C:\Users\Matthew\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2010/12/06 17:31:22 | 000,002,564 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
    [2010/12/05 19:23:16 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2010/12/05 19:23:16 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2010/12/05 19:23:16 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2010/12/05 17:16:57 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
    [2010/12/05 17:16:57 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
    [2010/12/05 16:48:18 | 000,000,002 | ---- | M] () -- C:\$UpgDrv$
    [2010/12/05 15:39:14 | 000,001,087 | ---- | M] () -- C:\Users\Matthew\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerSuite.lnk
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/11/24 19:47:27 | 000,001,072 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
    [2010/11/24 19:47:27 | 000,001,072 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
    [2010/11/24 19:42:41 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2010/11/24 19:42:41 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2010/11/24 19:42:41 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
    [2010/11/24 18:53:58 | 000,426,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/11/24 18:07:14 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\Network Magic.lnk
    [2010/11/23 16:53:17 | 000,001,582 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/11/23 16:51:33 | 000,002,515 | ---- | M] () -- C:\Users\Matthew\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2010/11/23 16:51:33 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2010/11/23 16:50:46 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\Sonos Desktop Controller.lnk
    [2010/11/09 15:31:59 | 000,001,441 | ---- | M] () -- C:\Users\Matthew\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

    ========== Files Created - No Company Name ==========

    [2010/12/06 17:31:08 | 001,210,332 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB
    [2010/12/05 22:12:06 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.cat
    [2010/12/05 22:12:06 | 000,007,787 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv64.cat
    [2010/12/05 22:12:06 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.cat
    [2010/12/05 22:12:06 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.cat
    [2010/12/05 22:12:06 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.cat
    [2010/12/05 22:12:06 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.cat
    [2010/12/05 22:12:06 | 000,007,368 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet64.cat
    [2010/12/05 22:12:06 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.cat
    [2010/12/05 22:12:06 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa.inf
    [2010/12/05 22:12:06 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds.inf
    [2010/12/05 22:12:06 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.inf
    [2010/12/05 22:12:06 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv.inf
    [2010/12/05 22:12:06 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet.inf
    [2010/12/05 22:12:06 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.inf
    [2010/12/05 22:12:06 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.inf
    [2010/12/05 22:12:06 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.inf
    [2010/12/05 22:12:03 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\isolate.ini
    [2010/12/05 19:23:16 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2010/12/05 19:23:16 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2010/12/05 19:23:13 | 000,002,564 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
    [2010/12/05 17:34:39 | 000,332,288 | ---- | C] () -- C:\Windows\SysNative\ATIODE.exe
    [2010/12/05 17:34:39 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\ATIODCLI.exe
    [2010/12/05 17:34:39 | 000,020,862 | ---- | C] () -- C:\Windows\atiogl.xml
    [2010/12/05 17:34:38 | 000,002,023 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2010/12/05 17:34:37 | 000,515,424 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
    [2010/12/05 17:34:36 | 000,002,023 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
    [2010/12/05 17:34:33 | 000,515,424 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
    [2010/12/05 17:34:33 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
    [2010/12/05 17:34:32 | 000,202,234 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
    [2010/12/05 17:18:46 | 000,051,867 | ---- | C] () -- C:\Windows\Ultimate.xml
    [2010/12/05 16:48:18 | 000,000,002 | ---- | C] () -- C:\$UpgDrv$
    [2010/12/05 16:40:33 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
    [2010/12/05 16:40:33 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
    [2010/12/05 15:39:14 | 000,001,087 | ---- | C] () -- C:\Users\Matthew\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerSuite.lnk
    [2010/12/05 15:29:50 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
    [2010/12/05 15:16:26 | 778,072,592 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2010/12/05 15:09:07 | 1066,749,950 | -HS- | C] () -- C:\hiberfil.sys
    [2010/11/24 19:47:27 | 000,061,256 | ---- | C] () -- C:\Windows\SysNative\BMXState-{0000000B-00000000-00000001-00001102-00000005-00231102}.rfx
    [2010/11/24 19:47:27 | 000,001,072 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm
    [2010/11/24 19:47:27 | 000,001,072 | ---- | C] () -- C:\Windows\SysNative\settings.sfm
    [2010/11/24 19:47:27 | 000,000,788 | ---- | C] () -- C:\Windows\SysNative\DVCState-{0000000B-00000000-00000001-00001102-00000005-00231102}.rfx
    [2010/11/24 18:07:14 | 000,001,834 | ---- | C] () -- C:\Users\Public\Desktop\Network Magic.lnk
    [2010/11/23 16:53:17 | 000,001,582 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/08/22 18:00:37 | 000,005,632 | ---- | C] () -- C:\Users\Matthew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/23 15:35:56 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
    [2010/05/05 20:37:52 | 000,021,204 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
    [2010/05/05 19:56:46 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
    [2010/05/05 19:56:20 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
    [2010/04/25 16:07:22 | 000,010,628 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2010/04/25 15:34:36 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/04/25 15:13:25 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2010/04/25 14:53:34 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2010/04/25 14:53:34 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2010/04/25 14:41:48 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
    [2010/04/25 14:41:47 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2010/04/25 14:41:44 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
    [2010/04/25 14:41:44 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
    [2010/04/25 14:36:55 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2010/04/25 14:36:47 | 000,024,193 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2010/02/10 14:17:14 | 000,007,602 | ---- | C] () -- C:\Users\Matthew\AppData\Local\Resmon.ResmonCfg
    [2009/12/07 19:56:59 | 000,000,092 | -H-- | C] () -- C:\Users\Matthew\AppData\Local\fusioncache.dat
    [2009/11/26 21:14:02 | 000,108,840 | -H-- | C] () -- C:\Users\Matthew\AppData\Local\GDIPFONTCACHEV1 (1).DAT
    [2009/11/26 16:51:01 | 003,516,753 | -H-- | C] () -- C:\Users\Matthew\AppData\Local\IconCache (1).db
    [2009/09/29 17:44:52 | 000,000,127 | ---- | C] () -- C:\Windows\zraidtray.ini
    [2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/04 00:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
    [2009/05/27 08:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
    [2009/04/02 04:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
    [2008/09/02 10:35:28 | 000,005,434 | ---- | C] () -- C:\Windows\UN070209.INI
    [2008/07/28 08:06:48 | 000,014,344 | ---- | C] () -- C:\Windows\UN060501.INI
    [2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
    [2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
    [2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
    [2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
    [2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
    [2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
    [2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
    [2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
    [2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

    ========== LOP Check ==========

    [2010/04/26 10:20:57 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Amazon
    [2010/07/23 15:37:02 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\DassaultSystemes
    [2010/07/23 15:48:52 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\EDrawings
    [2010/04/25 15:11:27 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Leadertech
    [2010/05/08 10:55:32 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\NASNaviator2
    [2010/04/25 15:35:00 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\NVD
    [2010/06/21 05:59:38 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\SoftGrid Client
    [2010/06/28 13:39:18 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Teamwork
    [2010/04/25 15:35:01 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\TP
    [2010/12/05 15:39:38 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Uniblue
    [2010/07/11 11:44:48 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Utherverse
    [2010/06/01 11:04:56 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\webex
    [2010/12/06 20:15:59 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
    [2010/10/07 14:52:10 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/12/05 16:48:18 | 000,000,002 | ---- | M] () -- C:\$UpgDrv$
    [2010/12/06 20:14:27 | 000,000,038 | ---- | M] () -- C:\dvmaccounts.ini
    [2010/12/06 20:56:08 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
    [2010/12/06 20:15:28 | 1066,749,950 | -HS- | M] () -- C:\hiberfil.sys
    [2010/04/16 08:09:13 | 000,000,000 | ---- | M] () -- C:\ieout.txt
    [2010/04/26 06:49:55 | 000,297,551 | ---- | M] () -- C:\lastpass_prof.txt
    [2006/12/01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2010/12/06 17:02:29 | 000,192,322 | ---- | M] () -- C:\OTL.Txt
    [2010/12/06 20:15:29 | 2145,386,495 | -HS- | M] () -- C:\pagefile.sys
    [2010/12/06 20:14:13 | 000,073,622 | ---- | M] () -- C:\TDSSKiller.2.4.10.1_06.12.2010_20.13.09_log.txt
    [2010/04/25 14:26:10 | 000,029,512 | ---- | M] () -- C:\WindowsSerifastd-black.otf
    [2010/04/25 14:26:10 | 000,027,772 | ---- | M] () -- C:\WindowsSerifastd-bold.otf
    [2010/04/25 14:26:10 | 000,028,252 | ---- | M] () -- C:\WindowsSerifastd-italic.otf
    [2010/04/25 14:26:11 | 000,027,440 | ---- | M] () -- C:\WindowsSerifastd-light.otf
    [2010/04/25 14:26:11 | 000,028,260 | ---- | M] () -- C:\WindowsSerifastd-lightitalic.otf
    [2010/04/25 14:26:11 | 000,027,452 | ---- | M] () -- C:\WindowsSerifastd-roman.otf

    < %systemroot%\Fonts\*.com >
    [2009/07/13 21:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 21:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 21:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 21:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 12:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 20:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/11/09 15:31:59 | 000,000,221 | -HS- | M] () -- C:\Users\Matthew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/02/09 18:49:39 | 000,460,112 | ---- | M] (techPowerUp (www.techpowerup.com)) -- C:\Users\Matthew\Desktop\GPU-Z.0.3.8.exe
    [2010/12/06 21:10:31 | 000,080,384 | ---- | M] () -- C:\Users\Matthew\Desktop\MBRCheck.exe
    [2010/12/06 21:22:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 13:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/03 14:34:20 | 000,000,402 | -HS- | M] () -- C:\Users\Matthew\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/12/05 17:35:41 | 000,010,628 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
  16. Palamm

    Palamm TS Rookie Topic Starter Posts: 23

    Running Fine now as is IE8 .... Thanks Again for all this Help! I really Appreciate it ... Just tried to post the OTL.txt 's in 2 parts cause too long ... but don't see em yet ... maybe you do? ...

    Thanks - Matt
     
  17. Palamm

    Palamm TS Rookie Topic Starter Posts: 23

    attached as is too long ... or should i cut up and re past?

    Sorry
     

    Attached Files:

    • OTL.Txt
      File size:
      128.1 KB
      Views:
      2
  18. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    OTL log posted. It just had to be approved.
    I'll take a look at it....
     
  19. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    I strongly suggest, you uninstall Uniblue SpeedUpMyPC and Uniblue RegistryBooster

    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ======================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O4 - HKLM..\Run: [] File not found
      O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
      O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
      O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  20. Palamm

    Palamm TS Rookie Topic Starter Posts: 23

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\https deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Matthew
    ->Temp folder emptied: 0 bytes
     
  21. Palamm

    Palamm TS Rookie Topic Starter Posts: 23

    Results of screen317's Security Check version 0.99.5
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Norton 360
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    Java(TM) SE Development Kit 6 Update 20
    Out of date Java installed!
    Adobe Flash Player
    Adobe Reader 9.4.0
    Mozilla Firefox (3.6.3) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  22. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Unless you're Java developer, uninstall Java(TM) SE Development Kit 6 Update 20
     
  23. Palamm

    Palamm TS Rookie Topic Starter Posts: 23

    C:\Program Files (x86)\Uniblue\SpeedUpMyPC\Launcher.exe Win32/SpeedUpMyPC application
    C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sp_move_serial.exe Win32/SpeedUpMyPC application
    C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sp_track_install.exe Win32/SpeedUpMyPC application
    C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application
    C:\Users\Matthew\Downloads\registrybooster.exe Win32/RegistryBooster application
    C:\Windows\System32\RegistryBooster\Launcher.exe Win32/RegistryBooster application
    C:\Windows\System32\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application
    C:\Windows\System32\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application
    C:\Windows\System32\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application
    C:\Windows\System32\RegistryBooster\rb_track_install.exe Win32/RegistryBooster application
    C:\Windows\System32\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
    C:\Windows\SysWOW64\RegistryBooster\Launcher.exe Win32/RegistryBooster application
    C:\Windows\SysWOW64\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application
    C:\Windows\SysWOW64\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application
    C:\Windows\SysWOW64\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application
    C:\Windows\SysWOW64\RegistryBooster\rb_track_install.exe Win32/RegistryBooster application
    C:\Windows\SysWOW64\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
    F:\MATTHEW-OFFICE\Backup Set 2010-12-05 191710\Backup Files 2010-12-05 191710\Backup files 24.zip Win32/RegistryBooster application
    Operating memory Win32/SpeedUpMyPC application
     
  24. Palamm

    Palamm TS Rookie Topic Starter Posts: 23

    just uninstalled the unisoft speed program and reg booster will run scan again now
     
  25. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Also, update Firefox to the latest 3.6.12 version.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...