Solved All started w/ think point virus

[Palamm]

Which i removed then installed norton 360 after I though I had cleaned it out ... Still get bsod on most restates ... When I do get in ... Ie9 was routing to ask.com and other sites ... So I reverted to ie8 which is now super slow ... And norton tells me it is blocking attacks every time i open it .., seems to be coming from device/harddiskvolume4/windows/system32/svchost.exe. Except I can't find that folder or path ... Norton find nothing on scan and I also ran registry booster which did nothing ... Going to try and remove ie8 and go to safari njust so I can access this site and hopefully get this resolved .... Thanks in advance for any suggestions.

 

[Palamm]

Malware Scan Results

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5258

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/6/2010 6:07:40 PM
mbam-log-2010-12-06 (18-07-40).txt

Scan type: Quick scan
Objects scanned: 153448
Time elapsed: 1 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Palamm]

Gmer log blank ...

 

[Palamm]

Dds freezes up system ... About 1/2 way through ... On try 6 now ... Even hangs in safe mode

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[Palamm]

Thank you!! at least no BSOD now .... and ie seems better so far ... here is log


2010/12/06 20:13:09.0716 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/06 20:13:09.0716 ================================================================================
2010/12/06 20:13:09.0716 SystemInfo:
2010/12/06 20:13:09.0716
2010/12/06 20:13:09.0716 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/06 20:13:09.0716 Product type: Workstation
2010/12/06 20:13:09.0716 ComputerName: MATTHEW-OFFICE
2010/12/06 20:13:09.0716 UserName: Matthew
2010/12/06 20:13:09.0716 Windows directory: C:\Windows
2010/12/06 20:13:09.0716 System windows directory: C:\Windows
2010/12/06 20:13:09.0716 Running under WOW64
2010/12/06 20:13:09.0716 Processor architecture: Intel x64
2010/12/06 20:13:09.0716 Number of processors: 8
2010/12/06 20:13:09.0716 Page size: 0x1000
2010/12/06 20:13:09.0716 Boot type: Normal boot
2010/12/06 20:13:09.0716 ================================================================================
2010/12/06 20:13:09.0716 Utility is running under WOW64
2010/12/06 20:13:09.0841 Initialize success
2010/12/06 20:13:15.0051 ================================================================================
2010/12/06 20:13:15.0051 Scan started
2010/12/06 20:13:15.0051 Mode: Manual;
2010/12/06 20:13:15.0051 ================================================================================
2010/12/06 20:13:15.0784 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/06 20:13:15.0816 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/06 20:13:15.0831 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/06 20:13:15.0862 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/06 20:13:15.0878 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/06 20:13:15.0894 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/06 20:13:15.0925 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/12/06 20:13:15.0956 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/06 20:13:15.0972 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/06 20:13:15.0987 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/06 20:13:16.0003 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/06 20:13:16.0081 amdkmdag (cc0b8b1912967d429c4a2d2bd7a9e52d) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/06 20:13:16.0159 amdkmdap (b855c99c23a57edeca29f49a3210b95c) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/12/06 20:13:16.0174 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/06 20:13:16.0206 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/06 20:13:16.0221 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/06 20:13:16.0237 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/06 20:13:16.0252 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/12/06 20:13:16.0284 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/12/06 20:13:16.0299 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/06 20:13:16.0330 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/06 20:13:16.0346 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/06 20:13:16.0362 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
2010/12/06 20:13:16.0455 atikmdag (cc0b8b1912967d429c4a2d2bd7a9e52d) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/06 20:13:16.0502 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/12/06 20:13:16.0518 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/12/06 20:13:16.0549 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/12/06 20:13:16.0580 BHDrvx64 (446b2c459a7d11cd71350235d6977e2a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx64.sys
2010/12/06 20:13:16.0596 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/06 20:13:16.0627 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/06 20:13:16.0642 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/06 20:13:16.0658 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/06 20:13:16.0689 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/12/06 20:13:16.0705 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/06 20:13:16.0720 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/06 20:13:16.0736 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/06 20:13:16.0752 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/06 20:13:16.0767 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
2010/12/06 20:13:16.0798 ccHP (da66e851e76766d2c84502fe682ab175) C:\Windows\system32\drivers\N360x64\0402000.00C\ccHPx64.sys
2010/12/06 20:13:16.0830 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/06 20:13:16.0845 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/06 20:13:16.0876 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/06 20:13:16.0892 CLBStor (125327df629324fad78d9a95ccd0f425) C:\Windows\system32\DRIVERS\CLBStor.sys
2010/12/06 20:13:16.0908 CLBUDF (9c0cd75fea24e7e0e835eee7f14406f7) C:\Windows\system32\drivers\CLBUDF.sys
2010/12/06 20:13:16.0939 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/12/06 20:13:16.0970 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/06 20:13:16.0986 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/06 20:13:17.0017 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/12/06 20:13:17.0032 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/06 20:13:17.0048 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/06 20:13:17.0079 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/06 20:13:17.0110 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2010/12/06 20:13:17.0142 CT20XUT (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\system32\drivers\CT20XUT.SYS
2010/12/06 20:13:17.0157 CT20XUT.SYS (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\System32\drivers\CT20XUT.SYS
2010/12/06 20:13:17.0173 ctac32k (eb3843a91a10150c9e05607cbcb44090) C:\Windows\system32\drivers\ctac32k.sys
2010/12/06 20:13:17.0220 ctaud2k (bc06efb59a2316537765462dfe40f764) C:\Windows\system32\drivers\ctaud2k.sys
2010/12/06 20:13:17.0251 CTEXFIFX (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\system32\drivers\CTEXFIFX.SYS
2010/12/06 20:13:17.0282 CTEXFIFX.SYS (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\System32\drivers\CTEXFIFX.SYS
2010/12/06 20:13:17.0298 CTHWIUT (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\system32\drivers\CTHWIUT.SYS
2010/12/06 20:13:17.0313 CTHWIUT.SYS (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\System32\drivers\CTHWIUT.SYS
2010/12/06 20:13:17.0329 ctprxy2k (ebc9548ef5838cb5aa8f18b3ac28af12) C:\Windows\system32\drivers\ctprxy2k.sys
2010/12/06 20:13:17.0344 ctsfm2k (459bee1682121842285c162e2d98d81a) C:\Windows\system32\drivers\ctsfm2k.sys
2010/12/06 20:13:17.0376 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/12/06 20:13:17.0391 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/12/06 20:13:17.0407 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/12/06 20:13:17.0438 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/12/06 20:13:17.0454 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/06 20:13:17.0516 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/12/06 20:13:17.0547 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2010/12/06 20:13:17.0578 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/06 20:13:17.0610 emupia (c26133b6165928fbd156c6fe570f9ed2) C:\Windows\system32\drivers\emupia2k.sys
2010/12/06 20:13:17.0610 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/12/06 20:13:17.0641 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/06 20:13:17.0672 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/12/06 20:13:17.0703 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/12/06 20:13:17.0797 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/06 20:13:17.0812 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/12/06 20:13:17.0828 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/12/06 20:13:17.0844 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/06 20:13:17.0875 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/12/06 20:13:17.0890 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/12/06 20:13:17.0906 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/06 20:13:17.0937 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/06 20:13:17.0953 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/06 20:13:17.0968 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/06 20:13:18.0015 ha20x2k (a3f010d5dbfb589a3b3288c05c2ea3f9) C:\Windows\system32\drivers\ha20x2k.sys
2010/12/06 20:13:18.0031 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/06 20:13:18.0046 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2010/12/06 20:13:18.0062 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/06 20:13:18.0078 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/06 20:13:18.0109 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/06 20:13:18.0124 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/06 20:13:18.0140 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/06 20:13:18.0171 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/06 20:13:18.0202 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/12/06 20:13:18.0218 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/06 20:13:18.0234 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/06 20:13:18.0265 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/06 20:13:18.0280 IDSVia64 (6f9b281bc4afff5fe784d7da699d347f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101201.001\IDSvia64.sys
2010/12/06 20:13:18.0312 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/06 20:13:18.0358 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\Windows\system32\drivers\RTKVHD64.sys
2010/12/06 20:13:18.0374 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/06 20:13:18.0390 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/06 20:13:18.0421 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/06 20:13:18.0436 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/06 20:13:18.0452 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/12/06 20:13:18.0468 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/12/06 20:13:18.0499 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/06 20:13:18.0514 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/06 20:13:18.0530 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/06 20:13:18.0546 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/06 20:13:18.0561 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/06 20:13:18.0577 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/06 20:13:18.0592 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/12/06 20:13:18.0624 LADF_DHP2 (86dcbf8a41c78561a1da07ab5e7b1ccc) C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
2010/12/06 20:13:18.0639 LADF_SBVM (175c04c7813ce64616b5cb046e5e1383) C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
2010/12/06 20:13:18.0670 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
2010/12/06 20:13:18.0686 LGPBTDD (f705a641c18df31b48b5dbda94b425e4) C:\Windows\system32\Drivers\LGPBTDD.sys
2010/12/06 20:13:19.0142 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
2010/12/06 20:13:19.0163 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2010/12/06 20:13:19.0184 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/06 20:13:19.0213 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2010/12/06 20:13:19.0237 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/06 20:13:19.0254 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/06 20:13:19.0271 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/06 20:13:19.0288 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/06 20:13:19.0306 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/12/06 20:13:19.0328 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/06 20:13:19.0343 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/06 20:13:19.0359 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/12/06 20:13:19.0375 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/06 20:13:19.0406 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/06 20:13:19.0421 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/06 20:13:19.0437 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/12/06 20:13:19.0453 MpFilter (c4d8c3031c7cd5884ca856b15307e997) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/12/06 20:13:19.0468 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/06 20:13:19.0484 MpNWMon (a768f58c55d3f303e686a7646348aec3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/12/06 20:13:19.0499 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/06 20:13:19.0531 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/06 20:13:19.0546 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/06 20:13:19.0562 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/06 20:13:19.0577 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/06 20:13:19.0593 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/06 20:13:19.0624 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/06 20:13:19.0640 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/12/06 20:13:19.0671 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/06 20:13:19.0687 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/06 20:13:19.0702 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/06 20:13:19.0733 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/06 20:13:19.0749 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/12/06 20:13:19.0765 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/12/06 20:13:19.0796 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/06 20:13:19.0811 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/12/06 20:13:19.0827 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/06 20:13:19.0843 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
2010/12/06 20:13:19.0858 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/12/06 20:13:19.0889 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/06 20:13:19.0905 NAVENG (956f589c6a7dde71dc6b03be633ebf23) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101206.024\ENG64.SYS
2010/12/06 20:13:19.0936 NAVEX15 (ee7a0e2478e7cd1a199d1b82e3a69b3e) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101206.024\EX64.SYS
2010/12/06 20:13:19.0983 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/12/06 20:13:20.0014 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/06 20:13:20.0030 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/06 20:13:20.0045 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/06 20:13:20.0061 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/06 20:13:20.0077 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/12/06 20:13:20.0123 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/06 20:13:20.0139 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/06 20:13:20.0170 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/06 20:13:20.0186 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/12/06 20:13:20.0217 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/06 20:13:20.0248 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/12/06 20:13:20.0295 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/12/06 20:13:20.0311 nusb3hub (a61b0af4d6b934928cfd1140deea5c8d) C:\Windows\system32\DRIVERS\nusb3hub.sys
2010/12/06 20:13:20.0342 nusb3xhc (fa4b2f20561bdbcc6b9ac3e3bdcd7e3f) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2010/12/06 20:13:20.0357 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/06 20:13:20.0373 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/06 20:13:20.0389 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/06 20:13:20.0404 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/06 20:13:20.0435 ossrv (0e2de427ebe106e7e5b52869d5c99f68) C:\Windows\system32\drivers\ctoss2k.sys
2010/12/06 20:13:20.0451 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/12/06 20:13:20.0482 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/12/06 20:13:20.0498 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/12/06 20:13:20.0513 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/06 20:13:20.0529 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/06 20:13:20.0545 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/12/06 20:13:20.0576 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/12/06 20:13:20.0623 pnarp (fb83b6c62dff5abe36304351d2bed581) C:\Windows\system32\DRIVERS\pnarp.sys
2010/12/06 20:13:20.0654 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/06 20:13:20.0669 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/12/06 20:13:20.0685 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/06 20:13:20.0747 purendis (1b3434642ce3c26e6f24d3a76d749c2a) C:\Windows\system32\DRIVERS\purendis.sys
2010/12/06 20:13:20.0779 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/06 20:13:20.0810 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/06 20:13:20.0825 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/06 20:13:20.0841 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/06 20:13:20.0857 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/06 20:13:20.0888 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/06 20:13:20.0903 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/06 20:13:20.0919 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/06 20:13:20.0950 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/06 20:13:20.0966 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/06 20:13:20.0981 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/06 20:13:20.0997 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2010/12/06 20:13:21.0013 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/06 20:13:21.0044 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/06 20:13:21.0059 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/12/06 20:13:21.0091 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/12/06 20:13:21.0106 RemoteControl-USBLAN (bfa4873cd96d7144dc0059a70e1e358f) C:\Windows\system32\DRIVERS\rcblan.sys
2010/12/06 20:13:21.0137 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/06 20:13:21.0153 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
2010/12/06 20:13:21.0184 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/12/06 20:13:21.0200 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/06 20:13:21.0215 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/06 20:13:21.0247 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/12/06 20:13:21.0278 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/06 20:13:21.0293 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/12/06 20:13:21.0309 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/06 20:13:21.0340 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/06 20:13:21.0356 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/06 20:13:21.0371 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/06 20:13:21.0387 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/06 20:13:21.0418 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/06 20:13:21.0434 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/06 20:13:21.0449 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/12/06 20:13:21.0465 snapman (8ac15211eb4bf019aab0022781cc8ad0) C:\Windows\system32\DRIVERS\snapman.sys
2010/12/06 20:13:21.0512 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/12/06 20:13:21.0543 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\N360x64\0402000.00C\SRTSP64.SYS
2010/12/06 20:13:21.0574 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\N360x64\0402000.00C\SRTSPX64.SYS
2010/12/06 20:13:21.0621 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/06 20:13:21.0637 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/06 20:13:21.0668 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/06 20:13:21.0715 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/06 20:13:22.0105 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2010/12/06 20:13:22.0136 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/12/06 20:13:22.0151 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2010/12/06 20:13:22.0167 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/06 20:13:22.0198 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\N360x64\0402000.00C\SYMDS64.SYS
2010/12/06 20:13:22.0245 SymEFA (42c952d131eff724a9959bb6d78c1b63) C:\Windows\system32\drivers\N360x64\0402000.00C\SYMEFA64.SYS
2010/12/06 20:13:22.0276 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2010/12/06 20:13:22.0292 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\N360x64\0402000.00C\Ironx64.SYS
2010/12/06 20:13:22.0339 SYMTDIv (8abb6e5b7d75cd3f0a988695d0d9186a) C:\Windows\System32\Drivers\N360x64\0402000.00C\SYMTDIV.SYS
2010/12/06 20:13:22.0401 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/12/06 20:13:22.0448 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/06 20:13:22.0479 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/06 20:13:22.0495 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/12/06 20:13:22.0510 tdrpman (ac1fc18d04b92bac16cbd85de2a08a0b) C:\Windows\system32\DRIVERS\tdrpman.sys
2010/12/06 20:13:22.0541 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/12/06 20:13:22.0557 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/06 20:13:22.0588 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/06 20:13:22.0604 tifsfilter (3e24b7fe52bc455da8d6e2cc2b4ca23f) C:\Windows\system32\DRIVERS\tifsfilt.sys
2010/12/06 20:13:22.0635 timounter (ec4fd4d147985a97e881729e808e6f34) C:\Windows\system32\DRIVERS\timntr.sys
2010/12/06 20:13:22.0682 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/06 20:13:22.0697 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/06 20:13:22.0729 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/06 20:13:22.0744 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/06 20:13:22.0775 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/06 20:13:22.0791 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/06 20:13:22.0807 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/06 20:13:22.0838 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2010/12/06 20:13:22.0853 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2010/12/06 20:13:22.0869 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/06 20:13:22.0885 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/06 20:13:22.0900 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/06 20:13:22.0916 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/06 20:13:22.0947 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/06 20:13:22.0963 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/06 20:13:22.0978 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/06 20:13:22.0994 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/06 20:13:23.0009 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/06 20:13:23.0041 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/06 20:13:23.0056 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/12/06 20:13:23.0072 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/06 20:13:23.0087 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/06 20:13:23.0103 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2010/12/06 20:13:23.0119 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/12/06 20:13:23.0134 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/06 20:13:23.0165 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/12/06 20:13:23.0181 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/06 20:13:23.0197 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/06 20:13:23.0228 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2010/12/06 20:13:23.0243 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/06 20:13:23.0259 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/06 20:13:23.0275 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/06 20:13:23.0306 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/12/06 20:13:23.0321 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/06 20:13:23.0353 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/06 20:13:23.0368 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/12/06 20:13:23.0415 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/12/06 20:13:23.0431 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/06 20:13:23.0462 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/06 20:13:23.0493 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/12/06 20:13:23.0509 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/06 20:13:23.0540 yukonw7 (b2818bfab7817f7e7ee886f58b15b35c) C:\Windows\system32\DRIVERS\yk62x64.sys
2010/12/06 20:13:23.0618 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (74983addca2d9618512c088d856d6615) E:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
2010/12/06 20:13:23.0633 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/06 20:13:23.0649 ================================================================================
2010/12/06 20:13:23.0649 Scan finished
2010/12/06 20:13:23.0649 ================================================================================
2010/12/06 20:13:23.0665 Detected object count: 1
2010/12/06 20:13:55.0877 \HardDisk0 - will be cured after reboot
2010/12/06 20:13:55.0877 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/06 20:14:13.0583 Deinitialize success

 

[Broni]

Good, we just killed a rootkit.

See, if you can run DDS now.

 

[Palamm]

DDS (Ver_10-12-05.01) - NTFS_AMD64
Run by Matthew at 20:37:38.13 on Mon 12/06/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.12279.9777 [GMT -8:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\ASUS.SYS\CONFIG\DVMExportService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ccSvcHst.exe
C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\DeviceVM\Splashtop Remote Software Updater\WCUService.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
E:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\SetPointP\LBTWiz.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
E:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
C:\Users\Matthew\AppData\Local\Apps\2.0\050NO893.YKW\Q86MGDYV.887\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Matthew\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
E:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
E:\Program Files (x86)\ASUS\TurboV\TurboV.exe
E:\Program Files (x86)\AirPort\APAgent.exe
E:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
E:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
E:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
E:\Program Files (x86)\Logitech\G35\G35.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Uniblue\PowerSuite\powersuite.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskhost.exe
E:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
E:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
E:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Matthew\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - E:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - E:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - E:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\coIEPlg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - E:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [PowerSuite] "C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe" delay 20000 -m
mRun: [NUSB3MON] "E:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [TurboV] "E:\Program Files (x86)\ASUS\TurboV\TurboV.exe" -b
mRun: [AirPort Base Station Agent] "E:\Program Files (x86)\AirPort\APAgent.exe"
mRun: [QFan Help] "E:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "E:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
mRun: [HP Software Update] E:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [MSN Toolbar] "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "E:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [Logitech G35] E:\Program Files (x86)\Logitech\G35\G35.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
dRun: [CtxfiReg] CTXFIREG.exe /FAIL1
StartupFolder: C:\Users\Matthew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BUFFAL~1.LNK - C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
StartupFolder: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Matthew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MLBTVN~1.LNK - C:\Users\Matthew\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
StartupFolder: C:\Users\Matthew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NASSCH~1.LNK - C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - E:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/virtualmark/tc/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://codestreet.webex.com/client/T27LB/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun-x64: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
mRun-x64: [Seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\r5m2goou.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\r5m2goou.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: E:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: E:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: E:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
FF - HiddenExtension: Java Console: No Registry Reference - E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0402000.00C\symds64.sys [2010-12-5 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0402000.00C\symefa64.sys [2010-12-5 221232]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-23 953904]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0402000.00C\cchpx64.sys [2010-12-5 615040]
R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\System32\drivers\CLBStor.sys [2010-4-25 24560]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101201.001\IDSviA64.sys [2010-12-6 476792]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2009-12-2 173984]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0402000.00C\ironx64.sys [2010-12-5 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0402000.00C\symtdiv.sys [2010-12-5 451120]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/04/25 16:22:49];E:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-8-28 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-5 202752]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-4-25 90112]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\System32\drivers\CLBUDF.sys [2010-4-25 376304]
R2 MDES;DVM Meta Data Export Service;C:\ASUS.SYS\CONFIG\DVMExportService.exe [2009-3-24 319488]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ccsvchst.exe [2010-12-5 126392]
R2 NasPmService;NAS PM Service;C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 606048]
R2 STRWCUService;Splashtop Remote Software Updater Service;C:\Program Files (x86)\DeviceVM\Splashtop Remote Software Updater\WCUService.exe [2010-8-18 897168]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-12-5 6659072]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-12-5 195584]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-6 132656]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\System32\drivers\LGPBTDD.sys [2009-7-1 30728]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-9-25 73728]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-9-25 178688]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-2-15 401696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service; [x]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2010-11-24 35840]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-4-25 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-4-25 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
S3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\System32\drivers\ladfDHP2amd64.sys [2010-9-29 62168]
S3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\System32\drivers\ladfSBVMamd64.sys [2010-9-29 377176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2009-12-2 40832]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;C:\Windows\System32\drivers\rcblan.sys [2010-4-27 46616]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-26 1255736]

=============== Created Last 30 ================

2010-12-07 01:14:10 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{D32B9A92-0FB1-44C6-8177-E6D5A5689BD9}\mpengine.dll
2010-12-06 06:12:06 615040 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\cchpx64.sys
2010-12-06 06:12:06 505392 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\srtsp64.sys
2010-12-06 06:12:06 451120 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\symtdiv.sys
2010-12-06 06:12:06 433200 ----a-r- C:\Windows\System32\drivers\N360x64\0402000.00C\symds64.sys
2010-12-06 06:12:06 32304 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\srtspx64.sys
2010-12-06 06:12:06 221232 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\symefa64.sys
2010-12-06 06:12:06 150064 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\ironx64.sys
2010-12-06 06:12:03 -------- d-----w- C:\Windows\System32\drivers\N360x64\0402000.00C
2010-12-06 03:24:20 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2010-12-06 03:23:17 34152 ----a-r- C:\Windows\System32\drivers\GEARAspiWDM.sys
2010-12-06 03:23:17 126312 ----a-r- C:\Windows\System32\GEARAspi64.dll
2010-12-06 03:23:17 107368 ----a-r- C:\Windows\SysWow64\GEARAspi.dll
2010-12-06 03:23:16 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2010-12-06 03:23:16 -------- d-----w- C:\Program Files\Symantec
2010-12-06 03:23:16 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-12-06 03:22:37 -------- d-----w- C:\Windows\System32\drivers\N360x64
2010-12-06 03:22:36 -------- d-----w- C:\Program Files (x86)\Norton 360 Premier Edition
2010-12-06 03:20:25 -------- d-----w- C:\PROGRA~3\Norton
2010-12-06 03:19:52 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2010-12-06 03:19:52 -------- d-----w- C:\PROGRA~3\NortonInstaller
2010-12-06 01:26:10 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-12-06 01:26:10 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-12-06 01:19:12 -------- d-sh--w- C:\Windows\BitLockerDiscoveryVolumeContents
2010-12-06 01:19:12 -------- d-----w- C:\Windows\RemotePackages
2010-12-06 01:04:14 -------- d-----w- C:\$WINDOWS.~LS
2010-12-05 23:40:29 -------- d-----w- C:\PROGRA~3\Uniblue
2010-12-05 23:39:33 -------- dc-h--w- C:\PROGRA~3\{6DAA3B20-D487-4FA2-81D5-50404CCB868D}
2010-12-05 23:39:32 -------- d-----w- C:\Windows\SysWow64\RegistryBooster
2010-12-05 23:39:32 -------- d-----w- C:\Windows\System32\RegistryBooster
2010-12-05 23:29:48 -------- d-----w- C:\Users\Matthew\AppData\Roaming\Uniblue
2010-12-05 23:29:45 -------- d-----w- C:\Program Files (x86)\Uniblue
2010-12-05 23:18:31 -------- d-----w- C:\perflogs
2010-11-26 23:40:58 -------- d-----w- C:\PROGRA~3\DeviceVM
2010-11-26 23:35:51 -------- d-----w- C:\Program Files (x86)\DeviceVM
2010-11-26 23:35:39 -------- d-----w- C:\Program Files (x86)\Downloaded Installations
2010-11-25 02:58:56 53248 ----a-r- C:\Users\Matthew\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-11-25 02:05:24 33328 ----a-w- C:\Windows\System32\drivers\pnarp.sys
2010-11-25 02:05:18 35376 ----a-w- C:\Windows\System32\drivers\purendis.sys
2010-11-25 02:05:11 -------- d-----w- C:\Program Files (x86)\Common Files\Pure Networks Shared
2010-11-25 02:04:55 -------- d-----w- C:\PROGRA~3\Pure Networks
2010-11-25 01:06:15 35840 ----a-r- C:\Windows\System32\drivers\BVRPMPR5a64.SYS
2010-11-25 01:03:35 -------- d-----w- C:\Netgear
2010-11-24 00:53:08 -------- d-----w- C:\Program Files\iPod
2010-11-24 00:53:07 -------- d-----w- C:\Program Files\iTunes
2010-11-16 02:29:59 506728 ----a-w- C:\Windows\System32\d3dx10_33.dll
2010-11-09 23:20:34 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-11-09 23:19:55 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll
2010-11-09 23:19:54 1495040 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll
2010-11-09 23:19:37 -------- d-----w- C:\Program Files (x86)\Feedback Tool
2010-11-07 19:41:27 -------- d-----w- C:\Program Files (x86)\DKP Profiler Uploader
2010-11-07 19:41:20 73216 ----a-w- C:\Windows\ST6UNST.EXE
2010-11-07 19:41:20 249856 ------w- C:\Windows\Setup1.exe

==================== Find3M ====================

2010-11-30 01:42:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-25 03:42:41 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2010-11-25 03:42:41 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2010-11-25 03:42:41 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2010-11-25 03:42:41 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2010-11-25 02:58:45 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-29 19:34:50 377176 ----a-w- C:\Windows\System32\drivers\ladfSBVMamd64.sys
2010-09-29 19:34:48 62168 ----a-w- C:\Windows\System32\drivers\ladfDHP2amd64.sys
2010-09-29 19:34:26 78168 ----a-w- C:\Windows\System32\LADFCoinst_amd64.dll
2010-09-28 23:44:52 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2010-09-28 23:44:52 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-09 22:39:14 2826240 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2010-09-08 18:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

============= FINISH: 20:38:00.36 ===============

 

[Palamm]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 4/25/2010 6:12:07 AM
System Uptime: 12/6/2010 8:15:16 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P6X58D PREMIUM
Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz | LGA1366 | 2801/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 238 GiB total, 142.872 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 1863 GiB total, 1808.861 GiB free.
F: is FIXED (NTFS) - 1863 GiB total, 1312.027 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 7400 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 7400 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel

==== System Restore Points ===================

RP296: 12/5/2010 6:46:53 PM - Windows Update
RP297: 12/5/2010 7:15:11 PM - Post Nightmare I hope
RP298: 12/5/2010 7:17:13 PM - Windows Backup
RP299: 12/6/2010 3:00:10 AM - Windows Update
RP300: 12/6/2010 5:14:02 PM - Windows Update
RP301: 12/6/2010 5:17:11 PM - Windows Modules Installer

==== Installed Programs ======================

3DMark Vantage
3DMark06
7300_Help
7400
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.0
AGEIA PhysX v7.09.13
AI Suite
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
AirPort
Amazon MP3 Downloader 1.0.10
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
ASUSUpdate
ATI Catalyst Registration
Bloomberg Keyboard v10.5
Bloomberg PFM Upload Tool for Microsoft Excel
Bloomberg Professional Service
Bloomberg SFD Data Dictionary
BUFFALO NAS Navigator
BufferChm
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
Cisco Network Magic
Copy
Creative ALchemy
Creative Audio Control Panel
Creative Console Launcher
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative WaveStudio 7
Curse Client
CyberLink Blu-ray Disc Suite
CyberLink InstantBurn
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerBackup
CyberLink PowerDirector
CyberLink PowerDVD 8
CyberLink PowerProducer
Destinations
DeviceDiscovery
DKP Profiler
DocProc
DraftDominator Version 11.0L
Driver Genius Professional Edition
EPU-6 Engine
eReg
EVE Online (remove only)
Express Gate Tools
Fax
Feedback Tool
Futuremark SystemInfo
GPBaseService2
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
HydraVision
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) SE Development Kit 6 Update 20
LastPass (uninstall only)
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
MarketResearch
Marvell Miniport Driver
Microsoft Default Manager
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft UI Engine
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.3)
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEC Electronics USB 3.0 Host Controller Driver
Network Magic
Norton 360 Premier Edition
OpenAL
PC Probe II
Picasa 3
Pure Networks Platform
QuickTime
Rawr
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Red Light Center 3D Client
Remote Control USB Driver
RingCentral Voicemail Player
Safari
Scan
Seagate*DiscWizard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
SmartWebPrinting
SolidWorks eDrawings 2010
SolutionCenter
Sonos Desktop Controller
Splashtop Remote Software Updater
Spybot - Search & Destroy
Status
Steam
Teamwork
The Lord of the Rings FREE Trial
Toolbox
TrayApp
TurboTax 2008
TurboTax 2008 wcaiper
TurboTax 2008 wctiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wnyiper
TurboTax 2008 wrapper
TurboV
Uniblue DriverScanner
Uniblue PowerSuite
Uniblue RegistryBooster
Uniblue SpeedUpMyPC
Uniblue SystemTweaker
Uninstall of File Security Tool
UnloadSupport
WebEx
WebReg
World of Warcraft
World of Warcraft Public Test
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/6/2010 8:15:35 PM, Error: Service Control Manager [7000] - The UFD Command Service service failed to start due to the following error: The system cannot find the path specified.
12/6/2010 8:15:35 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The system cannot find the path specified.
12/6/2010 8:10:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000469c5a1, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120610-31746-01.
12/6/2010 6:58:16 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/6/2010 6:58:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/6/2010 6:58:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/6/2010 6:58:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/6/2010 6:58:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/6/2010 6:58:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/6/2010 6:58:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/6/2010 6:58:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff800046d680c, 0xfffff88007367d80, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120610-29702-01.
12/6/2010 6:57:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AsUpIO BHDrvx64 ccHP CSC DfsC discache eeCtrl IDSVia64 MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SYMTDIv tdx Wanarpv6 WfpLwf
12/6/2010 6:57:56 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/6/2010 6:57:56 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/6/2010 6:57:56 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/6/2010 6:57:56 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/6/2010 6:57:56 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/6/2010 6:57:56 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
12/6/2010 6:57:56 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/6/2010 6:57:56 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/6/2010 6:57:56 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/6/2010 6:57:55 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
12/6/2010 6:46:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff800046d5cd8, 0xfffff8800d350ab0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120610-31605-01.
12/6/2010 6:34:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80003a9e2b3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120610-34179-01.
12/6/2010 6:30:54 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/6/2010 6:30:52 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/6/2010 6:30:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO BHDrvx64 ccHP discache eeCtrl IDSVia64 MpFilter spldr SRTSPX SymIRON SYMTDIv Wanarpv6
12/6/2010 6:25:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
12/6/2010 6:04:39 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.50. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer.
12/6/2010 5:49:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80003e7780c, 0xfffff8800ab6fd80, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120610-26660-01.
12/5/2010 7:22:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB976422).
12/5/2010 7:12:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2447568).
12/5/2010 6:48:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect.
12/5/2010 6:48:13 PM, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/5/2010 5:34:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AMD External Events Utility service to connect.
12/5/2010 5:34:52 PM, Error: Service Control Manager [7000] - The AMD External Events Utility service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/5/2010 4:44:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8000296c5e0, 0xfffff880055b8f30, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120510-23181-01.
12/5/2010 4:44:19 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/5/2010 4:33:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
12/5/2010 4:31:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO discache MpFilter spldr Wanarpv6
12/5/2010 4:20:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
12/5/2010 3:52:05 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8000329180c, 0xfffff8800283ed80, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120510-27050-01.
12/5/2010 3:51:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AsUpIO CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
12/5/2010 3:16:34 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The system cannot find the file specified.
12/5/2010 3:16:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff800032f4436). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120510-16192-01.
12/5/2010 3:09:40 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/5/2010 3:09:40 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

==== End Of File ===========================

 

[Broni]

Very good

You're running two AV programs, Microsoft Security Essentials and Norton.
One of them has to go.
If Norton, make sure to use this tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

When done...

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

 

[Palamm]

BRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 229):
0x04813000 \SystemRoot\system32\ntoskrnl.exe
0x04DEF000 \SystemRoot\system32\hal.dll
0x00BCD000 \SystemRoot\system32\kdcom.dll
0x00CD2000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D16000 \SystemRoot\system32\PSHED.dll
0x00D2A000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E15000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EB9000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EC8000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F1F000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F28000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F32000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F65000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F72000 \SystemRoot\System32\drivers\partmgr.sys
0x00F87000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F9C000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FF8000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E00000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00D88000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DA2000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00DAB000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00DD5000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010A5000 \SystemRoot\system32\drivers\fltmgr.sys
0x010F1000 \SystemRoot\system32\drivers\N360x64\0402000.00C\SYMDS64.SYS
0x0115F000 \SystemRoot\system32\drivers\fileinfo.sys
0x01173000 \SystemRoot\system32\drivers\N360x64\0402000.00C\SYMEFA64.SYS
0x0120E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x013B1000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0144B000 \SystemRoot\System32\Drivers\cng.sys
0x014BE000 \SystemRoot\System32\drivers\pcw.sys
0x014CF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014D9000 \SystemRoot\system32\drivers\ndis.sys
0x016BE000 \SystemRoot\system32\drivers\NETIO.SYS
0x0171E000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x01749000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01600000 \SystemRoot\system32\DRIVERS\timntr.sys
0x01793000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x017A3000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01AAC000 \SystemRoot\system32\DRIVERS\tdrpman.sys
0x01B40000 \SystemRoot\System32\Drivers\spldr.sys
0x01B48000 \SystemRoot\system32\DRIVERS\snapman.sys
0x01B83000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BBD000 \SystemRoot\System32\Drivers\mup.sys
0x01BCF000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01A00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01A3A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A50000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x015CB000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01BEB000 \SystemRoot\system32\DRIVERS\CLBStor.sys
0x01BF5000 \SystemRoot\System32\Drivers\Null.SYS
0x01AA3000 \SystemRoot\System32\Drivers\Beep.SYS
0x017EF000 \SystemRoot\System32\drivers\vga.sys
0x013CB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0142D000 \SystemRoot\System32\drivers\watchdog.sys
0x016B0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0143D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x015F5000 \SystemRoot\system32\drivers\rdprefmp.sys
0x013F0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0105E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0106F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01200000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02E31000 \SystemRoot\System32\Drivers\N360x64\0402000.00C\SYMTDIV.SYS
0x02EA7000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x02EDD000 \SystemRoot\system32\drivers\afd.sys
0x02F67000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02FAC000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02FB5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02FDB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02E00000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02E1B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x011AE000 \SystemRoot\system32\drivers\N360x64\0402000.00C\Ironx64.SYS
0x02FEA000 \SystemRoot\system32\drivers\N360x64\0402000.00C\SRTSPX64.SYS
0x04235000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04286000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04292000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0429D000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101201.001\IDSvia64.sys
0x04318000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x0438E000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x043B3000 \SystemRoot\System32\drivers\discache.sys
0x044D4000 \SystemRoot\system32\drivers\csc.sys
0x04557000 \SystemRoot\System32\Drivers\dfsc.sys
0x04400000 \SystemRoot\system32\drivers\N360x64\0402000.00C\ccHPx64.sys
0x0449C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04640000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx64.sys
0x0472D000 \SystemRoot\SysWow64\drivers\AsUpIO.sys
0x04733000 \SystemRoot\SysWow64\drivers\AsIO.sys
0x0475F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04775000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x047A5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x047A7000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04A6C000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x05292000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05386000 \SystemRoot\System32\drivers\dxgmms1.sys
0x053CC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x053F0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x05200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x05256000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x05116000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x0548B000 \SystemRoot\system32\drivers\ctaud2k.sys
0x05531000 \SystemRoot\system32\drivers\portcls.sys
0x0556E000 \SystemRoot\system32\drivers\drmk.sys
0x05590000 \SystemRoot\system32\drivers\ks.sys
0x05400000 \SystemRoot\system32\drivers\ctoss2k.sys
0x05431000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x05439000 \SystemRoot\system32\drivers\ksthunk.sys
0x0543F000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x0547D000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x055D3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x055E0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x055E9000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x05267000 \SystemRoot\system32\DRIVERS\serscan.sys
0x0526F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0517B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05285000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0519F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x051CE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04A00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04A21000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04A3B000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04A46000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04A55000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x055F9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x055FB000 \SystemRoot\system32\drivers\LGBusEnum.sys
0x051E9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04739000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x04575000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0681F000 \SystemRoot\system32\drivers\ha20x2k.sys
0x069A0000 \SystemRoot\system32\drivers\emupia2k.sys
0x04600000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x06A53000 \SystemRoot\system32\drivers\ctac32k.sys
0x06B01000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06B16000 \SystemRoot\System32\drivers\CTHWIUT.SYS
0x06B31000 \SystemRoot\System32\drivers\CT20XUT.SYS
0x06E69000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
0x06FC6000 \SystemRoot\system32\drivers\RtHDMIVX.sys
0x07438000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x07672000 \SystemRoot\System32\drivers\Dxapi.sys
0x0767E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0768C000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x07698000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x076A1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x076B4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x076D1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x076DF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x076F8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x07701000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x07716000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x07723000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x07737000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x07745000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00530000 \SystemRoot\System32\TSDDD.dll
0x00720000 \SystemRoot\System32\cdd.dll
0x07753000 \SystemRoot\System32\Drivers\usbaapl64.sys
0x07764000 \SystemRoot\system32\drivers\luafv.sys
0x07787000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0x0779E000 \SystemRoot\system32\drivers\WudfPf.sys
0x06B66000 \SystemRoot\System32\Drivers\CLBUDF.SYS
0x077BF000 \SystemRoot\System32\Drivers\LGPBTDD.sys
0x077CA000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x06E00000 \SystemRoot\system32\DRIVERS\udfs.sys
0x07400000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x077E7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06E54000 \SystemRoot\system32\DRIVERS\pnarp.sys
0x06BD0000 \SystemRoot\system32\DRIVERS\purendis.sys
0x06BDC000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03ABE000 \SystemRoot\system32\drivers\HTTP.sys
0x03B86000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03BA4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03BBC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03A00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03A4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03A71000 \SystemRoot\system32\DRIVERS\WinUsb.sys
0x070DC000 \SystemRoot\system32\drivers\peauth.sys
0x07182000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0718D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x071BA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x071CC000 \??\E:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
0x07000000 \SystemRoot\System32\DRIVERS\srv2.sys
0x09AC9000 \SystemRoot\System32\DRIVERS\srv.sys
0x09B5F000 \SystemRoot\System32\Drivers\N360x64\0402000.00C\SRTSP64.SYS
0x0B417000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101206.024\EX64.SYS
0x0B5D5000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101206.024\ENG64.SYS
0x0B5F5000 \SystemRoot\system32\drivers\LGVirHid.sys
0x09A00000 \SystemRoot\system32\drivers\mrxdav.sys
0x09A28000 \SystemRoot\system32\drivers\spsys.sys
0x771F0000 \Windows\System32\ntdll.dll
0x48380000 \Windows\System32\smss.exe
0xFF510000 \Windows\System32\apisetschema.dll
0xFF120000 \Windows\System32\autochk.exe
0x770F0000 \Windows\System32\user32.dll
0xFF380000 \Windows\System32\urlmon.dll
0xFF370000 \Windows\System32\lpk.dll
0xFF2D0000 \Windows\System32\msvcrt.dll
0xFF230000 \Windows\System32\clbcatq.dll
0xFF200000 \Windows\System32\imm32.dll
0xFF0D0000 \Windows\System32\wininet.dll
0xFF080000 \Windows\System32\Wldap32.dll
0xFEEA0000 \Windows\System32\setupapi.dll
0xFEDC0000 \Windows\System32\oleaut32.dll
0xFED40000 \Windows\System32\shlwapi.dll
0x773C0000 \Windows\System32\psapi.dll
0xFEAE0000 \Windows\System32\iertutil.dll
0x76FD0000 \Windows\System32\kernel32.dll
0xFEAC0000 \Windows\System32\sechost.dll
0xFE9B0000 \Windows\System32\msctf.dll
0xFE910000 \Windows\System32\comdlg32.dll
0xFE890000 \Windows\System32\difxapi.dll
0xFE820000 \Windows\System32\gdi32.dll
0xFE750000 \Windows\System32\usp10.dll
0xFE740000 \Windows\System32\nsi.dll
0xFE660000 \Windows\System32\advapi32.dll
0x773B0000 \Windows\System32\normaliz.dll
0xFE530000 \Windows\System32\rpcrt4.dll
0xFE320000 \Windows\System32\ole32.dll
0xFE2D0000 \Windows\System32\ws2_32.dll
0xFE2B0000 \Windows\System32\imagehlp.dll
0xFD520000 \Windows\System32\shell32.dll
0xFD500000 \Windows\System32\devobj.dll
0xFD490000 \Windows\System32\KernelBase.dll
0xFD3F0000 \Windows\System32\comctl32.dll
0xFD3B0000 \Windows\System32\wintrust.dll
0xFD240000 \Windows\System32\crypt32.dll
0xFD200000 \Windows\System32\cfgmgr32.dll
0xFD1F0000 \Windows\System32\msasn1.dll
0x76810000 \Windows\SysWOW64\normaliz.dll

Processes (total 114):
0 System Idle Process
4 System
508 C:\Windows\System32\smss.exe
656 csrss.exe
740 C:\Windows\System32\wininit.exe
764 csrss.exe
796 C:\Windows\System32\services.exe
816 C:\Windows\System32\lsass.exe
824 C:\Windows\System32\lsm.exe
924 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\winlogon.exe
472 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\atiesrxx.exe
1092 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1332 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
1392 C:\Windows\System32\svchost.exe
1572 WUDFHost.exe
1604 C:\Windows\System32\atieclxx.exe
1640 WUDFHost.exe
1700 C:\Windows\System32\svchost.exe
1812 C:\Windows\System32\spoolsv.exe
1852 C:\Windows\System32\svchost.exe
1924 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1992 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
2024 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1476 C:\Windows\System32\svchost.exe
1688 C:\Windows\SysWOW64\svchost.exe
2052 C:\ASUS.SYS\CONFIG\DVMExportService.exe
2124 WUDFHost.exe
2188 C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ccsvchst.exe
2248 C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
2284 C:\Windows\System32\svchost.exe
2340 C:\Windows\System32\svchost.exe
2400 C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2432 C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
2576 C:\Windows\System32\svchost.exe
2596 C:\Program Files (x86)\DeviceVM\Splashtop Remote Software Updater\WCUService.exe
2640 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2708 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
3200 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3764 C:\Windows\System32\svchost.exe
3788 C:\Windows\System32\SearchIndexer.exe
3948 C:\Windows\System32\svchost.exe
3912 C:\Windows\System32\taskhost.exe
3212 C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ccsvchst.exe
1684 C:\Windows\System32\taskeng.exe
4196 E:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
4272 C:\Windows\System32\dwm.exe
4316 C:\Windows\explorer.exe
4624 C:\Program Files\Logitech\SetPointP\LBTWiz.exe
4672 C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
4684 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
4768 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
4776 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
4868 C:\Program Files\Logitech\SetPointP\SetPoint.exe
4924 E:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
4956 C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
5008 C:\Users\Matthew\AppData\Local\Apps\2.0\050NO893.YKW\Q86MGDYV.887\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe
5016 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
5072 C:\Users\Matthew\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
5104 C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
4564 E:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
5220 C:\Program Files\Logitech\SetPointG\SetPointII.exe
5228 E:\Program Files (x86)\ASUS\TurboV\TurboV.exe
5372 E:\Program Files (x86)\AirPort\APAgent.exe
5496 E:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
5784 C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
5800 C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
5840 E:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
5884 C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
5992 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
6076 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
6108 E:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
1080 E:\Program Files (x86)\Logitech\G35\G35.exe
5272 C:\Windows\SysWOW64\Ctxfihlp.exe
5396 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
468 C:\Windows\SysWOW64\CTxfispi.exe
5952 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
952 C:\Program Files (x86)\Uniblue\PowerSuite\powersuite.exe
5168 C:\Program Files\Windows Media Player\wmpnetwk.exe
6340 C:\Windows\System32\svchost.exe
6752 C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe
6564 C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
6940 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
6884 taskhost.exe
6224 E:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
1496 E:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
1980 E:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
6172 E:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
7336 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
7412 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
7604 C:\Windows\System32\sppsvc.exe
7024 C:\Windows\System32\svchost.exe
5792 WUDFHost.exe
6648 C:\Program Files\iPod\bin\iPodService.exe
10100 C:\Program Files (x86)\Internet Explorer\iexplore.exe
6012 C:\Program Files (x86)\Internet Explorer\iexplore.exe
8020 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
9448 C:\Program Files (x86)\Internet Explorer\iexplore.exe
10684 C:\Windows\servicing\TrustedInstaller.exe
2236 C:\Program Files (x86)\Internet Explorer\iexplore.exe
10492 C:\Windows\System32\audiodg.exe
8360 C:\Windows\System32\msiexec.exe
10556 C:\Windows\System32\svchost.exe
2088 C:\Windows\System32\SearchProtocolHost.exe
10436 C:\Windows\System32\SearchFilterHost.exe
11168 C:\Windows\SysWOW64\dllhost.exe
9152 dllhost.exe
9260 dllhost.exe
4332 C:\Users\Matthew\Desktop\MBRCheck.exe
11000 C:\Windows\System32\conhost.exe
4068 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000000`06500000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`007e0000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000 (NTFS)

PhysicalDrive2 Model Number: CORSAIRCMFSSD-256GBG2D
PhysicalDrive0 Model Number: ST32000641AS, Rev: CC13
PhysicalDrive1 Model Number: ST32000641AS, Rev: CC13

Size Device Name MBR Status
--------------------------------------------
238 GB \\.\PhysicalDrive2 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
1863 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
1863 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

 

[Broni]

Looks good

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Palamm]

OTL Extras logfile created on: 12/6/2010 9:24:04 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Matthew\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 9.00 Gb Available Physical Memory | 78.00% Memory free
30.00 Gb Paging File | 27.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238.37 Gb Total Space | 142.82 Gb Free Space | 59.92% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 1808.86 Gb Free Space | 97.09% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1312.03 Gb Free Space | 70.43% Space Free | Partition Type: NTFS

Computer Name: MATTHEW-OFFICE | User Name: Matthew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{AB3FDAEC-7702-3A47-655B-4A34714CBEFA}" = ccc-utility64
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
"{CDDE7049-3EC8-933E-69C9-C65B3AAD8E24}" = ATI Problem Report Wizard
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBB03C04-9E78-6758-94C9-5D128401CFF8}" = WMV9/VC-1 Video Playback
"{E974638C-9F47-48C4-672C-B9C65F2BAD62}" = AMD Drag and Drop Transcoding
"{EB78DD44-9AEE-7160-4AC3-053636D393C6}" = ATI AVIVO64 Codecs
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{EF5948BA-589D-4BE7-B993-C45DC1A77E24}" = MobileMe Control Panel
"{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Shop for HP Supplies" = Shop for HP Supplies
"SP6" = Logitech SetPoint 6.15

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding
"{034C3647-3240-B744-D10B-637197A1E5B1}" = Catalyst Control Center InstallProxy
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{098BC897-4F0D-4D27-B7D2-9723D432CB41}" = RingCentral Voicemail Player
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1401311D-3960-4CEB-AC0B-4214F069E5B9}" = Sonos Desktop Controller
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{214ED689-3F31-4ABC-A79D-870A73ECB086}" = TurboTax 2008 wctiper
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2C440596-FD75-9EA6-5472-B2EDBF5D222B}" = ccc-core-static
"{2D6E56F0-A066-467F-A115-3EE3D7DFBE0A}" = Teamwork
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30BEFEDE-0B7A-4659-ADD8-C82F00B64288}" = 7400
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{32257980-61DF-4685-A72B-08683838233B}" = 7300_Help
"{32394A59-A39C-4C90-A9A5-F16B0C7442E1}" = Express Gate Tools
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java(TM) SE Development Kit 6 Update 20
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66468F4D-BC4E-470C-9093-B3B6A1BB378C}" = MSN Toolbar Platform
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74487955-B85B-4040-A3B6-9EAC0A8AD198}" = AirPort
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7ACEE78A-537D-2857-1A64-72198BC4A67D}" = Catalyst Control Center Graphics Previews Vista
"{7CD82818-18F2-E4D5-A502-9D1F16C8DF9C}" = Catalyst Control Center Graphics Previews Common
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C22E4E-4543-4906-9058-691F06DE45DE}" = Splashtop Remote Software Updater
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A76CFCA-4BEC-C88E-3A7B-7CD18E3B86EA}" = CCC Help English
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C3DE07CB-036F-45BC-85BD-D6FFC5D33603}" = TurboTax 2008 wnyiper
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate*DiscWizard
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C8B31B99-1D1A-4B8E-AFC6-AECB2EE08FC6}" = SolidWorks eDrawings 2010
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DBB1F4ED-3212-4F58-A427-9C01DE4A24A5}_is1" = Uniblue SystemTweaker
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E7951681-CCC7-24AA-7BFE-9647F477DCFF}" = HydraVision
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ALchemy" = Creative ALchemy
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AudioCS" = Creative Audio Control Panel
"Bloomberg Keyboard v10.5" = Bloomberg Keyboard v10.5
"Bloomberg PFM Upload Tool for Microsoft Excel" = Bloomberg PFM Upload Tool for Microsoft Excel
"Bloomberg Professional Service" = Bloomberg Professional Service
"Bloomberg SFD Data Dictionary" = Bloomberg SFD Data Dictionary
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DraftDominator_is1" = DraftDominator Version 11.0L
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"EVE" = EVE Online (remove only)
"FileHippo.com" = FileHippo.com Update Checker
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"N360" = Norton 360 Premier Edition
"Network MagicUninstall" = Network Magic
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"Red Light Center 3D Client" = Red Light Center 3D Client
"ST6UNST #1" = DKP Profiler
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"TurboTax 2008" = TurboTax 2008
"UN060501" = BUFFALO NAS Navigator
"UN070209" = Uninstall of File Security Tool
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"WaveStudio 7" = Creative WaveStudio 7
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"834936787.elitistjerks.com" = Rawr
"LastPass" = LastPass (uninstall only)
"Teamwork" = Teamwork

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/6/2010 9:18:44 PM | Computer Name = Matthew-Office | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16671 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 8ed0 Start
Time: 01cb95ac99efcf8f Termination Time: 7 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: ecdbdf9e-019f-11e0-8120-485b392852d0

Error - 12/6/2010 9:19:23 PM | Computer Name = Matthew-Office | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16671,
time stamp: 0x4c86f9be Faulting module name: LPBar.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4c39f782 Exception code: 0xc0000005 Fault offset: 0x102a4780 Faulting
process id: 0x9058 Faulting application start time: 0x01cb95acc64b70d5 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
LPBar.dll Report Id: 05b3f2ae-01a0-11e0-8120-485b392852d0

Error - 12/6/2010 9:19:57 PM | Computer Name = Matthew-Office | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16671,
time stamp: 0x4c86f9be Faulting module name: LPBar.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4c39f782 Exception code: 0xc0000005 Fault offset: 0x102a4780 Faulting
process id: 0x3010 Faulting application start time: 0x01cb95acdab67c3e Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
LPBar.dll Report Id: 1a03ad81-01a0-11e0-8120-485b392852d0

Error - 12/6/2010 9:20:12 PM | Computer Name = Matthew-Office | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16671,
time stamp: 0x4c86f9be Faulting module name: LPBar.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4c39f782 Exception code: 0xc0000005 Fault offset: 0x102a4780 Faulting
process id: 0x95f0 Faulting application start time: 0x01cb95ace2c8cbcf Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
LPBar.dll Report Id: 22d04f1c-01a0-11e0-8120-485b392852d0

Error - 12/6/2010 9:20:31 PM | Computer Name = Matthew-Office | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16671,
time stamp: 0x4c86f9be Faulting module name: LPBar.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4c39f782 Exception code: 0xc0000005 Fault offset: 0x102a4780 Faulting
process id: 0x940c Faulting application start time: 0x01cb95acee65fd18 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
LPBar.dll Report Id: 2e660639-01a0-11e0-8120-485b392852d0

Error - 12/6/2010 9:21:14 PM | Computer Name = Matthew-Office | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16671,
time stamp: 0x4c86f9be Faulting module name: LPBar.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4c39f782 Exception code: 0xc0000005 Fault offset: 0x102a4780 Faulting
process id: 0x1690 Faulting application start time: 0x01cb95ad07fd4445 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
LPBar.dll Report Id: 4825485c-01a0-11e0-8120-485b392852d0

Error - 12/6/2010 9:29:48 PM | Computer Name = Matthew-Office | Source = Bonjour Service | ID = 100
Description = 252: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/6/2010 10:16:39 PM | Computer Name = Matthew-Office | Source = Bonjour Service | ID = 100
Description = 592: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/7/2010 12:14:13 AM | Computer Name = Matthew-Office | Source = Bonjour Service | ID = 100
Description = 600: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/7/2010 12:14:23 AM | Computer Name = Matthew-Office | Source = Bonjour Service | ID = 100
Description = 540: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 12/6/2010 10:58:16 PM | Computer Name = Matthew-Office | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 12/6/2010 11:05:39 PM | Computer Name = Matthew-Office | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:00:48 PM on ?12/?6/?2010 was unexpected.

Error - 12/6/2010 11:05:43 PM | Computer Name = Matthew-Office | Source = Service Control Manager | ID = 7000
Description = The UFD Command Service service failed to start due to the following
error: %%3

Error - 12/6/2010 11:05:44 PM | Computer Name = Matthew-Office | Source = Service Control Manager | ID = 7000
Description = The SBSD Security Center Service service failed to start due to the
following error: %%3

Error - 12/7/2010 12:10:27 AM | Computer Name = Matthew-Office | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:44:29 PM on ?12/?6/?2010 was unexpected.

Error - 12/7/2010 12:10:41 AM | Computer Name = Matthew-Office | Source = BugCheck | ID = 1001
Description =

Error - 12/7/2010 12:10:42 AM | Computer Name = Matthew-Office | Source = Service Control Manager | ID = 7000
Description = The UFD Command Service service failed to start due to the following
error: %%3

Error - 12/7/2010 12:10:42 AM | Computer Name = Matthew-Office | Source = Service Control Manager | ID = 7000
Description = The SBSD Security Center Service service failed to start due to the
following error: %%3

Error - 12/7/2010 12:15:35 AM | Computer Name = Matthew-Office | Source = Service Control Manager | ID = 7000
Description = The UFD Command Service service failed to start due to the following
error: %%3

Error - 12/7/2010 12:15:35 AM | Computer Name = Matthew-Office | Source = Service Control Manager | ID = 7000
Description = The SBSD Security Center Service service failed to start due to the
following error: %%3


< End of report >

 

[Palamm]

OTL logfile created on: 12/6/2010 9:24:04 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Matthew\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 9.00 Gb Available Physical Memory | 78.00% Memory free
30.00 Gb Paging File | 27.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238.37 Gb Total Space | 142.82 Gb Free Space | 59.92% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 1808.86 Gb Free Space | 97.09% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1312.03 Gb Free Space | 70.43% Space Free | Partition Type: NTFS

Computer Name: MATTHEW-OFFICE | User Name: Matthew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/06 21:22:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.exe
PRC - [2010/11/13 11:13:08 | 000,053,088 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\PowerSuite\powersuite.exe
PRC - [2010/11/12 16:34:52 | 000,056,168 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe
PRC - [2010/11/10 19:18:32 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/05 09:32:58 | 001,811,800 | ---- | M] (Logitech(c)) -- E:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2010/08/31 20:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/08/18 10:11:16 | 000,897,168 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Splashtop Remote Software Updater\WCUService.exe
PRC - [2010/07/20 04:02:36 | 000,802,960 | ---- | M] () -- C:\Users\Matthew\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
PRC - [2010/05/05 19:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010/05/05 19:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ccsvchst.exe
PRC - [2010/02/12 10:02:08 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
PRC - [2010/01/13 19:55:10 | 000,611,968 | ---- | M] (ASUSTeK Computer Inc.) -- E:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
PRC - [2009/11/11 14:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\AirPort\APAgent.exe
PRC - [2009/10/16 17:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2009/10/16 17:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009/10/16 17:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2009/10/02 18:42:22 | 006,154,240 | ---- | M] (ASUSTeK Computer Inc.) -- E:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
PRC - [2009/10/02 16:26:44 | 005,516,800 | ---- | M] (ASUSTeK Computer Inc.) -- E:\Program Files (x86)\ASUS\TurboV\TurboV.exe
PRC - [2009/09/25 21:59:18 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- E:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/08/19 03:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- E:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/03/24 11:36:36 | 000,319,488 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\CONFIG\DVMExportService.exe
PRC - [2009/02/25 17:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/02/24 02:05:30 | 001,557,912 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/07/11 05:22:56 | 000,251,184 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
PRC - [2008/05/27 05:36:20 | 000,206,128 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe


========== Modules (SafeList) ==========

MOD - [2010/12/06 21:22:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/06 01:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/04/06 18:12:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/15 18:31:13 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/18 10:11:16 | 000,897,168 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Splashtop Remote Software Updater\WCUService.exe -- (STRWCUService)
SRV - [2010/07/23 15:35:54 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/04/25 15:03:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/04/25 14:53:50 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2009/10/16 17:39:50 | 000,606,048 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- E:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/19 03:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/24 11:36:36 | 000,319,488 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\CONFIG\DVMExportService.exe -- (MDES)
SRV - [2009/02/25 17:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/07/11 05:22:56 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2006/02/15 13:37:12 | 000,069,632 | ---- | M] (Generic) [Auto | Stopped] -- C:\Windows\SysWow64\ufdsvc.exe -- (UFDSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/05 19:23:16 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/09/29 11:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010/09/29 11:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/05/05 21:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/05/05 21:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/05/05 21:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/05/05 21:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/05/05 21:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/05/05 21:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/05/05 21:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/05/05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/05/05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/05/05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/05/05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/05/05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/05/05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/05/05 20:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/04/28 21:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/25 14:29:09 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/04/25 14:29:09 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2010/04/25 14:29:09 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/04/25 14:29:09 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2010/04/21 19:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/21 18:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 18:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/04/06 18:44:06 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/04/06 18:44:06 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/04/06 17:23:30 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/18 01:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/03/18 01:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/02/25 16:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/02/15 02:24:00 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/01/27 10:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/11/23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/10/14 19:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/10/07 13:48:28 | 000,024,560 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLBStor.sys -- (CLBStor)
DRV:64bit: - [2009/09/30 06:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/25 21:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/09/25 21:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/08/24 20:10:52 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/07/15 19:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/07/01 10:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/01/24 15:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcblan.sys -- (RemoteControl-USBLAN)
DRV - [2010/12/05 19:42:21 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101206.024\EX64.SYS -- (NAVEX15)
DRV - [2010/12/05 19:42:21 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/12/05 19:42:21 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101206.024\ENG64.SYS -- (NAVENG)
DRV - [2010/12/05 19:42:20 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/11/23 03:34:08 | 000,953,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/11/22 23:47:46 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101201.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/08/28 17:36:26 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/04/25 16:22:49] [Kernel | Auto | Running] -- E:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 E0 6C 33 F9 6E CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.68.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/24 03:02:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: E:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/10 20:21:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/12/05 21:11:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/12/05 19:23:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: E:\Program Files (x86)\Mozilla Firefox\components [2010/09/26 07:47:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: E:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/26 07:47:35 | 000,000,000 | ---D | M]

[2010/06/21 05:40:24 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Mozilla\Extensions
[2010/06/21 05:41:27 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\r5m2goou.default\extensions
[2010/06/21 05:41:26 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\r5m2goou.default\extensions\support@lastpass.com

O1 HOSTS File: ([2010/08/24 20:40:49 | 000,416,976 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 14389 more lines...
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - E:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] File not found
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AirPort Base Station Agent] E:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Cpu Level Up help] E:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [Logitech G35] E:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [MSN Toolbar] c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [nmapp] E:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NUSB3MON] E:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [QFan Help] E:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV] E:\Program Files (x86)\ASUS\TurboV\TurboV.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [PowerSuite] C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe (Uniblue Systems Limited)
O4 - Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
O4 - Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Users\Matthew\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe ()
O4 - Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/virtualmark/tc/FMSI.cab (Futuremark SystemInfo)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://codestreet.webex.com/client/T27LB/webex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/12/06 21:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2010/12/05 22:12:06 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys
[2010/12/05 22:12:06 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys
[2010/12/05 22:12:06 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys
[2010/12/05 22:12:06 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.sys
[2010/12/05 22:12:06 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys
[2010/12/05 22:12:06 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys
[2010/12/05 22:12:06 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys
[2010/12/05 22:12:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C
[2010/12/05 19:24:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/12/05 19:23:16 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/12/05 19:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/12/05 19:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/12/05 19:22:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2010/12/05 19:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360 Premier Edition
[2010/12/05 19:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/12/05 19:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/12/05 19:19:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/12/05 18:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/12/05 17:34:39 | 000,055,296 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
[2010/12/05 17:34:33 | 000,455,168 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2010/12/05 17:34:33 | 000,202,752 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2010/12/05 17:34:33 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2010/12/05 17:34:31 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2010/12/05 17:19:12 | 000,000,000 | -HSD | C] -- C:\Windows\BitLockerDiscoveryVolumeContents
[2010/12/05 17:19:12 | 000,000,000 | ---D | C] -- C:\Windows\RemotePackages
[2010/12/05 17:04:14 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~LS
[2010/12/05 15:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2010/12/05 15:39:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6DAA3B20-D487-4FA2-81D5-50404CCB868D}
[2010/12/05 15:39:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RegistryBooster
[2010/12/05 15:39:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RegistryBooster
[2010/12/05 15:29:48 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\Uniblue
[2010/12/05 15:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/12/05 15:18:31 | 000,000,000 | ---D | C] -- C:\perflogs
[2010/11/26 15:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\DeviceVM
[2010/11/26 15:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DeviceVM
[2010/11/26 15:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloaded Installations
[2010/11/24 18:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pure Networks Shared
[2010/11/24 18:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
[2010/11/24 17:06:15 | 000,035,840 | R--- | C] (Avanquest Software) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS
[2010/11/24 17:03:35 | 000,000,000 | ---D | C] -- C:\Netgear
[2010/11/23 16:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/23 16:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/09 15:19:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
[2010/11/07 11:41:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DKP Profiler Uploader
[2010/05/05 19:59:10 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
END PART 1 TOO LONG

 

[Palamm]

PART 2

========== Files - Modified Within 30 Days ==========

[2010/12/06 21:24:34 | 001,210,332 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB
[2010/12/06 20:56:08 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2010/12/06 20:22:27 | 000,746,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/06 20:22:27 | 000,639,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/06 20:22:27 | 000,111,178 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/06 20:15:59 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2010/12/06 20:15:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/06 20:15:28 | 1066,749,950 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/06 20:14:33 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000B-00000000-00000001-00001102-00000005-00231102}.rfx
[2010/12/06 20:14:33 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000B-00000000-00000001-00001102-00000005-00231102}.rfx
[2010/12/06 20:14:33 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000B-00000000-00000001-00001102-00000005-00231102}.rfx
[2010/12/06 20:14:28 | 000,019,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/06 20:14:28 | 000,019,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/06 20:14:27 | 000,000,038 | ---- | M] () -- C:\dvmaccounts.ini
[2010/12/06 20:10:23 | 778,072,592 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/06 18:05:29 | 000,000,800 | ---- | M] () -- C:\Users\Matthew\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/06 17:31:22 | 000,002,564 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010/12/05 19:23:16 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/12/05 19:23:16 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/12/05 19:23:16 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/12/05 17:16:57 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/12/05 17:16:57 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/12/05 16:48:18 | 000,000,002 | ---- | M] () -- C:\$UpgDrv$
[2010/12/05 15:39:14 | 000,001,087 | ---- | M] () -- C:\Users\Matthew\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerSuite.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/24 19:47:27 | 000,001,072 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010/11/24 19:47:27 | 000,001,072 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2010/11/24 19:42:41 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/11/24 19:42:41 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/11/24 19:42:41 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010/11/24 18:53:58 | 000,426,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/24 18:07:14 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\Network Magic.lnk
[2010/11/23 16:53:17 | 000,001,582 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/23 16:51:33 | 000,002,515 | ---- | M] () -- C:\Users\Matthew\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/11/23 16:51:33 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/11/23 16:50:46 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\Sonos Desktop Controller.lnk
[2010/11/09 15:31:59 | 000,001,441 | ---- | M] () -- C:\Users\Matthew\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2010/12/06 17:31:08 | 001,210,332 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB
[2010/12/05 22:12:06 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.cat
[2010/12/05 22:12:06 | 000,007,787 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv64.cat
[2010/12/05 22:12:06 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.cat
[2010/12/05 22:12:06 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.cat
[2010/12/05 22:12:06 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.cat
[2010/12/05 22:12:06 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.cat
[2010/12/05 22:12:06 | 000,007,368 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet64.cat
[2010/12/05 22:12:06 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.cat
[2010/12/05 22:12:06 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa.inf
[2010/12/05 22:12:06 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds.inf
[2010/12/05 22:12:06 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.inf
[2010/12/05 22:12:06 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv.inf
[2010/12/05 22:12:06 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet.inf
[2010/12/05 22:12:06 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.inf
[2010/12/05 22:12:06 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.inf
[2010/12/05 22:12:06 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.inf
[2010/12/05 22:12:03 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\isolate.ini
[2010/12/05 19:23:16 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/12/05 19:23:16 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/12/05 19:23:13 | 000,002,564 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010/12/05 17:34:39 | 000,332,288 | ---- | C] () -- C:\Windows\SysNative\ATIODE.exe
[2010/12/05 17:34:39 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\ATIODCLI.exe
[2010/12/05 17:34:39 | 000,020,862 | ---- | C] () -- C:\Windows\atiogl.xml
[2010/12/05 17:34:38 | 000,002,023 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/05 17:34:37 | 000,515,424 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2010/12/05 17:34:36 | 000,002,023 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2010/12/05 17:34:33 | 000,515,424 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2010/12/05 17:34:33 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/12/05 17:34:32 | 000,202,234 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2010/12/05 17:18:46 | 000,051,867 | ---- | C] () -- C:\Windows\Ultimate.xml
[2010/12/05 16:48:18 | 000,000,002 | ---- | C] () -- C:\$UpgDrv$
[2010/12/05 16:40:33 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/12/05 16:40:33 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/12/05 15:39:14 | 000,001,087 | ---- | C] () -- C:\Users\Matthew\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerSuite.lnk
[2010/12/05 15:29:50 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2010/12/05 15:16:26 | 778,072,592 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/12/05 15:09:07 | 1066,749,950 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/24 19:47:27 | 000,061,256 | ---- | C] () -- C:\Windows\SysNative\BMXState-{0000000B-00000000-00000001-00001102-00000005-00231102}.rfx
[2010/11/24 19:47:27 | 000,001,072 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010/11/24 19:47:27 | 000,001,072 | ---- | C] () -- C:\Windows\SysNative\settings.sfm
[2010/11/24 19:47:27 | 000,000,788 | ---- | C] () -- C:\Windows\SysNative\DVCState-{0000000B-00000000-00000001-00001102-00000005-00231102}.rfx
[2010/11/24 18:07:14 | 000,001,834 | ---- | C] () -- C:\Users\Public\Desktop\Network Magic.lnk
[2010/11/23 16:53:17 | 000,001,582 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/22 18:00:37 | 000,005,632 | ---- | C] () -- C:\Users\Matthew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/23 15:35:56 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/05/05 20:37:52 | 000,021,204 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/05/05 19:56:46 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010/05/05 19:56:20 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2010/04/25 16:07:22 | 000,010,628 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/04/25 15:34:36 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/25 15:13:25 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/04/25 14:53:34 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/04/25 14:53:34 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/04/25 14:41:48 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/04/25 14:41:47 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/04/25 14:41:44 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/04/25 14:41:44 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/04/25 14:36:55 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/04/25 14:36:47 | 000,024,193 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/02/10 14:17:14 | 000,007,602 | ---- | C] () -- C:\Users\Matthew\AppData\Local\Resmon.ResmonCfg
[2009/12/07 19:56:59 | 000,000,092 | -H-- | C] () -- C:\Users\Matthew\AppData\Local\fusioncache.dat
[2009/11/26 21:14:02 | 000,108,840 | -H-- | C] () -- C:\Users\Matthew\AppData\Local\GDIPFONTCACHEV1 (1).DAT
[2009/11/26 16:51:01 | 003,516,753 | -H-- | C] () -- C:\Users\Matthew\AppData\Local\IconCache (1).db
[2009/09/29 17:44:52 | 000,000,127 | ---- | C] () -- C:\Windows\zraidtray.ini
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/04 00:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009/05/27 08:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009/04/02 04:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/09/02 10:35:28 | 000,005,434 | ---- | C] () -- C:\Windows\UN070209.INI
[2008/07/28 08:06:48 | 000,014,344 | ---- | C] () -- C:\Windows\UN060501.INI
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2010/04/26 10:20:57 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Amazon
[2010/07/23 15:37:02 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\DassaultSystemes
[2010/07/23 15:48:52 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\EDrawings
[2010/04/25 15:11:27 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Leadertech
[2010/05/08 10:55:32 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\NASNaviator2
[2010/04/25 15:35:00 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\NVD
[2010/06/21 05:59:38 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\SoftGrid Client
[2010/06/28 13:39:18 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Teamwork
[2010/04/25 15:35:01 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\TP
[2010/12/05 15:39:38 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Uniblue
[2010/07/11 11:44:48 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Utherverse
[2010/06/01 11:04:56 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\webex
[2010/12/06 20:15:59 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2010/10/07 14:52:10 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/12/05 16:48:18 | 000,000,002 | ---- | M] () -- C:\$UpgDrv$
[2010/12/06 20:14:27 | 000,000,038 | ---- | M] () -- C:\dvmaccounts.ini
[2010/12/06 20:56:08 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2010/12/06 20:15:28 | 1066,749,950 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/16 08:09:13 | 000,000,000 | ---- | M] () -- C:\ieout.txt
[2010/04/26 06:49:55 | 000,297,551 | ---- | M] () -- C:\lastpass_prof.txt
[2006/12/01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/12/06 17:02:29 | 000,192,322 | ---- | M] () -- C:\OTL.Txt
[2010/12/06 20:15:29 | 2145,386,495 | -HS- | M] () -- C:\pagefile.sys
[2010/12/06 20:14:13 | 000,073,622 | ---- | M] () -- C:\TDSSKiller.2.4.10.1_06.12.2010_20.13.09_log.txt
[2010/04/25 14:26:10 | 000,029,512 | ---- | M] () -- C:\WindowsSerifastd-black.otf
[2010/04/25 14:26:10 | 000,027,772 | ---- | M] () -- C:\WindowsSerifastd-bold.otf
[2010/04/25 14:26:10 | 000,028,252 | ---- | M] () -- C:\WindowsSerifastd-italic.otf
[2010/04/25 14:26:11 | 000,027,440 | ---- | M] () -- C:\WindowsSerifastd-light.otf
[2010/04/25 14:26:11 | 000,028,260 | ---- | M] () -- C:\WindowsSerifastd-lightitalic.otf
[2010/04/25 14:26:11 | 000,027,452 | ---- | M] () -- C:\WindowsSerifastd-roman.otf

< %systemroot%\Fonts\*.com >
[2009/07/13 21:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 21:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 21:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 21:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 12:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 20:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/11/09 15:31:59 | 000,000,221 | -HS- | M] () -- C:\Users\Matthew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/02/09 18:49:39 | 000,460,112 | ---- | M] (techPowerUp (www.techpowerup.com)) -- C:\Users\Matthew\Desktop\GPU-Z.0.3.8.exe
[2010/12/06 21:10:31 | 000,080,384 | ---- | M] () -- C:\Users\Matthew\Desktop\MBRCheck.exe
[2010/12/06 21:22:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 13:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/03 14:34:20 | 000,000,402 | -HS- | M] () -- C:\Users\Matthew\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/12/05 17:35:41 | 000,010,628 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< End of report >

 

[Palamm]

Running Fine now as is IE8 .... Thanks Again for all this Help! I really Appreciate it ... Just tried to post the OTL.txt 's in 2 parts cause too long ... but don't see em yet ... maybe you do? ...

Thanks - Matt

 

[Palamm]

Attached as is too long ... or should I cut up and re past?

Sorry

 

[Broni]

OTL log posted. It just had to be approved.
I'll take a look at it....

 

[Broni]

I strongly suggest, you uninstall Uniblue SpeedUpMyPC and Uniblue RegistryBooster

Registry cleaners/optimizers are not recommended for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
  
  The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  
• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

• Ed Bott's Webog: Why I don't use registry cleaners
• Do I need a Registry Cleaner?

======================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

=======================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O4 - HKLM..\Run: [] File not found
  O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
  O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
  O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Palamm]

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\https deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Matthew
->Temp folder emptied: 0 bytes

 

[Palamm]

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Norton 360
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Java(TM) SE Development Kit 6 Update 20
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.4.0
Mozilla Firefox (3.6.3) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

 

[Broni]

Unless you're Java developer, uninstall Java(TM) SE Development Kit 6 Update 20

 

[Palamm]

C:\Program Files (x86)\Uniblue\SpeedUpMyPC\Launcher.exe Win32/SpeedUpMyPC application
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sp_move_serial.exe Win32/SpeedUpMyPC application
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sp_track_install.exe Win32/SpeedUpMyPC application
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application
C:\Users\Matthew\Downloads\registrybooster.exe Win32/RegistryBooster application
C:\Windows\System32\RegistryBooster\Launcher.exe Win32/RegistryBooster application
C:\Windows\System32\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application
C:\Windows\System32\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application
C:\Windows\System32\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application
C:\Windows\System32\RegistryBooster\rb_track_install.exe Win32/RegistryBooster application
C:\Windows\System32\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
C:\Windows\SysWOW64\RegistryBooster\Launcher.exe Win32/RegistryBooster application
C:\Windows\SysWOW64\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application
C:\Windows\SysWOW64\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application
C:\Windows\SysWOW64\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application
C:\Windows\SysWOW64\RegistryBooster\rb_track_install.exe Win32/RegistryBooster application
C:\Windows\SysWOW64\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
F:\MATTHEW-OFFICE\Backup Set 2010-12-05 191710\Backup Files 2010-12-05 191710\Backup files 24.zip Win32/RegistryBooster application
Operating memory Win32/SpeedUpMyPC application

 

[Palamm]

just uninstalled the unisoft speed program and reg booster will run scan again now

 

[Broni]

Unless you're Java developer, uninstall Java(TM) SE Development Kit 6 Update 20

Also, update Firefox to the latest 3.6.12 version.