Solved Firefox keeps freezing and keeps not responding... HiJackThis log attached!

[ryukensfj]

Hello all,

I'm currently having a problem with Firefox freezing up but if you wait a bit it comes back. I've ran Malewarebytes, Adaware, Spybot, and ccleaner, all in Safe mode thinking it could be a virus/maleware. It would happen occasionally but atm it is not doing it... I'm using Firefox to post this. Other than this issue I don't have any other problems. I tried running ComboFix but good thing it didn't work because I'm on windows7 64bit. After seeing the stickied thread I decided not to pursue with ComboFix until I get advice from the professionals.

Here is my HiJackThis log...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:23:26 PM, on 9/1/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
E:\my download files\G15SpeedFan-1.1.0\G15SpeedFan.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Users\Jonathan Wu\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Virtual Account Numbers Helper - {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Virtual Account Numbers - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICEA.EXE /FU "C:\Users\JONATH~1\AppData\Local\Temp\E_S2A39.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: RivaTuner.lnk = C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: SpeedFan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O15 - Trusted IP range: http://127.0.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll acaptuser32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNDA3100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe

--
End of file - 11822 bytes

 

[Broni]

Welcome aboard

We don't use HJT around here anymore.

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

 

[ryukensfj]

Welcome aboard

We don't use HJT around here anymore.

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Ok, doing the scans now, will be posting the logs shortly.

 

[ryukensfj]

Malewarebytes log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4527

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/1/2010 10:22:44 PM
mbam-log-2010-09-01 (22-22-44).txt

Scan type: Quick scan
Objects scanned: 141106
Time elapsed: 8 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[ryukensfj]

DDS.txt

DDS (Ver_10-03-17.01) - NTFSX64
Run by Jonathan Wu at 22:23:44.09 on Wed 09/01/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8187.5829 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
E:\my download files\G15SpeedFan-1.1.0\G15SpeedFan.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Users\Jonathan Wu\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Virtual Account Numbers Helper: {17424104-1444-4810-85d7-b4da413c5a9a} - c:\program files (x86)\virtual account numbers\CitiVANHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Virtual Account Numbers: {7a21a046-b886-4a62-9d69-ef2059b0a27b} - c:\program files (x86)\virtual account numbers\CitiVANToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [Messenger (Yahoo!)] "c:\progra~2\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Aim] "c:\program files (x86)\aim\aim.exe" /d locale=en-US
uRun: [EPSON Stylus CX8400 Series] c:\windows\system32\spool\drivers\x64\3\e_iaticea.exe /fu "c:\users\jonath~1\appdata\local\temp\E_S2A39.tmp" /EF "HKCU"
mRun: [AVP] "c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [<NO NAME>]
mRun: [NUSB3MON] "c:\program files (x86)\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
StartupFolder: c:\users\jonath~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\rivatu~1.lnk - c:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\speedfan.lnk - c:\program files (x86)\speedfan\speedfan.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Anti-Banner - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: Convert link target to Adobe PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~2\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~2\kasper~1\kasper~1\sbhook.dll acaptuser32.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\x64\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\x64\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
mRun-x64: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
AppInit_DLLs-X64: c:\progra~2\kasper~1\kasper~1\x64\sbhook64.dll,c:\progra~2\kasper~1\kasper~1\x64\kloehk.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\jonath~1\appdata\roaming\mozilla\firefox\profiles\cu5ng713.default\
FF - prefs.js: browser.startup.homepage - hxxp://nissan.promo.eprize.com/nismo/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\jonathan wu\appdata\roaming\mozilla\firefox\profiles\cu5ng713.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files (x86)\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\users\jonathan wu\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\jonathan wu\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

[ryukensfj]

DDS.txt continued

============= SERVICES / DRIVERS ===============

R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 40464]
R0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\drivers\mv91cons.sys [2009-10-26 22568]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2010-6-16 25312]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 27152]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AVP;Kaspersky Internet Security;c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]
R2 Marvell RAID;Marvell RAID Event Agent;c:\program files (x86)\marvell\raid\svc\mvraidsvc.exe [2010-3-7 235560]
R2 MRUWebService;MRU Web Service;c:\program files (x86)\marvell\raid\apache2\bin\httpd.exe [2008-6-12 24635]
R2 StarWindServiceAE;StarWind AE Service;c:\program files (x86)\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008]
R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\netgear\wnda3100v2\WifiSvc.exe [2010-6-20 278528]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 21008]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\drivers\lvpopf64.sys [2007-5-11 1361952]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-5-11 50208]
R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\drivers\lvuvc64.sys [2007-5-11 3612704]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-9-25 73728]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-9-25 178688]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-2-3 239616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh664.sys [2010-6-16 838136]
S3 MRV6X64U;Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x);c:\windows\system32\drivers\WN111x.sys [2007-10-28 340480]
S3 N5SG;Airlink101 SuperG Wireless Network Adapter Service;c:\windows\system32\drivers\N5SG.sys [2010-5-17 659488]
S3 netr7364;Belkin Wireless 54G USB Network Adapter Driver;c:\windows\system32\drivers\netr7364.sys [2010-6-7 716800]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-10-16 50176]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-24 1255736]

=============== Created Last 30 ================

2010-09-01 22:13:56 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-09-01 22:13:56 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-08-31 22:20:26 0 d-----w- c:\programdata\NVIDIA Corporation
2010-08-31 02:06:51 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-31 02:06:51 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-08-26 02:41:51 0 d-----w- c:\users\jonath~1\appdata\roaming\saltwater
2010-08-26 01:14:39 0 d-----w- c:\program files (x86)\Power Mp3 Cutter(Mp3 Sound Cutter)
2010-08-26 01:09:05 352256 ----a-w- c:\windows\syswow64\eSellerateEngine.dll
2010-08-24 06:34:56 92160 ----a-w- c:\windows\system32\drivers\ser2pl64.sys
2010-08-22 21:07:21 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-08-22 21:07:21 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-08-22 21:07:21 145184 ----a-w- c:\windows\syswow64\java.exe
2010-08-13 19:03:18 65536 --sha-w- c:\users\jonathan wu\ntuser.dat{b935d5da-a70b-11df-aeda-6cf04902f6e9}.TM.blf
2010-08-13 19:03:18 524288 --sha-w- c:\users\jonathan wu\ntuser.dat{b935d5da-a70b-11df-aeda-6cf04902f6e9}.TMContainer00000000000000000002.regtrans-ms
2010-08-13 19:03:18 524288 --sha-w- c:\users\jonathan wu\ntuser.dat{b935d5da-a70b-11df-aeda-6cf04902f6e9}.TMContainer00000000000000000001.regtrans-ms
2010-08-13 18:51:26 65536 --sha-w- c:\users\jonathan wu\ntuser.dat{26e002d7-a708-11df-a6d5-6cf04902f6e9}.TM.blf
2010-08-13 18:51:26 524288 --sha-w- c:\users\jonathan wu\ntuser.dat{26e002d7-a708-11df-a6d5-6cf04902f6e9}.TMContainer00000000000000000002.regtrans-ms
2010-08-13 18:51:26 524288 --sha-w- c:\users\jonathan wu\ntuser.dat{26e002d7-a708-11df-a6d5-6cf04902f6e9}.TMContainer00000000000000000001.regtrans-ms
2010-08-09 12:23:48 65536 --sha-w- c:\users\jonathan wu\ntuser.dat{0b9330cb-a3af-11df-bbca-6cf04902f6e9}.TM.blf
2010-08-09 12:23:48 524288 --sha-w- c:\users\jonathan wu\ntuser.dat{0b9330cb-a3af-11df-bbca-6cf04902f6e9}.TMContainer00000000000000000002.regtrans-ms
2010-08-09 12:23:48 524288 --sha-w- c:\users\jonathan wu\ntuser.dat{0b9330cb-a3af-11df-bbca-6cf04902f6e9}.TMContainer00000000000000000001.regtrans-ms
2010-08-09 11:32:21 65536 --sha-w- c:\users\jonathan wu\ntuser.dat{5eb5b54b-a3a8-11df-b730-e609a8fa427d}.TM.blf
2010-08-09 11:32:21 524288 --sha-w- c:\users\jonathan wu\ntuser.dat{5eb5b54b-a3a8-11df-b730-e609a8fa427d}.TMContainer00000000000000000002.regtrans-ms
2010-08-09 11:32:21 524288 --sha-w- c:\users\jonathan wu\ntuser.dat{5eb5b54b-a3a8-11df-b730-e609a8fa427d}.TMContainer00000000000000000001.regtrans-ms

==================== Find3M ====================

2010-09-01 23:47:40 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-13 19:03:47 149773 ----a-w- c:\windows\system32\drivers\klin.dat
2010-08-13 19:03:47 106765 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-17 12:00:04 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-07-09 23:27:02 61032 ----a-w- c:\windows\system32\nvshext.dll
2010-07-09 23:27:02 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 23:27:02 1585256 ----a-w- c:\windows\system32\nvsvc64.dll
2010-07-09 23:27:02 15314024 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 23:27:02 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-07 20:46:54 660072 ----a-w- c:\windows\system32\nvuninst.exe
2010-06-07 23:56:03 305152 ----a-w- c:\windows\system32\RaCoInstx.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-11-30 21:14:02 315392 ----a-w- c:\windows\inf\wn111\InstProtocol.exe
2007-10-29 03:22:32 340480 ----a-w- c:\windows\inf\wn111\WN111x.sys
2007-10-29 03:21:54 310016 ----a-w- c:\windows\inf\wn111\WN111.sys
2007-09-11 10:23:46 18944 ----a-w- c:\windows\inf\wn111\mrv64drv.sys
2007-09-11 10:23:46 15360 ----a-w- c:\windows\inf\wn111\mrveap32.sys
2007-05-24 21:58:00 249856 ----a-w- c:\windows\inf\wn111\InsDrv2k.exe
2006-07-05 18:21:50 212992 ----a-w- c:\windows\inf\wn111\CopyWHQLDriver.exe
2005-11-17 22:46:24 845736 ----a-w- c:\windows\inf\wn111\DPInst.exe
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-22 08:00:01 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:24:31.41 ===============

 

[ryukensfj]

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/22/2005 4:12:57 PM
System Uptime: 8/31/2010 4:09:29 PM (5 hours ago)

Motherboard: Dell Inc. | | 0J8885
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 11.439 GiB free.
D: is CDROM ()
G: is FIXED (NTFS) - 466 GiB total, 393.502 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Zune Bus Root Bus Enumerator
Device ID: ROOT\SYSTEM\0004
Manufacturer: Microsoft
Name: Zune Bus Root Bus Enumerator
PNP Device ID: ROOT\SYSTEM\0004
Service: zumbus

==== System Restore Points ===================

RP1: 8/22/2010 4:17:03 PM - System Checkpoint
RP2: 8/23/2010 1:20:31 AM - Software Distribution Service 3.0
RP3: 8/24/2010 12:53:20 AM - Software Distribution Service 3.0
RP4: 8/25/2010 10:13:56 PM - Scan
RP5: 8/26/2010 1:00:51 PM - Software Distribution Service 3.0
RP6: 8/26/2010 6:00:43 PM - Software Distribution Service 3.0
RP7: 8/26/2010 10:12:35 PM - Software Distribution Service 3.0
RP8: 8/28/2010 11:32:29 PM - System Checkpoint
RP9: 8/30/2010 12:33:35 AM - System Checkpoint
RP10: 8/30/2010 1:16:14 AM - Software Distribution Service 3.0
RP11: 8/30/2010 11:11:41 PM - Software Distribution Service 3.0
RP12: 8/30/2010 11:28:03 PM - New idea
RP13: 8/31/2010 3:37:04 PM - HiJackthis(wilder)
RP14: 8/31/2010 8:52:23 PM - Removed Logitech Desktop Messenger

==== Installed Programs ======================

Sansa Media Converter
ABBYY FineReader 6.0 Sprint
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
Advanced SystemCare 3
AGEIA PhysX v7.09.13
Alt-Tab Task Switcher Powertoy for Windows XP
AM-DeadLink 3.1
AmbiCom WL11-SD for Windows Mobile
AOLIcon
AppAway 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
ArcSoft Print Creations
Argali White & Yellow
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
AudibleManager
Auslogics Disk Defrag
AVI Splitter
Avira AntiVir Personal - Free Antivirus
Barnes & Noble Desktop Reader
BitPim 1.0.1
Blue Coat® K9 Web Protection 4.0.296
Blue Squirrel ClickBook 11
BlueBlitz MagicBeamer Demo
BlueSoleil
Bonjour
Browser Defender 2.0.6.15
Calculator Powertoy for Windows XP
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDDRV_Installer
Comcast PhotoShow Deluxe 4
Compatibility Pack for the 2007 Office system
Creative MediaSource
Creative Removable Disk Manager
Creative System Information
Creative ZEN
Creative Zen Vision M
Cryptainer Drivers
Cryptainer LE
CutePDF Writer 2.7
DataPilot
DataPilot USB Driver Pack
Debut Video Capture Software
Dell Digital Jukebox Driver
Dell Support Center (Support Software)
DellSupport
Disk Space Finder
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
e-Sword
eMedia Beginner Guitar Lessons
EPSON CX9400 User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX9400Fax Series Scanner Driver Update
EPSON Web-To-Page
Eraser
ESET Online Scanner v3
Express Scribe
File Shredder 2.0
FlashLynx Video Download Software
Folder Size for Windows
FormatFactory 2.30
Freelang Dictionary (wordlist)
Freelang Dictionary 3.74 beta
FreeUndelete
Full Tilt Poker
G-Force
getPlus(R)_ocx
GIMP 2.6.8
GiPo@MoveOnBoot 1.9.5
Golden Records Vinyl to CD Converter
Google Earth
Google Update Helper
Graboid Video 1.5
Guitar Praise
HelloWorld Spanish Verb Conjugator V2.0
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HTML Slideshow Powertoy for Windows XP
IE Privacy Keeper
Inspector Parker
Intel(R) 537EP V9x DF PCI Modem
Intel(R) PRO Network Connections Software v9.2.4.11
Intel(R) PROSafe for Wired Connections
Internet Explorer Default Page
IrfanView (remove only)
iTunes
IZArc 3.81
JAP
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java Auto Updater
Java(TM) 6 Update 21
Jawbreaker
K-Lite Codec Pack 4.9.5 (Full)
Keylogger Hunter 2.1
KhalInstallWrapper
KhalSetup
Korean Fonts Support For Adobe Reader 9
Learn2 Player (Uninstall Only)
LG USB Modem driver
LimeWire 4.18.8
Logitech SetPoint
Macromedia Flash Player
Magic ISO Maker v5.4 (build 0251)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 3.7
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Converter Pack
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Reader for Pocket PC
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
Microsoft Works 6-9 Converter
MOBILedit! 2.2
Modem Event Monitor
Modem Helper
Modem On Hold
Move Networks Media Player for Internet Explorer
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (3.6.8)
MP3 Player Recovery Tool
MP3MyMP3 3.0
MPlugin_USA
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6 Service Pack 2 (KB973686)
Musicmatch for Windows Media Player
MyDefrag v4.3.1
NCH Toolbox
Ocean - Research Library
OpenOffice.org 2.3
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
OverDrive Media Console
Paint.NET v3.5.5
Panda ActiveScan 2.0
PDF reDirect (remove only)
Photodex Presenter
Picasa 3
PitchPerfect Musical Instrument Tuner
Pocket e-Sword (2005)
PowerDVD 5.5
PrimoPDF
Project64 1.6
Python 3.1.2
QuickTime
RawShooter essentials 2006
Real Alternative 1.43
RecordPad Sound Recorder
Rhapsody
Rhapsody Player Engine
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Sibelius Scorch (Firefox, Opera, Netscape only)
Skins
Smart Defrag
SNOCAP MyStore Download Manager
SoftSkies
Sonic DLA
Sonic Encoders
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sony Media Manager 2.2
Sothink HTML Editor 2.5
SoulSeek Client 156c
Spybot - Search & Destroy
Spyware Doctor 7.0
StoryHarp version 1.32
SUPERAntiSpyware
SWF Opener
TBS WMP Plug-in
TempoPerfect
The Weather Channel Desktop 6
Timez Attack
Trillian
Tweak UI
TypingMaster Pro
TypingMaster TypingTest
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoLAN VLC media player 0.8.6d
VideoPad Video Editor
ViewSonic Monitor Drivers
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vuze
WavePad Sound Editor
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinPatrol 2008
Xilisoft Video Converter 3
XML Paper Specification Shared Components Pack 1.0
Yahoo! BrowserPlus 2.9.8
ZENcast Organizer
Zune Language Pack (ES)

==== Event Viewer Messages From Past Week ========

8/31/2010 2:26:20 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\mplayer2.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
8/31/2010 2:26:20 PM, information: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is Family.
8/31/2010 2:20:12 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
8/28/2010 7:11:54 PM, error: Service Control Manager [7000] - The SASKUTIL service failed to start due to the following error: The system cannot find the file specified.
8/28/2010 7:11:54 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: The system cannot find the file specified.
8/27/2010 9:34:02 PM, error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 1 time(s).
8/26/2010 7:33:35 PM, error: VolSnap [25] - The shadow copy of volume C: was aborted because the diff area file could not grow in time. Consider reducing the IO load on this system to avoid this problem in the future.
8/26/2010 7:32:03 PM, error: VolSnap [12] - The shadow copy of volume C: became low on diff area space before it was properly installed.
8/26/2010 7:23:26 PM, error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
8/26/2010 6:24:40 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
8/26/2010 1:02:11 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Silverlight (KB982926).
8/24/2010 3:54:50 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.
8/24/2010 3:53:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
8/24/2010 3:53:04 PM, error: Service Control Manager [7024] - The Media Center Extender Service service terminated with service-specific error 2147500037 (0x80004005).
8/24/2010 3:53:04 PM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
8/24/2010 3:53:04 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
8/24/2010 3:53:04 PM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The system cannot find the path specified.
8/24/2010 3:53:04 PM, error: Service Control Manager [7000] - The IS360service service failed to start due to the following error: The system cannot find the path specified.
8/24/2010 12:53:32 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Update for Windows Server 2003 and Windows XP x86 (KB982524).
8/24/2010 12:53:27 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update to .NET Framework 3.5 Service Pack 1 for the .NET Framework Assistant 1.0 x86 (KB963707).

==== End Of File ===========================

 

[Broni]

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[ryukensfj]

MBRcheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: P55A-UD3
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 177):
0x03065000 \SystemRoot\system32\ntoskrnl.exe
0x0301C000 \SystemRoot\system32\hal.dll
0x00BBC000 \SystemRoot\system32\kdcom.dll
0x00C81000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CC5000 \SystemRoot\system32\PSHED.dll
0x00CD9000 \SystemRoot\system32\CLFS.SYS
0x00D37000 \SystemRoot\system32\CI.dll
0x00EFF000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FA3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01058000 \SystemRoot\System32\Drivers\spxx.sys
0x0118C000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01195000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01000000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x011C4000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x011CE000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FB2000 \SystemRoot\system32\DRIVERS\pci.sys
0x011DB000 \SystemRoot\System32\drivers\partmgr.sys
0x00FE5000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
0x011F0000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E5C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E6C000 \SystemRoot\system32\DRIVERS\mv91cons.sys
0x00E76000 \SystemRoot\System32\drivers\mountmgr.sys
0x011F7000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E90000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00EBA000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys
0x00EC5000 \SystemRoot\system32\drivers\fileinfo.sys
0x01259000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0146E000 \SystemRoot\System32\Drivers\msrpc.sys
0x014CC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014E6000 \SystemRoot\System32\Drivers\cng.sys
0x01559000 \SystemRoot\System32\drivers\pcw.sys
0x0156A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0166A000 \SystemRoot\system32\drivers\ndis.sys
0x0175C000 \SystemRoot\system32\drivers\NETIO.SYS
0x017BC000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x01600000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0164A000 \SystemRoot\system32\DRIVERS\scmndisp.sys
0x01654000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01574000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017E7000 \SystemRoot\System32\Drivers\spldr.sys
0x017EF000 \SystemRoot\SysWOW64\speedfan.sys
0x015C0000 \SystemRoot\System32\drivers\rdyboost.sys
0x01400000 \SystemRoot\System32\Drivers\mup.sys
0x01412000 \SystemRoot\system32\DRIVERS\klbg.sys
0x017F6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01420000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01200000 \SystemRoot\system32\DRIVERS\disk.sys
0x01216000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x00C4C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02CBD000 \SystemRoot\system32\DRIVERS\klif.sys
0x02D1A000 \SystemRoot\System32\Drivers\Null.SYS
0x02D23000 \SystemRoot\System32\Drivers\Beep.SYS
0x02D2A000 \SystemRoot\System32\drivers\vga.sys
0x02D38000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02D5D000 \SystemRoot\System32\drivers\watchdog.sys
0x02D6D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02D76000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02D7F000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02D88000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02D93000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02DA4000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02DC2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x040AA000 \SystemRoot\system32\DRIVERS\kl1.sys
0x04000000 \SystemRoot\system32\drivers\afd.sys
0x02C00000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0408A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x045D3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04093000 \SystemRoot\system32\DRIVERS\klim6.sys
0x02C45000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x02C59000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02C6F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02C7E000 \SystemRoot\system32\DRIVERS\serial.sys
0x02C9B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0485A000 \SystemRoot\system32\drivers\vpcvmm.sys
0x048B1000 \SystemRoot\system32\DRIVERS\termdd.sys
0x048C5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04916000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04922000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0492D000 \SystemRoot\System32\drivers\discache.sys
0x0493C000 \SystemRoot\system32\drivers\csc.sys
0x049BF000 \SystemRoot\System32\Drivers\dfsc.sys
0x049DD000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04800000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04826000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0FE1B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x10AAD000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x10AAF000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x10BA3000 \SystemRoot\System32\drivers\dxgmms1.sys
0x10BE9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04A4C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04AA2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04AB3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04AD7000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04B16000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x04B46000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04B48000 \SystemRoot\system32\DRIVERS\fdc.sys
0x04B55000 \SystemRoot\system32\DRIVERS\serenum.sys
0x04B61000 \SystemRoot\system32\DRIVERS\parport.sys
0x04B7E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04B8B000 \SystemRoot\System32\Drivers\ayy8fygu.SYS
0x04BCD000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04BDD000 \SystemRoot\system32\DRIVERS\vncmirror.sys
0x04BE4000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04A00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04A24000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02DCF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04A30000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04E87000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04EA8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04EC2000 \SystemRoot\system32\DRIVERS\tap0901.sys
0x04ECF000 \SystemRoot\System32\Drivers\pcouffin.sys
0x04EE4000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04EEF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04EFE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04F6F000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04F71000 \SystemRoot\system32\DRIVERS\ks.sys
0x04FB4000 \SystemRoot\system32\drivers\LGBusEnum.sys
0x04FB8000 \SystemRoot\system32\drivers\WmBEnum.sys
0x04FBD000 \SystemRoot\system32\drivers\WmXlCore.sys
0x04FCF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04FE1000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x04E00000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x04E0F000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x04F0D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04E4B000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x04E61000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0640A000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x066E9000 \SystemRoot\system32\drivers\portcls.sys
0x06726000 \SystemRoot\system32\drivers\drmk.sys
0x06748000 \SystemRoot\system32\drivers\ksthunk.sys
0x0674E000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0x0675E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0676C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06785000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0678E000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x067A1000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x067AE000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x067C2000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x067CC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x00090000 \SystemRoot\System32\win32k.sys
0x0236F000 \SystemRoot\System32\drivers\Dxapi.sys
0x0237B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x02389000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02397000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x023A3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x023AC000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x023BF000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00500000 \SystemRoot\System32\TSDDD.dll
0x00790000 \SystemRoot\System32\cdd.dll
0x023CD000 \SystemRoot\system32\drivers\luafv.sys
0x0219B000 \SystemRoot\system32\drivers\WudfPf.sys
0x021BC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x01E00000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06600000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x01E15000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x06653000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x098B0000 \SystemRoot\system32\drivers\HTTP.sys
0x09978000 \SystemRoot\system32\DRIVERS\bowser.sys
0x09996000 \SystemRoot\System32\drivers\mpsdrv.sys
0x099AE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x09800000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0984E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x09C72000 \SystemRoot\system32\drivers\peauth.sys
0x09D18000 \SystemRoot\System32\Drivers\secdrv.SYS
0x09D23000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x09D50000 \SystemRoot\System32\drivers\tcpipreg.sys
0x09D62000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0A034000 \SystemRoot\System32\DRIVERS\srv.sys
0x0A13D000 \SystemRoot\system32\drivers\WmVirHid.sys
0x0A140000 \SystemRoot\system32\drivers\LGVirHid.sys
0x0A143000 \??\C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
0x77AB0000 \Windows\System32\ntdll.dll
0x475B0000 \Windows\System32\smss.exe
0xFFDD0000 \Windows\System32\apisetschema.dll

Processes (total 69):
0 System Idle Process
4 System
400 C:\Windows\System32\smss.exe
572 csrss.exe
644 C:\Windows\System32\wininit.exe
664 csrss.exe
712 C:\Windows\System32\services.exe
744 C:\Windows\System32\winlogon.exe
780 C:\Windows\System32\lsass.exe
788 C:\Windows\System32\lsm.exe
908 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\nvvsvc.exe
144 C:\Windows\System32\svchost.exe
540 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\nvvsvc.exe
1356 WUDFHost.exe
1436 WUDFHost.exe
1504 C:\Windows\System32\svchost.exe
1648 C:\Windows\System32\spoolsv.exe
1684 C:\Windows\System32\svchost.exe
1772 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1832 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
1876 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1932 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
1968 C:\Windows\System32\svchost.exe
2012 C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
1352 C:\Windows\SysWOW64\PnkBstrA.exe
1304 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
2068 C:\Windows\System32\svchost.exe
2104 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
2144 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2652 C:\Windows\System32\taskhost.exe
2768 C:\Windows\System32\dwm.exe
2800 C:\Windows\explorer.exe
2904 C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
1244 C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
2584 C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
756 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
1656 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
2764 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3148 C:\Program Files\Logitech\Gaming Software\LWEMon.exe
3464 C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
3524 C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
3540 E:\my download files\G15SpeedFan-1.1.0\G15SpeedFan.exe
3616 C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
4008 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
4028 C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
4056 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3344 C:\Program Files\Logitech\SetPoint\SetPoint.exe
3368 C:\Program Files (x86)\SpeedFan\speedfan.exe
3968 C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
3244 C:\Program Files\Common Files\logishrd\KHAL2\KHALMNPR.exe
3248 WmiPrvSE.exe
4140 taskhost.exe
4564 C:\Windows\System32\svchost.exe
4888 C:\Windows\System32\SearchIndexer.exe
4612 C:\Windows\System32\svchost.exe
4472 C:\Program Files\Windows Media Player\wmpnetwk.exe
1176 C:\Program Files (x86)\AIM\aim.exe
5044 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5280 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2164 C:\Windows\System32\SearchProtocolHost.exe
5252 C:\Windows\System32\SearchFilterHost.exe
3972 C:\Users\Jonathan Wu\Desktop\MBRCheck.exe
3772 C:\Windows\System32\conhost.exe
3192 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x0000001d`4c130200 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500KS-00MJB0, Rev: 02.01C03
PhysicalDrive1 Model Number: ST31000340AS, Rev: SD15

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
931 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

[ryukensfj]

OTL.txt

OTL logfile created on: 9/2/2010 1:40:08 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Jonathan Wu\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 74.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 115.69 Gb Total Space | 29.50 Gb Free Space | 25.50% Space Free | Partition Type: NTFS
Drive D: | 117.19 Gb Total Space | 72.72 Gb Free Space | 62.05% Space Free | Partition Type: NTFS
Drive E: | 931.50 Gb Total Space | 222.15 Gb Free Space | 23.85% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WIN7_I7
Current User Name: Jonathan Wu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/02 13:38:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan Wu\Desktop\OTL.exe
PRC - [2010/08/18 12:24:32 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2010/07/22 19:07:03 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/22 19:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/24 07:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/06/01 10:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/04/11 18:22:23 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/07 19:50:00 | 000,235,560 | ---- | M] () -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
PRC - [2009/12/01 10:38:47 | 003,951,976 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2009/11/25 06:24:14 | 004,009,592 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2009/11/17 21:01:30 | 000,194,224 | ---- | M] (Binary Fortress Software) -- E:\my download files\G15SpeedFan-1.1.0\G15SpeedFan.exe
PRC - [2009/11/04 15:31:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2009/09/25 07:59:18 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2008/06/12 13:05:04 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
PRC - [2007/05/28 09:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (SafeList) ==========

MOD - [2010/09/02 13:38:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan Wu\Desktop\OTL.exe
MOD - [2009/07/20 04:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/06/10 14:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 18:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 18:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/06/12 11:48:26 | 002,609,016 | ---- | M] (RealVNC Ltd.) [On_Demand | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2010/08/18 12:24:32 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2010/06/24 07:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/04/11 18:22:23 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/07 19:50:00 | 000,235,560 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe -- (Marvell RAID)
SRV - [2009/12/11 16:47:44 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/11/04 15:31:02 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2009/06/30 10:28:28 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/06/12 13:05:04 | 000,024,635 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe -- (MRUWebService)
SRV - [2007/05/28 09:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mrv64drv.sys -- (Mrvleap)
DRV:64bit: - File not found [File_System | Boot | Stopped] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/06/07 17:10:33 | 000,716,800 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2010/05/31 06:08:36 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/01/15 21:08:12 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/01/15 20:53:53 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/01/15 20:04:56 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009/10/26 23:37:14 | 000,022,568 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2009/10/20 10:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/10/14 21:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
DRV:64bit: - [2009/10/02 19:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/25 07:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/09/25 07:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/09/22 18:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/22 18:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/22 18:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/22 18:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/09/14 14:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/09/11 12:49:18 | 000,076,552 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/09/11 12:49:08 | 000,015,880 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/09/11 12:48:58 | 000,036,872 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2009/09/11 12:48:46 | 000,041,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/09/11 12:48:36 | 000,026,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2009/09/01 15:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009/08/20 09:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 18:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 18:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 16:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 16:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/19 19:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/17 09:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 09:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 09:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/24 15:03:22 | 000,092,160 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2008/06/12 09:46:42 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2007/10/28 20:22:32 | 000,340,480 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WN111x.sys -- (MRV6X64U) Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/05/11 17:31:02 | 003,612,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Pro 5000(UVC)
DRV:64bit: - [2007/05/11 17:30:50 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/05/11 17:29:08 | 001,361,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2006/11/03 17:04:24 | 000,659,488 | ---- | M] (Atheros Communications, Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N5SG.sys -- (N5SG)

 

[ryukensfj]

OTL.txt continued

DRV - [2010/02/27 23:21:22 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2007/09/11 03:23:46 | 000,018,944 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mrv64drv.sys -- (Mrvleap)
DRV - [2007/02/07 11:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 61 29 C7 F1 4D 4A CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://nissan.promo.eprize.com/nismo/"
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.69.1
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\citius@orbiscom: C:\Program Files (x86)\Virtual Account Numbers [2010/02/04 20:46:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/30 18:59:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/30 18:59:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/08/13 12:01:30 | 000,000,000 | ---D | M]

[2010/01/15 21:46:15 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wu\AppData\Roaming\Mozilla\Extensions
[2010/01/15 21:46:15 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wu\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/01/15 20:09:14 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wu\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/09/01 19:59:54 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wu\AppData\Roaming\Mozilla\Firefox\Profiles\cu5ng713.default\extensions
[2010/04/04 19:37:31 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Jonathan Wu\AppData\Roaming\Mozilla\Firefox\Profiles\cu5ng713.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/04/04 22:12:04 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wu\AppData\Roaming\Mozilla\Firefox\Profiles\cu5ng713.default\extensions\SkipScreen@SkipScreen
[2010/08/30 23:07:46 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wu\AppData\Roaming\Mozilla\Firefox\Profiles\cu5ng713.default\extensions\support@lastpass.com
[2010/08/30 18:59:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/08/30 19:20:29 | 000,416,980 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14389 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Virtual Account Numbers Helper) - {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Virtual Account Numbers) - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL LLC)
O4 - HKCU..\Run: [EPSON Stylus CX8400 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATICEA.EXE File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\Jonathan Wu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RivaTuner.lnk = C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 10.61.32.1 1.1.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\sbhook64.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll acaptuser32.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll acaptuser32.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/20 14:27:21 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3de56e3a-3093-11df-ab03-6cf04902f6e9}\Shell - "" = AutoRun
O33 - MountPoints2\{3de56e3a-3093-11df-ab03-6cf04902f6e9}\Shell\AutoRun\command - "" = H:\HPLauncher.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\StartClickFreeBackup.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\StartClickFreeBackup.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\StartClickFreeBackup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

[ryukensfj]

OTL.txt continued

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo - vfwwdm32.dll (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/09/02 13:38:13 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Jonathan Wu\Desktop\OTL.exe
[2010/09/01 20:57:35 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/01 20:44:16 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jonathan Wu\Desktop\HijackThis.exe
[2010/08/31 15:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/08/31 15:02:12 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/08/31 15:02:12 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/08/30 19:20:19 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wu\AppData\Local\Sunbelt Software
[2010/08/30 19:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/08/30 19:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/08/30 18:58:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/08/30 10:52:22 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wu\Desktop\attachments_2010_08_30
[2010/08/25 19:41:51 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wu\AppData\Roaming\saltwater
[2010/08/25 18:14:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Power Mp3 Cutter(Mp3 Sound Cutter)
[2010/08/25 18:09:05 | 000,352,256 | ---- | C] (eSellerate Inc.) -- C:\Windows\SysWow64\eSellerateEngine.dll
[2010/08/24 02:49:30 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wu\Desktop\VBChickBotV8.2
[2010/08/23 23:34:56 | 000,092,160 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysNative\drivers\ser2pl64.sys
[2010/08/22 14:07:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/09 04:49:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/08/07 13:58:20 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wu\Desktop\KW V2s Upload
[2010/08/07 13:38:00 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wu\Desktop\Pro-Kit
[2010/08/07 13:37:39 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wu\Desktop\KW V2s
[2010/08/05 03:43:30 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wu\Desktop\Pete's Files
[2010/08/01 11:43:03 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wu\AppData\Local\Yahoo!
[2010/08/01 11:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/08/01 11:42:21 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wu\AppData\Roaming\Yahoo!
[2010/08/01 02:03:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/07/30 14:51:07 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wu\AppData\Roaming\IBMERS
[2010/07/19 22:42:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/06/28 15:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitLord
[2010/06/28 14:13:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PFPortChecker
[2010/06/24 13:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HMA! Pro VPN
[2010/06/21 14:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/06/20 23:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QS
[2010/06/20 23:36:45 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wu\AppData\Roaming\TeamViewer
[2010/06/20 23:36:42 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wu\temp
[2010/06/18 18:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010/06/18 18:07:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010/06/17 21:54:12 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wu\Desktop\Jonathan Mazda 3
[2010/06/16 18:37:10 | 000,026,112 | ---- | C] (RealVNC Ltd.) -- C:\Windows\SysNative\vncmirror.dll
[2010/06/16 18:37:10 | 000,004,608 | ---- | C] (RealVNC Ltd.) -- C:\Windows\SysNative\drivers\vncmirror.sys
[2010/06/16 18:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\RealVNC
[2010/06/16 17:47:41 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\wpcap.dll
[2010/06/16 17:47:41 | 000,025,312 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\SCMNdisP.sys
[2010/06/16 17:47:40 | 000,096,784 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\Packet.dll
[2010/06/16 17:47:40 | 000,047,632 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2010/06/07 17:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2010/06/07 17:11:49 | 000,716,800 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\drivers\netr7364.sys
[2010/06/07 16:57:23 | 000,305,152 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2010/01/15 20:53:53 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Jonathan Wu\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/02 13:46:59 | 006,553,600 | -HS- | M] () -- C:\Users\Jonathan Wu\ntuser.dat
[2010/09/02 13:38:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan Wu\Desktop\OTL.exe
[2010/09/02 13:02:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4264962670-927182372-1804427768-1001UA.job
[2010/09/02 00:01:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4264962670-927182372-1804427768-1001Core.job
[2010/09/01 22:49:17 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/01 22:49:17 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/01 20:44:18 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jonathan Wu\Desktop\HijackThis.exe
[2010/09/01 20:30:20 | 003,830,204 | ---- | M] () -- C:\Users\Jonathan Wu\Desktop\ComboFix.exe
[2010/09/01 16:48:10 | 000,018,176 | ---- | M] () -- C:\Windows\za_mv_raid.ev
[2010/09/01 16:48:10 | 000,000,096 | ---- | M] () -- C:\Windows\za_mv_seqnum.ev
[2010/09/01 16:48:07 | 000,000,008 | ---- | M] () -- C:\Windows\mvraidver.dat
[2010/09/01 16:47:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/01 16:47:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/01 16:47:40 | 2143,936,511 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/01 16:47:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/09/01 15:43:32 | 001,433,641 | -H-- | M] () -- C:\Users\Jonathan Wu\AppData\Local\IconCache.db
[2010/08/31 15:32:56 | 000,001,299 | ---- | M] () -- C:\Users\Jonathan Wu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RivaTuner.lnk
[2010/08/31 03:48:08 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/08/30 19:20:29 | 000,416,980 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/08/30 18:53:34 | 000,002,284 | ---- | M] () -- C:\Users\Jonathan Wu\Documents\cc_20100830_185331.reg
[2010/08/29 18:49:04 | 000,006,046 | ---- | M] () -- C:\Users\Jonathan Wu\Documents\cc_20100829_184821.reg
[2010/08/26 18:42:28 | 000,009,973 | ---- | M] () -- C:\Users\Jonathan Wu\Desktop\Lotto.xlsx
[2010/08/23 23:51:07 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/23 23:51:07 | 000,628,436 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/23 23:51:07 | 000,107,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/23 14:04:39 | 000,107,203 | ---- | M] () -- C:\Users\Jonathan Wu\Desktop\Change_of_Schedule_Form.pdf
[2010/08/19 15:24:14 | 000,485,209 | ---- | M] () -- C:\Users\Jonathan Wu\Desktop\IMG00040-20100819-1442.jpg
[2010/08/16 17:13:45 | 000,175,872 | ---- | M] () -- C:\Users\Jonathan Wu\Desktop\DSCF7717.jpg
[2010/08/16 15:12:38 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\HMA! Pro VPN.lnk
[2010/08/14 00:55:47 | 000,524,288 | -HS- | M] () -- C:\Users\Jonathan Wu\ntuser.dat{b935d5da-a70b-11df-aeda-6cf04902f6e9}.TMContainer00000000000000000002.regtrans-ms
[2010/08/14 00:55:47 | 000,524,288 | -HS- | M] () -- C:\Users\Jonathan Wu\ntuser.dat{b935d5da-a70b-11df-aeda-6cf04902f6e9}.TMContainer00000000000000000001.regtrans-ms
[2010/08/14 00:55:47 | 000,065,536 | -HS- | M] () -- C:\Users\Jonathan Wu\ntuser.dat{b935d5da-a70b-11df-aeda-6cf04902f6e9}.TM.blf
[2010/08/13 12:14:22 | 000,001,159 | ---- | M] () -- C:\Users\Jonathan Wu\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/13 12:03:47 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/08/13 12:03:47 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/08/13 11:56:11 | 000,524,288 | -HS- | M] () -- C:\Users\Jonathan Wu\ntuser.dat{26e002d7-a708-11df-a6d5-6cf04902f6e9}.TMContainer00000000000000000002.regtrans-ms
[2010/08/13 11:56:11 | 000,524,288 | -HS- | M] () -- C:\Users\Jonathan Wu\ntuser.dat{26e002d7-a708-11df-a6d5-6cf04902f6e9}.TMContainer00000000000000000001.regtrans-ms
[2010/08/13 11:56:11 | 000,065,536 | -HS- | M] () -- C:\Users\Jonathan Wu\ntuser.dat{26e002d7-a708-11df-a6d5-6cf04902f6e9}.TM.blf
[2010/08/09 05:35:02 | 000,524,288 | -HS- | M] () -- C:\Users\Jonathan Wu\ntuser.dat{0b9330cb-a3af-11df-bbca-6cf04902f6e9}.TMContainer00000000000000000002.regtrans-ms
[2010/08/09 05:35:02 | 000,524,288 | -HS- | M] () -- C:\Users\Jonathan Wu\ntuser.dat{0b9330cb-a3af-11df-bbca-6cf04902f6e9}.TMContainer00000000000000000001.regtrans-ms
[2010/08/09 05:35:02 | 000,065,536 | -HS- | M] () -- C:\Users\Jonathan Wu\ntuser.dat{0b9330cb-a3af-11df-bbca-6cf04902f6e9}.TM.blf
[2010/08/09 04:42:57 | 000,524,288 | -HS- | M] () -- C:\Users\Jonathan Wu\ntuser.dat{5eb5b54b-a3a8-11df-b730-e609a8fa427d}.TMContainer00000000000000000002.regtrans-ms
[2010/08/09 04:42:57 | 000,524,288 | -HS- | M] () -- C:\Users\Jonathan Wu\ntuser.dat{5eb5b54b-a3a8-11df-b730-e609a8fa427d}.TMContainer00000000000000000001.regtrans-ms
[2010/08/09 04:42:57 | 000,065,536 | -HS- | M] () -- C:\Users\Jonathan Wu\ntuser.dat{5eb5b54b-a3a8-11df-b730-e609a8fa427d}.TM.blf
[2010/07/29 16:49:38 | 000,078,551 | ---- | M] () -- C:\Users\Jonathan Wu\Desktop\COR-6087 (US).pdf
[2010/07/22 14:23:48 | 003,097,319 | ---- | M] () -- C:\Users\Jonathan Wu\Desktop\Jonathan's Form.jpg
[2010/07/21 18:06:42 | 000,178,176 | ---- | M] () -- C:\Users\Jonathan Wu\Desktop\KWContestWinner.doc
[2010/07/17 00:22:21 | 000,001,730 | ---- | M] () -- C:\Users\Jonathan Wu\Documents\cc_20100717_002217.reg
[2010/07/12 16:58:19 | 000,133,614 | ---- | M] () -- C:\Users\Jonathan Wu\Desktop\carshow_2010.pdf
[2010/07/11 21:46:50 | 000,244,167 | ---- | M] () -- C:\Users\Jonathan Wu\Desktop\Flashlight_full_big.jpg
[2010/07/11 21:43:18 | 000,780,416 | ---- | M] () -- C:\Users\Jonathan Wu\Desktop\flashlight_full.jpg
[2010/07/11 21:35:41 | 000,046,001 | ---- | M] () -- C:\Users\Jonathan Wu\Desktop\flash_c.jpg
[2010/07/09 15:38:00 | 000,065,128 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/07/09 15:38:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/07/09 15:38:00 | 000,012,264 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010/07/09 13:18:36 | 004,570,608 | ---- | M] () -- C:\Users\Jonathan Wu\Desktop\Spirit.exe
[2010/07/08 23:52:12 | 000,063,752 | ---- | M] () -- C:\Users\Jonathan Wu\Desktop\Capture.JPG
[2010/07/07 22:05:00 | 277,794,671 | ---- | M] () -- C:\Users\Jonathan Wu\Desktop\iPod2,1_3.1.2_7D11_Restore.ipsw
[2010/07/07 21:58:05 | 000,608,256 | ---- | M] () -- C:\Users\Jonathan Wu\Desktop\blackra1n.exe
[2010/06/28 15:18:39 | 000,001,003 | ---- | M] () -- C:\Users\Jonathan Wu\Desktop\BitLord.lnk
[2010/06/28 13:46:18 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/06/28 12:04:42 | 000,001,336 | ---- | M] () -- C:\Users\Jonathan Wu\Documents\cc_20100628_120439.reg
[2010/06/24 03:22:40 | 000,000,651 | ---- | M] () -- C:\Users\Jonathan Wu\Desktop\utorrent.ini
[2010/06/22 23:30:06 | 000,001,234 | ---- | M] () -- C:\Users\Jonathan Wu\Documents\cc_20100622_232945.reg
[2010/06/20 18:10:29 | 000,524,288 | -HS- | M] () -- C:\Users\Jonathan Wu\ntuser.dat{d7262513-7ca7-11df-8be4-6cf04902f6e9}.TMContainer00000000000000000002.regtrans-ms
[2010/06/20 18:10:29 | 000,524,288 | -HS- | M] () -- C:\Users\Jonathan Wu\ntuser.dat{d7262513-7ca7-11df-8be4-6cf04902f6e9}.TMContainer00000000000000000001.regtrans-ms
[2010/06/20 18:10:29 | 000,065,536 | -HS- | M] () -- C:\Users\Jonathan Wu\ntuser.dat{d7262513-7ca7-11df-8be4-6cf04902f6e9}.TM.blf
[2010/06/18 18:26:01 | 000,022,924 | ---- | M] () -- C:\Users\Jonathan Wu\Documents\cc_20100618_182545.reg
[2010/06/18 18:25:34 | 000,000,082 | ---- | M] () -- C:\Users\Jonathan Wu\Documents\cc_20100618_182530.reg
[2010/06/16 23:33:34 | 000,413,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/16 17:50:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
[2010/06/16 17:47:40 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2010/06/07 17:49:16 | 000,000,127 | ---- | M] () -- C:\Windows\zraidtray.ini
[2010/06/07 17:41:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\mvcli.ini
[2010/06/07 17:41:05 | 000,050,360 | ---- | M] () -- C:\Windows\php.ini
[2010/06/07 17:10:33 | 000,716,800 | ---- | M] (Ralink Technology, Corp.) -- C:\Windows\SysNative\drivers\netr7364.sys
[2010/06/07 16:56:03 | 000,305,152 | ---- | M] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

[ryukensfj]

OTL.txt continued

========== Files Created - No Company Name ==========

[2010/09/01 20:30:05 | 003,830,204 | ---- | C] () -- C:\Users\Jonathan Wu\Desktop\ComboFix.exe
[2010/08/31 15:02:12 | 000,012,264 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/08/31 03:48:06 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/08/30 18:53:33 | 000,002,284 | ---- | C] () -- C:\Users\Jonathan Wu\Documents\cc_20100830_185331.reg
[2010/08/29 18:48:38 | 000,006,046 | ---- | C] () -- C:\Users\Jonathan Wu\Documents\cc_20100829_184821.reg
[2010/08/26 18:19:20 | 000,009,973 | ---- | C] () -- C:\Users\Jonathan Wu\Desktop\Lotto.xlsx
[2010/08/23 12:33:56 | 000,107,203 | ---- | C] () -- C:\Users\Jonathan Wu\Desktop\Change_of_Schedule_Form.pdf
[2010/08/19 15:24:34 | 000,485,209 | ---- | C] () -- C:\Users\Jonathan Wu\Desktop\IMG00040-20100819-1442.jpg
[2010/08/16 17:13:44 | 000,175,872 | ---- | C] () -- C:\Users\Jonathan Wu\Desktop\DSCF7717.jpg
[2010/08/13 12:14:22 | 000,001,159 | ---- | C] () -- C:\Users\Jonathan Wu\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/13 12:03:18 | 000,524,288 | -HS- | C] () -- C:\Users\Jonathan Wu\ntuser.dat{b935d5da-a70b-11df-aeda-6cf04902f6e9}.TMContainer00000000000000000002.regtrans-ms
[2010/08/13 12:03:18 | 000,524,288 | -HS- | C] () -- C:\Users\Jonathan Wu\ntuser.dat{b935d5da-a70b-11df-aeda-6cf04902f6e9}.TMContainer00000000000000000001.regtrans-ms
[2010/08/13 12:03:18 | 000,065,536 | -HS- | C] () -- C:\Users\Jonathan Wu\ntuser.dat{b935d5da-a70b-11df-aeda-6cf04902f6e9}.TM.blf
[2010/08/13 11:51:26 | 000,524,288 | -HS- | C] () -- C:\Users\Jonathan Wu\ntuser.dat{26e002d7-a708-11df-a6d5-6cf04902f6e9}.TMContainer00000000000000000002.regtrans-ms
[2010/08/13 11:51:26 | 000,524,288 | -HS- | C] () -- C:\Users\Jonathan Wu\ntuser.dat{26e002d7-a708-11df-a6d5-6cf04902f6e9}.TMContainer00000000000000000001.regtrans-ms
[2010/08/13 11:51:26 | 000,065,536 | -HS- | C] () -- C:\Users\Jonathan Wu\ntuser.dat{26e002d7-a708-11df-a6d5-6cf04902f6e9}.TM.blf
[2010/08/09 05:23:48 | 000,524,288 | -HS- | C] () -- C:\Users\Jonathan Wu\ntuser.dat{0b9330cb-a3af-11df-bbca-6cf04902f6e9}.TMContainer00000000000000000002.regtrans-ms
[2010/08/09 05:23:48 | 000,524,288 | -HS- | C] () -- C:\Users\Jonathan Wu\ntuser.dat{0b9330cb-a3af-11df-bbca-6cf04902f6e9}.TMContainer00000000000000000001.regtrans-ms
[2010/08/09 05:23:48 | 000,065,536 | -HS- | C] () -- C:\Users\Jonathan Wu\ntuser.dat{0b9330cb-a3af-11df-bbca-6cf04902f6e9}.TM.blf
[2010/08/09 04:32:21 | 000,524,288 | -HS- | C] () -- C:\Users\Jonathan Wu\ntuser.dat{5eb5b54b-a3a8-11df-b730-e609a8fa427d}.TMContainer00000000000000000002.regtrans-ms
[2010/08/09 04:32:21 | 000,524,288 | -HS- | C] () -- C:\Users\Jonathan Wu\ntuser.dat{5eb5b54b-a3a8-11df-b730-e609a8fa427d}.TMContainer00000000000000000001.regtrans-ms
[2010/08/09 04:32:21 | 000,065,536 | -HS- | C] () -- C:\Users\Jonathan Wu\ntuser.dat{5eb5b54b-a3a8-11df-b730-e609a8fa427d}.TM.blf
[2010/07/29 16:49:38 | 000,078,551 | ---- | C] () -- C:\Users\Jonathan Wu\Desktop\COR-6087 (US).pdf
[2010/07/22 14:32:17 | 003,097,319 | ---- | C] () -- C:\Users\Jonathan Wu\Desktop\Jonathan's Form.jpg
[2010/07/21 18:06:36 | 000,178,176 | ---- | C] () -- C:\Users\Jonathan Wu\Desktop\KWContestWinner.doc
[2010/07/17 00:22:19 | 000,001,730 | ---- | C] () -- C:\Users\Jonathan Wu\Documents\cc_20100717_002217.reg
[2010/07/12 16:44:12 | 000,133,614 | ---- | C] () -- C:\Users\Jonathan Wu\Desktop\carshow_2010.pdf
[2010/07/11 21:46:48 | 000,244,167 | ---- | C] () -- C:\Users\Jonathan Wu\Desktop\Flashlight_full_big.jpg
[2010/07/11 21:43:12 | 000,780,416 | ---- | C] () -- C:\Users\Jonathan Wu\Desktop\flashlight_full.jpg
[2010/07/11 21:35:39 | 000,046,001 | ---- | C] () -- C:\Users\Jonathan Wu\Desktop\flash_c.jpg
[2010/07/09 13:07:12 | 004,570,608 | ---- | C] () -- C:\Users\Jonathan Wu\Desktop\Spirit.exe
[2010/07/08 23:52:11 | 000,063,752 | ---- | C] () -- C:\Users\Jonathan Wu\Desktop\Capture.JPG
[2010/07/07 22:00:05 | 277,794,671 | ---- | C] () -- C:\Users\Jonathan Wu\Desktop\iPod2,1_3.1.2_7D11_Restore.ipsw
[2010/07/07 21:58:05 | 000,608,256 | ---- | C] () -- C:\Users\Jonathan Wu\Desktop\blackra1n.exe
[2010/06/28 15:18:39 | 000,001,003 | ---- | C] () -- C:\Users\Jonathan Wu\Desktop\BitLord.lnk
[2010/06/28 13:46:18 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/06/28 12:04:41 | 000,001,336 | ---- | C] () -- C:\Users\Jonathan Wu\Documents\cc_20100628_120439.reg
[2010/06/24 13:20:00 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\HMA! Pro VPN.lnk
[2010/06/24 03:20:30 | 000,000,651 | ---- | C] () -- C:\Users\Jonathan Wu\Desktop\utorrent.ini
[2010/06/22 23:29:49 | 000,001,234 | ---- | C] () -- C:\Users\Jonathan Wu\Documents\cc_20100622_232945.reg
[2010/06/20 13:23:45 | 000,524,288 | -HS- | C] () -- C:\Users\Jonathan Wu\ntuser.dat{d7262513-7ca7-11df-8be4-6cf04902f6e9}.TMContainer00000000000000000002.regtrans-ms
[2010/06/20 13:23:45 | 000,524,288 | -HS- | C] () -- C:\Users\Jonathan Wu\ntuser.dat{d7262513-7ca7-11df-8be4-6cf04902f6e9}.TMContainer00000000000000000001.regtrans-ms
[2010/06/20 13:23:45 | 000,065,536 | -HS- | C] () -- C:\Users\Jonathan Wu\ntuser.dat{d7262513-7ca7-11df-8be4-6cf04902f6e9}.TM.blf
[2010/06/18 18:25:47 | 000,022,924 | ---- | C] () -- C:\Users\Jonathan Wu\Documents\cc_20100618_182545.reg
[2010/06/18 18:25:34 | 000,000,082 | ---- | C] () -- C:\Users\Jonathan Wu\Documents\cc_20100618_182530.reg
[2010/06/16 17:50:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
[2010/06/16 17:47:41 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/06/16 17:47:40 | 000,000,928 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2010/06/07 17:41:37 | 000,018,176 | ---- | C] () -- C:\Windows\za_mv_raid.ev
[2010/06/07 17:41:37 | 000,000,096 | ---- | C] () -- C:\Windows\za_mv_seqnum.ev
[2010/06/07 17:41:34 | 000,000,008 | ---- | C] () -- C:\Windows\mvraidver.dat
[2010/06/07 17:41:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\mvcli.ini
[2010/06/07 17:11:49 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\UpdateDriver.exe
[2010/06/07 17:11:49 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini
[2010/03/31 22:21:03 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/02/12 19:11:56 | 000,000,163 | ---- | C] () -- C:\Users\Jonathan Wu\AppData\Roaming\PLGComp.ini
[2010/02/03 18:05:11 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/02/02 22:59:18 | 000,000,600 | ---- | C] () -- C:\Users\Jonathan Wu\AppData\Local\PUTTY.RND
[2010/02/02 22:43:51 | 000,000,600 | ---- | C] () -- C:\Users\Jonathan Wu\AppData\Roaming\winscp.rnd
[2010/01/25 12:55:15 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/16 12:48:18 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\IlmImf.dll
[2010/01/16 12:48:18 | 000,446,464 | ---- | C] () -- C:\Windows\SysWow64\Photomatix_jpg.dll
[2010/01/16 12:48:18 | 000,353,280 | ---- | C] () -- C:\Windows\SysWow64\pmtf2.dll
[2010/01/16 12:48:18 | 000,266,240 | ---- | C] () -- C:\Windows\SysWow64\Photomatix25Lib.dll
[2010/01/16 12:48:18 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\Photomatix25Lib2.dll
[2010/01/16 12:48:18 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\pmtf1.dll
[2010/01/16 12:48:18 | 000,204,288 | ---- | C] () -- C:\Windows\SysWow64\pmtf3.dll
[2010/01/16 12:48:18 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\Photomatix25Lib3.dll
[2010/01/16 12:48:18 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pmexr.dll
[2010/01/16 12:48:18 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmbm.dll
[2010/01/15 20:54:07 | 000,000,034 | ---- | C] () -- C:\Users\Jonathan Wu\AppData\Roaming\pcouffin.log
[2010/01/15 20:53:53 | 000,099,384 | ---- | C] () -- C:\Users\Jonathan Wu\AppData\Roaming\inst.exe
[2010/01/15 20:53:53 | 000,007,859 | ---- | C] () -- C:\Users\Jonathan Wu\AppData\Roaming\pcouffin.cat
[2010/01/15 20:53:53 | 000,001,167 | ---- | C] () -- C:\Users\Jonathan Wu\AppData\Roaming\pcouffin.inf
[2009/09/29 18:44:52 | 000,000,127 | ---- | C] () -- C:\Windows\zraidtray.ini
[2009/09/29 02:18:02 | 000,050,360 | ---- | C] () -- C:\Windows\php.ini
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2004/01/30 09:37:50 | 000,000,092 | R--- | C] () -- C:\Windows\SysWow64\FTDIUN2K.INI
[2002/03/01 14:43:34 | 000,028,008 | ---- | C] () -- C:\Windows\SysWow64\SUSUSB.SYS

========== LOP Check ==========

[2010/01/15 21:21:09 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wu\AppData\Roaming\acccore
[2010/01/29 00:14:16 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wu\AppData\Roaming\Desktopicon
[2010/02/08 13:08:38 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wu\AppData\Roaming\Folding@home-x86
[2010/07/30 14:51:07 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wu\AppData\Roaming\IBMERS
[2010/01/15 21:33:03 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wu\AppData\Roaming\IM
[2010/01/15 21:07:07 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wu\AppData\Roaming\Leadertech
[2010/08/13 11:59:32 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wu\AppData\Roaming\LimeWire
[2010/03/30 10:10:49 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wu\AppData\Roaming\mkvtoolnix
[2010/08/25 19:41:51 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wu\AppData\Roaming\saltwater
[2010/04/10 22:53:57 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wu\AppData\Roaming\SystemRequirementsLab
[2010/07/31 23:58:13 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wu\AppData\Roaming\TeamViewer
[2010/01/15 21:46:15 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wu\AppData\Roaming\TomTom
[2010/09/02 12:16:37 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wu\AppData\Roaming\uTorrent
[2010/01/15 20:55:11 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wu\AppData\Roaming\Vso
[2010/08/31 03:48:08 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/04/30 12:17:08 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/09/01 14:52:43 | 000,046,220 | ---- | M] () -- C:\aaw7boot.log
[2009/07/13 18:38:58 | 000,383,562 | ---- | M] () -- C:\bootmgr
[2010/02/03 18:16:17 | 000,000,032 | ---- | M] () -- C:\csb.log
[2010/09/01 16:47:40 | 2143,936,511 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/03 18:13:00 | 000,000,086 | ---- | M] () -- C:\Install.log
[2010/01/15 21:20:32 | 000,000,975 | -H-- | M] () -- C:\IPH.PH
[2010/04/30 00:34:24 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/09/01 16:47:40 | 4290,240,511 | -HS- | M] () -- C:\pagefile.sys
[2010/02/03 18:10:19 | 000,002,117 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 18:15:28 | 000,186,368 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\iepeers.dll
[2009/07/13 18:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\msvbvm60.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009/07/13 18:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/13 18:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/13 18:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

 

[ryukensfj]

Extras.txt

OTL Extras logfile created on: 9/2/2010 1:40:10 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Jonathan Wu\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 74.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 115.69 Gb Total Space | 29.50 Gb Free Space | 25.50% Space Free | Partition Type: NTFS
Drive D: | 117.19 Gb Total Space | 72.72 Gb Free Space | 62.05% Space Free | Partition Type: NTFS
Drive E: | 931.50 Gb Total Space | 222.15 Gb Free Space | 23.85% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WIN7_I7
Current User Name: Jonathan Wu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\iCall\iCall.exe" = C:\Program Files (x86)\iCall\iCall.exe:*:Enabled:iCall -- ()
"C:\Program Files (x86)\iCall\iCall.exe" = C:\Program Files (x86)\iCall\iCall.exe:*:Enabled:iCall -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
"{55C09FC1-D2D8-495A-BD80-D6725F0DCA58}" = Logitech GamePanel Software 3.04.137
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{96F1BA99-300F-4DD5-A26B-788EF63B53B1}" = Logitech Gaming Software 5.08
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"RealVNC_is1" = VNC Enterprise Edition E4.4.2
"VNCMirror_is1" = VNC Mirror Driver 1.8.0
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9C411DC9-B8B8-45F3-B688-073BF4B59094}" = Virtual Account Numbers
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC76BA86-1033-F400-7760-0000003D0002}" = Adobe Acrobat 3D
"{AFCE4D19-D385-4232-9B0E-809D85A25A10}" = NETGEAR WN111 wireless USB 2.0 adapter
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806}" = Virtual Account Numbers
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F5F56D88-56A2-4157-BED4-D650634974E3}" = honestech Video Editor
"{FC98FBE9-E931-494C-8717-497185371033}" = Nero 7 Ultra Edition
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 3D" = Adobe Acrobat 3D 7.1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AIM_7" = AIM 7
"BitLord" = BitLord 1.1
"CCleaner" = CCleaner
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Ripper Platinum 4" = DVD Ripper Platinum 4
"HMA! Pro VPN" = HMA! Pro VPN 2.4.1
"iCall_is1" = iCall
"InstallShield_{AFCE4D19-D385-4232-9B0E-809D85A25A10}" = NETGEAR WN111 wireless USB 2.0 adapter
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"LimeWire" = LimeWire PRO 5.4.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MKVtoolnix" = MKVtoolnix 3.2.0
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"mv61xxMRU" = Marvell MRU V4
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"PFPortChecker" = PFPortChecker 1.0.32
"Photomatix Pro_is1" = Photomatix Pro version 2.5
"Power Mp3 Cutter(Mp3 Sound Cutter)_is1" = Power Mp3 Cutter(Mp3 Sound Cutter) 1.40
"Precision" = EVGA Precision 1.9.1
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"PuTTY_is1" = PuTTY version 0.59
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"SpeedFan" = SpeedFan (remove only)
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"stunnel" = stunnel
"TomTom HOME" = TomTom HOME 2.7.5.2014
"Unlocker" = Unlocker 1.8.8
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"winscp3_is1" = WinSCP 4.1.9
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/27/2010 5:14:11 AM | Computer Name = Win7_i7 | Source = Bonjour Service | ID = 100
Description = 252: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/27/2010 5:14:11 AM | Computer Name = Win7_i7 | Source = Bonjour Service | ID = 100
Description = 248: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

 

[ryukensfj]

Extras.txt continued

Error - 8/30/2010 5:51:33 PM | Computer Name = Win7_i7 | Source = Application Hang | ID = 1002
Description = The program VBChickBot.exe version 1.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 14e0 Start
Time: 01cb488b9bd57695 Termination Time: 10 Application Path: C:\Users\Jonathan Wu\Desktop\VBChickBotV8.2\VBChickBot.exe

Report
Id: beede2e3-b480-11df-8bb7-6cf04902f6e9

Error - 8/30/2010 9:56:32 PM | Computer Name = Win7_i7 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 8/30/2010 9:57:15 PM | Computer Name = Win7_i7 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 8/30/2010 9:59:28 PM | Computer Name = Win7_i7 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 8/30/2010 10:00:09 PM | Computer Name = Win7_i7 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 8/31/2010 4:48:34 PM | Computer Name = Win7_i7 | Source = System Restore | ID = 8193
Description =

Error - 9/1/2010 8:10:13 PM | Computer Name = Win7_i7 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 9/2/2010 7:15:37 AM | Computer Name = Win7_i7 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 7/13/2010 4:23:35 AM | Computer Name = Win7_i7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 7/13/2010 4:30:14 AM | Computer Name = Win7_i7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR4.

Error - 7/13/2010 3:45:30 PM | Computer Name = Win7_i7 | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{F97DC581-2B55-44E1-A7BA-C8FAC05ECD20}
because another computer on the network has the same name. The server could not
start.

Error - 7/13/2010 3:46:03 PM | Computer Name = Win7_i7 | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{F97DC581-2B55-44E1-A7BA-C8FAC05ECD20}
because another computer on the network has the same name. The server could not
start.

Error - 7/21/2010 3:39:27 PM | Computer Name = Win7_i7 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:37:33 PM on ?7/?21/?2010 was unexpected.

Error - 7/22/2010 5:33:14 PM | Computer Name = Win7_i7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR4.

Error - 7/22/2010 5:33:14 PM | Computer Name = Win7_i7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR4.

Error - 7/22/2010 5:33:15 PM | Computer Name = Win7_i7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR4.

Error - 7/22/2010 5:33:15 PM | Computer Name = Win7_i7 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR4.

Error - 7/26/2010 2:00:14 AM | Computer Name = Win7_i7 | Source = DCOM | ID = 10010
Description =


< End of report >

 

[ryukensfj]

Wow that some very long logs... Thanks for taking a look at these and helping me out Broni!

 

[Broni]

Sure thing

Check couple of things for me....

Close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode). Same thing?

Restart in Safe Mode with Networking and see, if you have same issue there.

When done, restart in normal mode and.....

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
  O4 - HKLM..\Run: [] File not found
  O4 - HKCU..\Run: [EPSON Stylus CX8400 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATICEA.EXE File not found
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
  O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab...i_4.1.71.0.cab (Reg Error: Key error.)
  O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
  O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
  O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll acaptuser32.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll acaptuser32.dll File not found
  O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
  O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
  O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
  O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
  O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O33 - MountPoints2\{3de56e3a-3093-11df-ab03-6cf04902f6e9}\Shell - "" = AutoRun
  O33 - MountPoints2\{3de56e3a-3093-11df-ab03-6cf04902f6e9}\Shell\AutoRun\command - "" = H:\HPLauncher.exe -- File not found
  O33 - MountPoints2\H\Shell - "" = AutoRun
  O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\StartClickFreeBackup.exe -- File not found
  O33 - MountPoints2\I\Shell - "" = AutoRun
  O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\StartClickFreeBackup.exe -- File not found
  O33 - MountPoints2\J\Shell - "" = AutoRun
  O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\StartClickFreeBackup.exe -- File not found
  [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  
  
  :Services
  
  :Reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
  "DisableMonitoring" =-
  "" =-
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

Any better?

 

[ryukensfj]

Oh I'm sorry what do you mean same thing with firefox safe mode? BTW is my system clean, other than the firefox issue. It might compatiablity issue with drivers,other programs, or plugins...

BTW firefox is working fine atm but it will sometimes freeze up. Did the first OTL scan fixed anything?

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" =- Will that affect the security on kaspersky? Disable monitoring sounds bad, lol

 

[Broni]

I'm sorry what do you mean same thing with firefox safe mode?

I want you to check, if FF will still freeze, if you run it for a while in FF Safe Mode.

BTW is my system clean

We're still checking....

Will that affect the security on kaspersky?

We're removing registry key, which was set to NOT to monitor Kaspersky.

 

[ryukensfj]

I want you to check, if FF will still freeze, if you run it for a while in FF Safe Mode.


We're still checking....


We're removing registry key, which was set to NOT to monitor Kaspersky.

FF has been running normal since this morning... Did the first OTL do anything other than just scan and produced logs?

 

[Broni]

OTL is just a scanner. It doesn't fix anything. Unless, you ran my script already.

 

[ryukensfj]

Yeah I ran the script just now and here is the log...

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON Stylus CX8400 Series deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Starting removal of ActiveX control {140E4DF8-9E14-4A34-9577-C77561ED7883}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{140E4DF8-9E14-4A34-9577-C77561ED7883}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{140E4DF8-9E14-4A34-9577-C77561ED7883}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{140E4DF8-9E14-4A34-9577-C77561ED7883}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{140E4DF8-9E14-4A34-9577-C77561ED7883}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll acaptuser32.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon\ deleted successfully.
File move failed. C:\Windows\SysNative\klogon.dll scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn\ deleted successfully.
c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3de56e3a-3093-11df-ab03-6cf04902f6e9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3de56e3a-3093-11df-ab03-6cf04902f6e9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3de56e3a-3093-11df-ab03-6cf04902f6e9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3de56e3a-3093-11df-ab03-6cf04902f6e9}\ not found.
File H:\HPLauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\StartClickFreeBackup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\StartClickFreeBackup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.
File J:\StartClickFreeBackup.exe not found.
C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP folder deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jonathan Wu
->Temp folder emptied: 59401568 bytes
->Temporary Internet Files folder emptied: 327974 bytes
->Java cache emptied: 32677783 bytes
->FireFox cache emptied: 89740995 bytes
->Google Chrome cache emptied: 95974953 bytes
->Flash cache emptied: 18012 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 142388927 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 2051966567 bytes

Total Files Cleaned = 2,358.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jonathan Wu
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09022010_151149

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\klogon.dll scheduled to be moved on reboot.
C:\Users\Jonathan Wu\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

 

[Broni]

OK, we'll finalize cleaning process and we'll go from there....

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• IMPORTANT! UN-check Remove found threats
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

 

[ryukensfj]

Security Check

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Kaspersky Internet Security 2010
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Adobe Flash Player 10.0.32.18
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Kaspersky Lab Kaspersky Internet Security 2010 avp.exe
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

 

[ryukensfj]

I'm trying to do the eset scanner but there is no box for # IMPORTANT! UN-check Remove found threats Should I just continue?