TechSpot

Gradual System Crashing / Text Labels, Icons Blanking Out

Solved
By gescom
Nov 20, 2010
  1. My computer problem began about a week ago; nothing in particular has occurred that I'm aware of in that time. I tend to leave my computer on for long periods, so I first noticed that when I go to turn my monitor on that I'm somehow 'logged out' of Windows and several application crash warnings are popped up (I don't normally use the login process, so this was odd). I click out of these windows to find the desktop and couple Windows Explorer windows that were already open have the text labels blanked out, or blank out when I mouse over them or single-click on an item. The title bars in windows are also blank.

    This happened later on while using the computer where text labels and icons suddenly begin to blank out and there are eventually windfall crashes of running applications. I haven't always had Chrome open when this happens, but if I do, any and all plugins will crash at once, and any new tabs I attempt to open almost immediately crash. Sometimes I'm able to restart or shut down normally if this starts to happen, but if it goes on too long, I have to manually restart the computer. I can't quite pinpoint a trigger for what's going on when this gradual meltdown happens, but I almost think it might be when one of my hard drives is accessed in a certain way (?). I have 14 HDDs not including the system HDD. Anyway, hopefully someone has an inkling as to what's going on here. I don't know if it could be a virus or hardware failure. It has inevitably happened every time I've used the computer over the past week, but not necessarily at regular intervals.

    P.S. GMER crashed during scanning, so I don't have that log.

    My system: WinXP SP3, Intel Q9450, 4GB RAM.

     
  2. gescom

    gescom TS Rookie Topic Starter Posts: 22

    Here's Attach.txt

     
  3. Broni

    Broni Malware Annihilator Posts: 47,171   +264

    Please, do NOT wrap logs in quotes.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    So far, I don't see anything malicious, but we'll check.
    One thing, I've noticed is a huge startups list.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  4. gescom

    gescom TS Rookie Topic Starter Posts: 22

    Below is the log from MBRCheck.exe. I tried running Combofix, both normally and in safe mode, but I get the message saying "Combofix cannot run when AVG is installed." I also tried the method using Rkill, but I get the same message. AVG is not installed on my computer to my knowledge.

    And earlier today, my computer began to crash as usual, and I noticed some of the error messages popping up, for instance, when I try to copy and paste a file, say the system doesn't have enough resources to complete the action. This message is shown whenever I try to do things as it slowly crashes. That is if I'm able to even read the messages popping up since buttons and text are going blank and/or flashing as I try to close them. Anyway...

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x00fff83d

    Kernel Drivers (total 159):
    0x80800000 \WINDOWS\system32\ntkrnlpa.exe
    0x80A0D000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F81000 d347bus.sys
    0xB9F53000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F42000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA0B8000 ohci1394.sys
    0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xBA4BC000 compbatt.sys
    0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA0D8000 MountMgr.sys
    0xB9F23000 ftdisk.sys
    0xBA5AC000 dmload.sys
    0xB9EFD000 dmio.sys
    0xBA330000 PartMgr.sys
    0xB9EE2000 jraid.sys
    0xB9ECA000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    0xBA0E8000 VolSnap.sys
    0xB9EB2000
    0xBA5AE000 d347prt.sys
    0xBA0F8000 disk.sys
    0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9E92000 fltmgr.sys
    0xB9E80000 sr.sys
    0xBA118000 PxHelp20.sys
    0xB9E69000 KSecDD.sys
    0xB9DDC000 Ntfs.sys
    0xB9DAF000 NDIS.sys
    0xB9D96000 snapman.sys
    0xBA128000 sbp2port.sys
    0xB9D7C000 Mup.sys
    0xBA5B0000 JGOGO.sys
    0xBA188000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB9690000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB967C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xBA390000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB9658000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA398000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB9630000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB95EF000 \SystemRoot\system32\DRIVERS\yk51x86.sys
    0xB9401000 \SystemRoot\system32\drivers\cmudaxp.sys
    0xB93DD000 \SystemRoot\system32\drivers\portcls.sys
    0xBA1A8000 \SystemRoot\system32\drivers\drmk.sys
    0xB93BA000 \SystemRoot\system32\drivers\ks.sys
    0xBA1B8000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xBA3C0000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xBA5BA000 \SystemRoot\system32\DRIVERS\ASACPI.sys
    0xBA1C8000 \SystemRoot\system32\DRIVERS\serial.sys
    0xB9D04000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xB9D00000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
    0xBA3D8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB9CF8000 \SystemRoot\system32\drivers\pfc.sys
    0xBA1E8000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
    0xBA1F8000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA208000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xBA3F0000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xBA218000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xB91F1000 \SystemRoot\system32\DRIVERS\CAMTHWDM.sys
    0xBA238000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0xBA739000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA298000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB9CE4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB91DA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA2A8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA2B8000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA418000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB91C9000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA2C8000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA428000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA438000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xBA448000 \SystemRoot\system32\DRIVERS\hamachi.sys
    0xB9199000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xBA2D8000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA458000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA5D8000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB913B000 \SystemRoot\system32\DRIVERS\update.sys
    0xB9CC0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xBA2E8000 \SystemRoot\system32\DRIVERS\cledx.sys
    0xBA2F8000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xBA318000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA5DE000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xBA178000 \SystemRoot\system32\drivers\libusb0.sys
    0xBA470000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xBA5E4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA7AB000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA5E8000 \SystemRoot\System32\Drivers\Beep.SYS
    0xB93AA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xBA498000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xBA4A0000 \SystemRoot\System32\drivers\vga.sys
    0xBA5EC000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA5F0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xBA4B0000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA388000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB92FA000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB6F18000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB6EBF000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB6E6F000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB6E49000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB939A000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xB6E27000 \SystemRoot\System32\drivers\afd.sys
    0xB938A000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xB937A000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xBA3B8000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0xB6E06000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    0xBA3C8000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0xB6DDB000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB6D6B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB936A000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB6D48000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0xBA3E8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xBA5F6000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    0xBA5F8000 \SystemRoot\system32\drivers\AsIO.sys
    0xBA408000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xB6F5F000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB933A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xB6CFC000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xBA410000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    0xB932A000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xB6C31000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
    0xB6F4B000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xBA430000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    0xBA450000 \SystemRoot\system32\DRIVERS\HidBatt.sys
    0xB6B01000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xBA618000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB6C21000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA4A8000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA7D0000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB65AC000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0xB65D5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB6CE4000 \SystemRoot\system32\DRIVERS\pnarp.sys
    0xB6CD4000 \SystemRoot\system32\DRIVERS\purendis.sys
    0xB6237000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB61FA000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB63DC000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB5F8B000 \SystemRoot\System32\Drivers\HTTP.sys
    0xB5DCB000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB5ED3000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB5E3F000 \??\C:\WINDOWS\system32\drivers\pdihwctl.sys
    0xBA468000 \SystemRoot\System32\Drivers\TDTCP.SYS
    0xB4717000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0xBA400000 \SystemRoot\system32\Drivers\LVPr2Mon.sys
    0xBA440000 \??\C:\WINDOWS\nvoclock.sys
    0xB45AD000 \??\C:\Program Files\RivaTuner v2.09\RivaTuner32.sys
    0xB166A000 \SystemRoot\system32\drivers\kmixer.sys
    0xB1548000 \SystemRoot\system32\DRIVERS\KeyMagic.sys
    0xB5B83000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xB4A62000 \SystemRoot\System32\Drivers\usbaapl.sys
    0xB62FC000 \SystemRoot\system32\drivers\LVUSBSta.sys
    0xB5E43000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 97):
    0 System Idle Process
    4 System
    832 C:\WINDOWS\system32\smss.exe
    1064 csrss.exe
    1092 C:\WINDOWS\system32\winlogon.exe
    1136 C:\WINDOWS\system32\services.exe
    1148 C:\WINDOWS\system32\lsass.exe
    1368 C:\WINDOWS\system32\svchost.exe
    1456 svchost.exe
    1824 C:\WINDOWS\system32\svchost.exe
    2020 svchost.exe
    508 svchost.exe
    680 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    988 C:\WINDOWS\explorer.exe
    260 C:\WINDOWS\system32\spoolsv.exe
    1396 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1624 svchost.exe
    1976 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    2004 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1488 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    408 C:\Program Files\Bonjour\mDNSResponder.exe
    1432 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    356 C:\Program Files\Google\Update\GoogleUpdate.exe
    584 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    700 C:\WINDOWS\system32\svchost.exe
    772 C:\Program Files\Java\jre6\bin\jqs.exe
    2052 C:\WINDOWS\system32\libusbd-nt.exe
    2068 C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    2252 C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    2472 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    2524 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    2532 C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
    2564 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    2608 C:\WINDOWS\system32\rundll32.exe
    2872 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    2896 C:\WINDOWS\system32\rundll32.exe
    2964 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    3008 C:\WINDOWS\system32\nvsvc32.exe
    3092 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    3292 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3372 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    3404 C:\Program Files\iTunes\iTunesHelper.exe
    3516 C:\WINDOWS\system32\ctfmon.exe
    2788 C:\Program Files\Griffin Technology\PowerMate\PowerMate.exe
    2796 C:\Program Files\Steam\steam.exe
    2812 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    3040 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    3136 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3176 C:\Program Files\AirVideoServer\AirVideoServer.exe
    3220 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    3484 C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    3492 C:\WINDOWS\system32\java.exe
    3600 C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
    3608 C:\Program Files\Logitech\SetPoint\SetPoint.exe
    3636 C:\WINDOWS\system32\svchost.exe
    3876 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
    3900 C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
    3908 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    3924 C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    1936 wmpnetwk.exe
    1580 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    1016 C:\Program Files\TechSmith\Snagit 9\TscHelp.exe
    3616 C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
    2392 C:\Program Files\TechSmith\Snagit 9\SnagitEditor.exe
    4964 C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    5032 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    5076 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    5136 C:\Program Files\iPod\bin\iPodService.exe
    4120 alg.exe
    6116 C:\Program Files\SABnzbd\SABnzbd.exe
    2464 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    4740 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    4624 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    4756 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    4768 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    4776 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    4796 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    4816 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    4468 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    1796 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    4372 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    4464 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    4308 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    4828 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    4860 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    4896 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    4948 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    6032 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    2148 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    1440 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    3148 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    3104 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    2084 C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    2512 C:\Program Files\VideoLAN\VLC\vlc.exe
    5356 C:\SickBeard-win32-alpha-build465.02\SickBeard.exe
    876 C:\Program Files\TeraCopy\TeraCopy.exe
    5628 C:\Documents and Settings\Jon\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive4 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (NTFS)
    \\.\L: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (FAT32)
    \\.\M: --> \\.\PhysicalDrive10 at offset 0x00000000`00007e00 (NTFS)
    \\.\N: --> \\.\PhysicalDrive9 at offset 0x00000000`00007e00 (NTFS)
    \\.\O: --> \\.\PhysicalDrive8 at offset 0x00000000`00007e00 (NTFS)
    \\.\P: --> \\.\PhysicalDrive7 at offset 0x00000000`00007e00 (NTFS)
    \\.\Q: --> \\.\PhysicalDrive14 at offset 0x00000000`00007e00 (NTFS)
    \\.\R: --> \\.\PhysicalDrive15 at offset 0x00000000`00007e00 (NTFS)
    \\.\S: --> \\.\PhysicalDrive11 at offset 0x00000000`00007e00 (NTFS)
    \\.\T: --> \\.\PhysicalDrive12 at offset 0x00000000`00007e00 (NTFS)
    \\.\U: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\V: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
    \\.\W: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
    \\.\X: --> \\.\PhysicalDrive13 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive4 Model Number: ST31000340AS, Rev: AD14
    PhysicalDrive5 Model Number: ST31000340AS, Rev: SD15
    PhysicalDrive3 Model Number: ST3160022A, Rev: 4.06
    PhysicalDrive10 Model Number: CenturyEX35SW4_SB4-D, Rev: 0100
    PhysicalDrive9 Model Number: CenturyEX35SW4_SB4-C, Rev: 0100
    PhysicalDrive8 Model Number: CenturyEX35SW4_SB4-B, Rev: 0100
    PhysicalDrive7 Model Number: CenturyEX35SW4_SB4-A, Rev: 0100
    PhysicalDrive14 Model Number: ST31500341AS, Rev: SD1A
    PhysicalDrive15 Model Number: ST31500341AS, Rev: SD1A
    PhysicalDrive11 Model Number: ST31500341AS, Rev: CC1H
    PhysicalDrive12 Model Number: ST31500341AS, Rev: CC1H
    PhysicalDrive0 Model Number: ST31500341AS, Rev: CC1H
    PhysicalDrive1 Model Number: ST31500341AS, Rev: CC1H
    PhysicalDrive2 Model Number: ST31500341AS, Rev: CC1H
    PhysicalDrive13 Model Number: ST31500341AS, Rev: CC1H

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive4 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    931 GB \\.\PhysicalDrive5 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    149 GB \\.\PhysicalDrive3 Unknown MBR code
    SHA1: 52F361BC44BB87BE63C2F19360F552125A89E7DC
    233 GB \\.\PhysicalDrive10 RE: Windows 98 MBR code detected
    SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E
    465 GB \\.\PhysicalDrive9 RE: Windows 98 MBR code detected
    SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E
    698 GB \\.\PhysicalDrive8 RE: Legit MBR code detected
    SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495
    698 GB \\.\PhysicalDrive7 RE: Legit MBR code detected
    SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495
    1397 GB \\.\PhysicalDrive14 Legit MBR code detected
    SHA1: 85562D13BAA03F4C14EFB9AADC58F7B3382DCF47
    1397 GB \\.\PhysicalDrive15 Legit MBR code detected
    SHA1: 85562D13BAA03F4C14EFB9AADC58F7B3382DCF47
    1397 GB \\.\PhysicalDrive11 Legit MBR code detected
    SHA1: 85562D13BAA03F4C14EFB9AADC58F7B3382DCF47
    1397 GB \\.\PhysicalDrive12 Legit MBR code detected
    SHA1: 85562D13BAA03F4C14EFB9AADC58F7B3382DCF47
    1397 GB \\.\PhysicalDrive0 Legit MBR code detected
    SHA1: 85562D13BAA03F4C14EFB9AADC58F7B3382DCF47
    1397 GB \\.\PhysicalDrive1 Legit MBR code detected
    SHA1: 85562D13BAA03F4C14EFB9AADC58F7B3382DCF47
    1397 GB \\.\PhysicalDrive2 Legit MBR code detected
    SHA1: 85562D13BAA03F4C14EFB9AADC58F7B3382DCF47
    1397 GB \\.\PhysicalDrive13 Legit MBR code detected
    SHA1: 85562D13BAA03F4C14EFB9AADC58F7B3382DCF47


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  5. Broni

    Broni Malware Annihilator Posts: 47,171   +264

    OK, let's see where AVG is hiding...

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  6. gescom

    gescom TS Rookie Topic Starter Posts: 22

    OTL.txt

    OTL logfile created on: 11/21/2010 1:38:02 AM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Jon\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 931.50 Gb Total Space | 273.11 Gb Free Space | 29.32% Space Free | Partition Type: NTFS
    Drive D: | 931.51 Gb Total Space | 855.64 Gb Free Space | 91.86% Space Free | Partition Type: NTFS
    Drive J: | 7.44 Gb Total Space | 0.77 Gb Free Space | 10.38% Space Free | Partition Type: FAT32
    Drive L: | 149.00 Gb Total Space | 148.99 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
    Drive M: | 233.76 Gb Total Space | 233.59 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
    Drive N: | 465.75 Gb Total Space | 344.79 Gb Free Space | 74.03% Space Free | Partition Type: NTFS
    Drive O: | 698.64 Gb Total Space | 518.12 Gb Free Space | 74.16% Space Free | Partition Type: NTFS
    Drive P: | 698.64 Gb Total Space | 235.26 Gb Free Space | 33.67% Space Free | Partition Type: NTFS
    Drive Q: | 1397.26 Gb Total Space | 1384.47 Gb Free Space | 99.08% Space Free | Partition Type: NTFS
    Drive R: | 1397.26 Gb Total Space | 1137.53 Gb Free Space | 81.41% Space Free | Partition Type: NTFS
    Drive S: | 1397.26 Gb Total Space | 1007.95 Gb Free Space | 72.14% Space Free | Partition Type: NTFS
    Drive T: | 1397.26 Gb Total Space | 586.57 Gb Free Space | 41.98% Space Free | Partition Type: NTFS
    Drive U: | 1397.26 Gb Total Space | 468.56 Gb Free Space | 33.53% Space Free | Partition Type: NTFS
    Drive V: | 1397.26 Gb Total Space | 58.53 Gb Free Space | 4.19% Space Free | Partition Type: NTFS
    Drive W: | 1397.26 Gb Total Space | 358.14 Gb Free Space | 25.63% Space Free | Partition Type: NTFS
    Drive X: | 1397.26 Gb Total Space | 458.93 Gb Free Space | 32.84% Space Free | Partition Type: NTFS

    Computer Name: JONSDESKTOP | User Name: Jon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/21 01:30:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon\Desktop\OTL.exe
    PRC - [2010/11/20 22:26:25 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
    PRC - [2010/10/27 20:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe
    PRC - [2010/10/16 03:03:14 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/10/14 09:10:05 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    PRC - [2010/09/23 13:36:04 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    PRC - [2010/09/14 10:18:20 | 004,922,760 | ---- | M] () -- C:\Program Files\AirVideoServer\AirVideoServer.exe
    PRC - [2010/08/08 23:14:08 | 000,488,968 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\Real\RealPlayer\realplay.exe
    PRC - [2010/08/08 23:13:51 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/08/02 16:10:02 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/08/02 16:09:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/08/02 16:09:56 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/07/12 10:33:54 | 001,592,672 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winamp.exe
    PRC - [2010/05/07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    PRC - [2010/05/07 17:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    PRC - [2010/05/07 17:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2010/05/07 17:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    PRC - [2010/05/05 17:16:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
    PRC - [2010/03/30 10:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    PRC - [2010/01/14 22:11:02 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2009/12/16 18:02:16 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2009/03/16 09:33:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2008/11/13 13:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    PRC - [2008/11/06 14:26:08 | 000,089,928 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
    PRC - [2008/11/06 14:26:08 | 000,053,064 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\TscHelp.exe
    PRC - [2008/11/06 14:26:04 | 008,801,608 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagitEditor.exe
    PRC - [2008/11/06 14:26:02 | 007,217,480 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
    PRC - [2008/09/10 01:53:58 | 002,187,264 | ---- | M] (CloseToSoftware) -- C:\Program Files\CD Art Display\CAD.exe
    PRC - [2008/08/05 21:58:12 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    PRC - [2008/05/02 01:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2008/05/02 01:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/12/07 11:57:16 | 000,385,024 | ---- | M] (Griffin Technology) -- C:\Program Files\Griffin Technology\PowerMate\PowerMate.exe
    PRC - [2007/10/10 16:28:48 | 001,126,400 | ---- | M] (PreSonus Audio Electronics) -- C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
    PRC - [2007/09/26 18:05:58 | 000,734,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    PRC - [2007/09/20 14:35:40 | 001,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    PRC - [2007/09/20 14:35:10 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    PRC - [2007/09/04 20:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    PRC - [2005/10/22 23:00:00 | 000,385,024 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
    PRC - [2005/03/09 19:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/21 01:30:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon\Desktop\OTL.exe
    MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2010/08/08 23:15:16 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    MOD - [2009/07/12 00:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
    MOD - [2008/05/02 01:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/08/02 16:10:02 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/08/02 16:09:56 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/05/07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2010/03/30 10:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2009/12/16 18:02:16 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2009/03/16 09:33:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2008/11/13 13:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
    SRV - [2008/09/08 18:19:46 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe -- (SandraAgentSrv)
    SRV - [2008/08/05 21:58:12 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
    SRV - [2008/06/10 20:22:56 | 001,072,008 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
    SRV - [2008/06/05 13:44:46 | 000,356,920 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
    SRV - [2008/05/02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2007/09/04 20:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
    SRV - [2005/03/09 19:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)
    SRV - [2002/12/17 16:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
    SRV - [2002/12/17 16:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Jon\Desktop\RealTemp_2.70\WinRing0.sys -- (WinRing0_1_1_1)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\npf.sys -- (NPF)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\MacHALDriver.sys -- (MacHALDriver)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\KeyAgent.sys -- (KeyAgent)
    DRV - [2010/08/02 16:10:10 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/08/02 16:10:10 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/07/27 02:15:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
    DRV - [2010/07/27 02:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
    DRV - [2010/07/27 02:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2010/06/17 15:27:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/06/17 15:27:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2010/05/07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2010/03/01 22:46:31 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/03/01 22:46:31 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2010/03/01 22:46:30 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2010/01/27 15:58:32 | 000,098,928 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
    DRV - [2009/09/23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
    DRV - [2009/08/04 15:48:50 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
    DRV - [2009/02/09 13:18:00 | 006,307,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2008/12/18 08:02:32 | 001,051,136 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CAMTHWDM.sys -- (CAMTHWDM)
    DRV - [2008/12/12 18:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
    DRV - [2008/12/12 18:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
    DRV - [2008/08/06 23:20:37 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
    DRV - [2008/07/29 13:35:18 | 000,021,920 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\sandra.sys -- (SANDRA)
    DRV - [2008/07/26 09:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2008/07/17 00:15:04 | 000,099,776 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
    DRV - [2008/07/03 18:34:14 | 002,020,160 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudaxp.sys -- (cmudaxp)
    DRV - [2008/06/10 20:22:52 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
    DRV - [2008/06/02 14:19:16 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
    DRV - [2008/06/02 14:19:12 | 000,042,376 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
    DRV - [2008/04/28 12:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\RivaTuner v2.09\RivaTuner32.sys -- (RivaTuner32)
    DRV - [2008/04/13 12:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
    DRV - [2008/04/13 11:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
    DRV - [2008/04/13 11:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
    DRV - [2008/04/13 11:46:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
    DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/02/29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2008/02/29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2008/02/29 02:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
    DRV - [2007/10/11 19:59:12 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
    DRV - [2007/10/09 16:07:52 | 000,123,440 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pae_1394.sys -- (pae_1394)
    DRV - [2007/10/09 16:07:52 | 000,051,248 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pae_avs.sys -- (pae_avs)
    DRV - [2007/10/08 21:56:23 | 000,017,920 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KeyMagic.sys -- (KeyMagic)
    DRV - [2007/09/04 20:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
    DRV - [2007/08/15 02:22:00 | 000,265,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
    DRV - [2007/07/28 15:50:36 | 000,517,632 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
    DRV - [2007/02/26 18:15:22 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
    DRV - [2007/01/25 15:41:30 | 000,014,416 | ---- | M] (Portrait Displays, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pdihwctl.sys -- (PDIHWCTL)
    DRV - [2007/01/15 19:09:06 | 000,293,888 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
    DRV - [2006/12/14 02:44:06 | 000,085,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2006/12/12 10:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
    DRV - [2006/10/18 13:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
    DRV - [2006/03/17 03:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
    DRV - [2006/02/07 05:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
    DRV - [2005/12/21 08:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
    DRV - [2005/12/21 08:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
    DRV - [2005/12/21 08:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
    DRV - [2005/05/09 19:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
    DRV - [2005/03/09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
    DRV - [2004/10/15 07:54:56 | 000,044,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i1display.sys -- (i1display)
    DRV - [2004/08/22 15:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
    DRV - [2004/08/22 15:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
    DRV - [2004/08/13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
    DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "MSN Encarta - Dictionary"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
    FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
    FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
    FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: locationbar2@design-noir.de:1.0.5
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
    FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
    FF - prefs.js..extensions.enabledItems: CompactMenuCE@Merci.chao:4.3.2
    FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
    FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.7amo
    FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
    FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5
    FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
    FF - prefs.js..extensions.enabledItems: sabnzbdstatus@dq5studios.com:1.0.15
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
    FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
    FF - prefs.js..extensions.enabledItems: daumtheme@duamcorp.com:0.1
    FF - prefs.js..extensions.enabledItems: rein@notiz.jp:3.6.1
    FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.5
    FF - prefs.js..extensions.enabledItems: cfxec@Triton:2.0.1


    FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/27 21:38:53 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/08 23:15:18 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/08 22:34:19 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 18:28:19 | 000,000,000 | ---D | M]

    [2009/01/23 00:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Extensions
    [2009/01/23 00:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Extensions\prism@developer.mozilla.org
    [2010/11/02 18:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions
    [2010/11/02 18:10:01 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2010/01/21 21:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
    [2008/04/21 01:49:56 | 000,000,000 | ---D | M] (macfoxII) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\{1476ff20-0a3c-11db-9cd8-0800200c9a66}
    [2010/11/02 18:09:53 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
    [2010/08/12 19:25:33 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
    [2010/01/28 22:12:52 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
    [2010/11/02 18:09:57 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2010/07/27 23:08:45 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
    [2010/06/03 01:24:24 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
    [2010/11/02 18:09:59 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
    [2008/04/21 01:50:02 | 000,000,000 | ---D | M] (miniFox) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\{bde351f9-0fcb-2fcf-3b9b-626f1f37d6e5}
    [2010/08/31 23:59:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/11/02 18:10:02 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2010/05/18 22:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\cfxe@Triton
    [2010/01/21 21:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\cfxec@Triton
    [2010/05/18 22:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\cfxHelper@Triton
    [2010/03/11 03:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\chromifox@altmusictv.com
    [2010/05/04 00:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\CompactMenuCE@Merci.chao
    [2009/12/23 23:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\daumtheme@duamcorp.com
    [2008/04/21 01:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\ffe_opaque_clrtabs@game-point.net
    [2010/11/02 18:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\guiconfig@slosd.net
    [2010/03/11 03:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\locationbar2@design-noir.de
    [2009/02/17 10:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\moveplayer@movenetworks.com
    [2010/11/02 18:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\personas@christopher.beard
    [2010/01/22 17:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\rapidfire@schmizz.net
    [2010/01/22 17:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\rein@notiz.jp
    [2010/05/04 00:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\sabnzbdstatus@dq5studios.com
    [2008/04/21 01:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\Saturated@davidnaylor.org
    [2010/08/12 23:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\SkipScreen@SkipScreen
    [2010/11/02 18:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\smarterwiki@wikiatic.com
    [2010/07/12 00:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\tineye@ideeinc.com
    [2010/01/22 17:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com
    [2009/12/23 23:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\daumtheme@duamcorp.com\chrome\mozapps\extensions
    [2010/10/26 18:26:28 | 000,002,105 | ---- | M] () -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\searchplugins\msn-encarta---dictionary.xml
    [2010/11/02 18:10:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/05 17:17:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/02/15 03:37:27 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
    [2010/05/05 17:16:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/07/12 10:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
    [2007/03/09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

    O1 HOSTS File: ([2009/03/16 09:22:29 | 000,000,834 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.adobeereg.com
    O1 - Hosts: 127.0.0.1 adobeereg.com
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [Cmaudio8788] File not found
    O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe ()
    O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.09\RivaTuner.exe ()
    O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.DLL (Pinnacle Systems)
    O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [AirVideoServer] C:\Program Files\AirVideoServer\AirVideoServer.exe ()
    O4 - HKCU..\Run: [Bandwidth Vista 2] C:\Program Files\Bandwidth Vista\Bandwidth Vista 2\bandwidthvista2.exe File not found
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
    O4 - HKCU..\Run: [MCW Startup] C:\Program Files\Monitor Calibration Wizard\MCW.exe ()
    O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
    O4 - HKCU..\Run: [PowerMate] C:\Program Files\Griffin Technology\PowerMate\PowerMate.exe (Griffin Technology)
    O4 - HKCU..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe File not found
    O4 - HKCU..\Run: [Steam] C:\program files\steam\steam.exe (Valve Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FirePod Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe (PreSonus Audio Electronics)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to googletalkplugin.exe.lnk = C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe (Google)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)
    O4 - Startup: C:\Documents and Settings\Jon\Start Menu\Programs\Startup\Google Talk, Labs Edition.lnk = C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe (Google)
    O4 - Startup: C:\Documents and Settings\Jon\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data]
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 10 00 00 00 [binary data]
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - Reg Error: Key error. File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab (DLM Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/20 10:57:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
    Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
    Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: VIDC.CFHD - C:\WINDOWS\System32\CFHD.dll (CineForm Inc.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
    Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.mjpg - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
    Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902053519425536)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/21 01:30:33 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jon\Desktop\OTL.exe
    [2010/11/16 18:53:36 | 041,896,896 | ---- | C] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Documents and Settings\Jon\Desktop\Evernote_4.0.1.2927.exe
    [2010/11/16 18:15:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2010/11/16 18:15:11 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2010/11/16 18:15:11 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2010/11/16 18:15:11 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2010/11/16 18:15:11 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2010/11/16 18:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2010/11/16 18:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/11/16 18:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\Desktop\avira_antivir_personal_en
    [2010/11/16 09:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/11/16 09:09:30 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/11/14 04:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/11/13 00:05:27 | 000,000,000 | ---D | C] -- C:\SickBeard-win32-alpha-build465.02
    [2010/11/12 23:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/11/12 22:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
    [2010/11/08 22:40:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\Desktop\Xmas Song MIDI
    [2010/11/05 20:54:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\logishrd
    [2010/11/05 20:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
    [2010/10/30 11:15:18 | 000,000,000 | ---D | C] -- C:\Program Files\Free Video Joiner
    [2010/10/30 10:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\Application Data\MPEG Streamclip
    [2008/06/10 22:07:01 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jon\Application Data\pcouffin.sys
    [2008/04/24 23:05:02 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
    [2008/04/24 23:05:02 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
     
  7. gescom

    gescom TS Rookie Topic Starter Posts: 22

    OTL.txt continued


    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/11/21 01:35:15 | 000,102,400 | ---- | M] () -- C:\Documents and Settings\Jon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/21 01:35:15 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/11/21 01:30:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon\Desktop\OTL.exe
    [2010/11/21 01:15:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1715567821-725345543-1003UA.job
    [2010/11/21 01:08:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/20 22:29:02 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1715567821-725345543-1003.job
    [2010/11/20 22:28:55 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1715567821-725345543-1003.job
    [2010/11/20 22:26:12 | 000,204,080 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2010/11/20 22:25:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/20 22:25:47 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1715567821-725345543-500.job
    [2010/11/20 22:25:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/20 21:42:36 | 003,912,769 | R--- | M] () -- C:\Documents and Settings\Jon\Desktop\bombofix.exe
    [2010/11/20 17:04:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/11/20 16:32:52 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\rkill.exe
    [2010/11/20 16:17:15 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\MBRCheck.exe
    [2010/11/20 10:15:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1715567821-725345543-1003Core.job
    [2010/11/20 01:29:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/19 09:52:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/11/16 18:55:25 | 041,896,896 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Documents and Settings\Jon\Desktop\Evernote_4.0.1.2927.exe
    [2010/11/16 18:17:16 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\HiJackThis.lnk
    [2010/11/16 18:16:25 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\8eg49h95.exe
    [2010/11/16 09:05:16 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
    [2010/11/15 02:13:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1715567821-725345543-500.job
    [2010/11/15 01:53:33 | 001,315,483 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\modecalc.zip
    [2010/11/13 15:24:20 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2010/11/12 23:02:53 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/11/11 21:29:30 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\Google Chrome.lnk
    [2010/11/10 20:17:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
    [2010/11/08 22:34:20 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
    [2010/11/08 01:02:52 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Jon\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    [2010/11/08 01:02:34 | 000,461,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/11/08 01:02:34 | 000,079,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/11/08 00:58:48 | 000,000,355 | -HS- | M] () -- C:\boot.ini
    [2010/11/07 16:22:15 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\SABnzbd.lnk
    [2010/11/07 13:40:41 | 005,087,696 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\CMS-User-manual-2689.pdf
    [2010/11/05 21:25:48 | 001,852,789 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\jnr68.jpg
    [2010/11/05 20:56:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
    [2010/11/05 20:51:32 | 000,001,261 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software .lnk
    [2010/11/05 20:45:33 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
    [2010/11/05 20:38:04 | 002,428,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/11/01 08:01:55 | 000,560,373 | ---- | M] () -- C:\Documents and Settings\Jon\Application Data\vso_ts_preview.xml
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/11/20 21:42:48 | 003,912,769 | R--- | C] () -- C:\Documents and Settings\Jon\Desktop\bombofix.exe
    [2010/11/20 17:04:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/11/20 16:32:51 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\rkill.exe
    [2010/11/20 16:17:14 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\MBRCheck.exe
    [2010/11/16 18:16:23 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\8eg49h95.exe
    [2010/11/16 18:14:42 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\HiJackThis.lnk
    [2010/11/16 09:05:16 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
    [2010/11/15 01:53:22 | 001,315,483 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\modecalc.zip
    [2010/11/13 15:24:20 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2010/11/12 23:02:53 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/11/10 20:21:55 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1715567821-725345543-1003.job
    [2010/11/08 22:34:20 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
    [2010/11/08 01:02:51 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Jon\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    [2010/11/07 13:40:28 | 005,087,696 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\CMS-User-manual-2689.pdf
    [2010/11/06 08:59:15 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Jon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/05 21:25:48 | 001,852,789 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\jnr68.jpg
    [2010/11/05 20:51:32 | 000,001,261 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software .lnk
    [2010/07/27 02:03:20 | 010,829,656 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
    [2010/07/27 02:03:18 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
    [2010/05/28 17:08:55 | 000,000,180 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2010/05/24 18:51:35 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\wltxcmsn.sys
    [2010/05/07 17:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
    [2010/05/07 17:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2010/03/28 02:20:16 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
    [2010/03/27 21:46:32 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\mulch200.ini
    [2010/02/18 22:19:59 | 001,051,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
    [2009/10/29 14:20:49 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Jon\Application Data\setup_ldm.iss
    [2009/06/16 20:59:59 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2009/05/18 21:35:19 | 000,000,014 | R--- | C] () -- C:\WINDOWS\msshellspool.ini
    [2009/05/18 21:29:37 | 000,000,087 | ---- | C] () -- C:\WINDOWS\mirage.ini
    [2009/02/17 23:06:42 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2009/02/02 09:09:45 | 000,000,326 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
    [2009/01/19 14:07:07 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\cmasiop.ini
    [2008/12/10 14:05:21 | 007,942,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
    [2008/12/01 18:30:44 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2008/11/06 10:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2008/11/06 10:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2008/10/07 13:33:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2008/10/07 13:33:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2008/10/07 13:33:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2008/10/07 13:33:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2008/10/07 13:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2008/08/28 15:10:15 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
    [2008/08/20 00:30:33 | 000,044,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\i1display.sys
    [2008/08/06 15:09:27 | 000,560,373 | ---- | C] () -- C:\Documents and Settings\Jon\Application Data\vso_ts_preview.xml
    [2008/07/28 17:51:13 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CMRMDRVP.dll
    [2008/07/28 17:51:13 | 000,000,729 | ---- | C] () -- C:\WINDOWS\Cmicnfgp.ini.cfl
    [2008/07/28 17:50:47 | 000,003,596 | ---- | C] () -- C:\WINDOWS\Cmicnfgp.ini.cfg
    [2008/07/28 17:50:45 | 000,002,001 | ---- | C] () -- C:\WINDOWS\cmudaxp.ini
    [2008/07/23 22:35:48 | 000,090,411 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2008/07/23 21:33:31 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2008/07/23 01:24:46 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2008/07/23 01:24:46 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2008/07/18 17:18:51 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
    [2008/07/09 18:15:16 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
    [2008/07/08 18:41:26 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2008/07/07 22:23:12 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/06/10 22:07:01 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Jon\Application Data\inst.exe
    [2008/06/10 22:07:01 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jon\Application Data\pcouffin.cat
    [2008/06/10 22:07:01 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jon\Application Data\pcouffin.inf
    [2008/06/10 22:07:01 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Jon\Application Data\pcouffin.log
    [2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
    [2008/05/14 05:51:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2008/04/29 02:06:47 | 006,533,120 | ---- | C] () -- C:\WINDOWS\System32\PSP VintageWarmer.dll
    [2008/04/29 02:06:47 | 002,568,192 | ---- | C] () -- C:\WINDOWS\System32\PSP VintageMeter.dll
    [2008/04/28 02:13:25 | 000,038,465 | ---- | C] () -- C:\Documents and Settings\Jon\Application Data\Comma Separated Values (Windows).ADR
    [2008/04/28 02:08:18 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
    [2008/04/24 22:54:48 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\Kernelh2.dll
    [2008/04/24 22:52:37 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\Kernelo2.dll
    [2008/04/24 22:26:40 | 000,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
    [2008/04/21 12:37:24 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
    [2008/04/21 01:05:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/04/21 00:43:44 | 000,002,489 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2008/04/20 12:11:02 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
    [2008/04/20 12:11:02 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
    [2008/04/20 11:50:15 | 000,040,446 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
    [2008/04/20 11:47:17 | 000,040,408 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2008/04/20 11:47:15 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
    [2008/04/20 11:47:06 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2008/04/19 20:17:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2007/03/12 13:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
    [2007/01/26 01:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
    [2007/01/26 01:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
    [2006/10/03 09:53:03 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\com.fxpansion.fxshared.dll
    [2006/09/18 13:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
    [2006/09/18 13:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
    [2004/08/22 16:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
    [2002/04/13 11:02:38 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\vttdrve.dll
    [1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

    ========== LOP Check ==========

    [2009/03/06 17:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
    [2008/07/17 05:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
    [2008/04/28 05:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Audio Ease
    [2009/07/27 19:00:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2008/08/07 20:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
    [2010/03/28 02:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
    [2010/09/02 23:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2008/12/17 12:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
    [2008/05/07 20:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ID3-TagIT 3
    [2009/02/25 04:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iZ3D Driver
    [2009/01/25 18:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
    [2009/01/30 12:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewsBin
    [2010/03/28 02:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
    [2010/03/27 22:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
    [2008/07/29 04:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
    [2008/07/29 04:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
    [2009/01/07 00:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
    [2009/01/06 21:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2010/03/16 16:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
    [2010/03/28 02:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
    [2008/07/29 04:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 12
    [2009/01/29 23:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
    [2010/05/24 18:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2008/08/06 21:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
    [2010/02/18 22:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WebcamMax
    [2009/03/13 11:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/03/31 20:25:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{261FD3E7-AC6C-4785-8405-DCF2100A3A46}
    [2010/03/29 22:09:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3510BFC0-AC05-49F2-8E73-7DA6EA777DE2}
    [2009/11/02 01:35:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
    [2010/03/31 20:20:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3EE98DDF-8EFF-4760-88EB-D666A839217F}
    [2010/04/02 15:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/03/31 22:49:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}
    [2009/09/09 22:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/09 20:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/03/31 20:19:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607}
    [2010/03/31 20:34:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A6CBE6A2-B738-440D-B19A-60D7C36810C7}
    [2010/03/31 20:23:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
    [2010/03/31 20:07:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
    [2010/04/03 13:04:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DFE2E7B1-6B2C-4104-9C65-82A52ECA8CB8}
    [2010/03/31 22:49:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F322C569-6416-428D-A2EA-A5D1C7073DE8}
    [2008/08/08 05:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\.SwarmPlayer
    [2008/08/08 05:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\.Tribler
    [2009/08/17 17:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Amazon
    [2008/04/28 05:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Audio Ease
    [2010/02/14 22:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Auslogics
    [2009/05/02 01:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\avidemux
    [2010/05/05 17:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Bump Technologies, Inc
    [2009/09/14 21:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Canon
    [2008/08/20 17:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\cmw
    [2009/01/06 22:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\dBpoweramp
    [2008/07/10 03:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\DVD Profiler
    [2010/02/15 03:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\E-centives
    [2009/01/27 15:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\ESET
    [2010/03/01 02:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Facebook
    [2010/11/16 09:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\FileZilla
    [2010/02/23 01:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\GetRightToGo
    [2010/09/01 23:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\GrabIt
    [2008/08/20 01:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\GretagMacbeth
    [2008/09/15 18:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\GriffinTechnology
    [2009/12/17 22:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\HandBrake
    [2010/02/25 01:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\I2P
    [2008/05/07 23:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\ID3-TagIT 3
    [2009/01/16 16:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\iPhoneRingToneMaker
    [2009/02/25 04:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\iZ3D Driver
    [2009/04/16 18:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\iZotope
    [2008/12/03 15:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Leadertech
    [2008/08/06 22:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\LEAPS
    [2008/08/29 00:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\LimeWire
    [2009/05/18 21:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\mirage
    [2009/05/14 00:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Moyea
    [2010/10/30 10:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\MPEG Streamclip
    [2008/04/24 22:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\NetMedia Providers
    [2010/07/29 21:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Notepad++
    [2008/08/07 00:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Pegasys Inc
    [2009/01/23 04:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Prism
    [2010/02/08 03:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Publish Providers
    [2010/06/08 22:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Scooter Software
    [2009/01/06 22:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Sony
    [2008/05/14 17:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Sony Setup
    [2008/04/28 06:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Steinberg
    [2010/03/27 23:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\SystemRequirementsLab
    [2009/11/30 23:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\TeraCopy
    [2008/12/03 02:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\TMP
    [2010/02/24 23:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\TVRename
    [2010/11/20 21:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\uTorrent
    [2010/03/28 00:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\VideoReDoPlus
    [2010/09/27 23:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\VirtualStore
    [2010/11/01 08:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Vso
    [2010/03/29 22:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Waves
    [2008/04/28 05:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Waves Audio
    [2010/03/29 22:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Waves Preferences
    [2009/01/23 04:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\WebApps
    [2010/02/18 22:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Webcammax

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/08/18 23:04:20 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2008/08/06 12:06:00 | 000,000,414 | ---- | M] () -- C:\AeDebug (Dr. Watson).reg
    [2008/04/20 10:57:25 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/11/08 00:58:48 | 000,000,355 | -HS- | M] () -- C:\boot.ini
    [2009/04/21 23:28:23 | 000,383,200 | RHS- | M] () -- C:\bootmgr
    [2008/08/06 12:22:24 | 000,214,736 | ---- | M] () -- C:\cc_20080806_132147.reg
    [2008/08/06 12:23:16 | 000,001,804 | ---- | M] () -- C:\cc_20080806_132301.reg
    [2008/08/06 12:23:29 | 000,000,194 | ---- | M] () -- C:\cc_20080806_132327.reg
    [2008/12/17 08:56:31 | 000,691,724 | ---- | M] () -- C:\cc_20081217_085609.reg
    [2010/02/10 19:56:39 | 000,077,156 | ---- | M] () -- C:\cc_20100210_195627.reg
    [2008/04/20 10:57:25 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2006/11/02 16:00:00 | 000,171,136 | RHS- | M] () -- C:\grldr
    [2008/04/20 10:57:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/08/15 06:13:33 | 000,016,799 | ---- | M] () -- C:\iphonecover.jpg
    [2008/08/15 05:56:08 | 000,064,577 | ---- | M] () -- C:\iPodCover.jpg
    [2010/05/18 22:26:09 | 000,011,045 | ---- | M] () -- C:\JavaRa.log
    [2009/05/29 21:20:26 | 000,090,112 | ---- | M] () -- C:\Mini052909-03.dmp
    [2008/04/20 10:57:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/12/10 14:00:04 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
    [2008/08/26 14:10:04 | 000,297,072 | RHS- | M] () -- C:\ntldr
    [2010/11/20 22:25:26 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [1998/01/22 17:12:22 | 000,029,824 | R--- | M] () -- C:\Readme.wri
    [2010/11/20 21:44:06 | 000,000,593 | ---- | M] () -- C:\rkill.log
    [2006/03/13 21:07:40 | 000,000,620 | ---- | M] () -- C:\SETUP.VBS
    [2009/05/02 00:40:22 | 000,017,827 | ---- | M] () -- C:\video.pass
    [2009/05/01 22:21:42 | 000,127,776 | ---- | M] () -- C:\video.stats
    [2008/08/27 02:32:33 | 000,000,747 | ---- | M] () -- C:\VST Plugins Installed.txt
    [2006/03/13 23:26:23 | 000,000,043 | ---- | M] () -- C:\WAP.BAT
    [2009/05/01 22:19:50 | 000,000,078 | ---- | M] () -- C:\xvid.pass

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2008/04/20 10:57:07 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/09/13 04:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD83.DLL
    [2006/09/13 04:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP83.DLL
    [2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2008/08/24 21:33:16 | 000,069,632 | ---- | M] (CD Art Display) -- C:\WINDOWS\cadSSaver.scr
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >
    [2008/04/08 11:34:02 | 000,000,174 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\The NeoSmart Files.url

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/04/19 20:12:45 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2008/04/19 20:12:45 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2008/04/19 20:12:45 | 000,933,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/12/10 14:08:24 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2008/04/20 11:27:07 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2008/04/20 11:27:06 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/16 18:16:25 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\8eg49h95.exe
    [2010/11/20 21:42:36 | 003,912,769 | R--- | M] () -- C:\Documents and Settings\Jon\Desktop\bombofix.exe
    [2010/11/16 18:55:25 | 041,896,896 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Documents and Settings\Jon\Desktop\Evernote_4.0.1.2927.exe
    [2010/02/01 23:59:35 | 003,439,104 | ---- | M] (Mouse Industries) -- C:\Documents and Settings\Jon\Desktop\iRinger.exe
    [2009/07/30 17:26:07 | 000,081,920 | ---- | M] (Kunaki) -- C:\Documents and Settings\Jon\Desktop\Kunaki_CD-DVD_Publishing_Service.exe
    [2010/11/20 16:17:15 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\MBRCheck.exe
    [2010/11/21 01:30:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon\Desktop\OTL.exe
    [2010/06/07 15:16:56 | 003,887,480 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Jon\Desktop\procexp.exe
    [2010/11/20 16:32:52 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\rkill.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2010/07/01 08:17:02 | 004,202,005 | ---- | M] () -- C:\Documents and Settings\Jon\My Documents\FileZilla_3.3.3_win32-setup.exe

    < %USERPROFILE%\*.exe >
    [2008/12/03 02:09:52 | 007,075,736 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Jon\iata86enu.exe

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/04/20 11:27:06 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Jon\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2009/03/06 04:04:01 | 000,000,822 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
    MyDefragScreenSaver v4.2.8.exe

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    File Renamer - Basic Uninstaller.exe

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2008/07/17 04:05:31 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Jon\Cookies\desktop.ini
    [2010/11/21 01:00:10 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Jon\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
    [2006/06/23 00:48:54 | 000,032,768 | R--- | M] (AsusTek Inc.) -- C:\WINDOWS\inf\UpdateUSB.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 18:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 11:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 18:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 12:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 12:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 12:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    "NoAutoRebootWithLoggedOnUsers" = 1
    "RebootRelaunchTimeoutEnabled" = 0

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:054B9966

    < End of report >
     
  8. gescom

    gescom TS Rookie Topic Starter Posts: 22

    Extras.txt

    OTL Extras logfile created on: 11/21/2010 1:38:02 AM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Jon\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 931.50 Gb Total Space | 273.11 Gb Free Space | 29.32% Space Free | Partition Type: NTFS
    Drive D: | 931.51 Gb Total Space | 855.64 Gb Free Space | 91.86% Space Free | Partition Type: NTFS
    Drive J: | 7.44 Gb Total Space | 0.77 Gb Free Space | 10.38% Space Free | Partition Type: FAT32
    Drive L: | 149.00 Gb Total Space | 148.99 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
    Drive M: | 233.76 Gb Total Space | 233.59 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
    Drive N: | 465.75 Gb Total Space | 344.79 Gb Free Space | 74.03% Space Free | Partition Type: NTFS
    Drive O: | 698.64 Gb Total Space | 518.12 Gb Free Space | 74.16% Space Free | Partition Type: NTFS
    Drive P: | 698.64 Gb Total Space | 235.26 Gb Free Space | 33.67% Space Free | Partition Type: NTFS
    Drive Q: | 1397.26 Gb Total Space | 1384.47 Gb Free Space | 99.08% Space Free | Partition Type: NTFS
    Drive R: | 1397.26 Gb Total Space | 1137.53 Gb Free Space | 81.41% Space Free | Partition Type: NTFS
    Drive S: | 1397.26 Gb Total Space | 1007.95 Gb Free Space | 72.14% Space Free | Partition Type: NTFS
    Drive T: | 1397.26 Gb Total Space | 586.57 Gb Free Space | 41.98% Space Free | Partition Type: NTFS
    Drive U: | 1397.26 Gb Total Space | 468.56 Gb Free Space | 33.53% Space Free | Partition Type: NTFS
    Drive V: | 1397.26 Gb Total Space | 58.53 Gb Free Space | 4.19% Space Free | Partition Type: NTFS
    Drive W: | 1397.26 Gb Total Space | 358.14 Gb Free Space | 25.63% Space Free | Partition Type: NTFS
    Drive X: | 1397.26 Gb Total Space | 458.93 Gb Free Space | 32.84% Space Free | Partition Type: NTFS

    Computer Name: JONSDESKTOP | User Name: Jon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [ID3-TagIT] -- "C:\Program Files\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" ( )
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
    "C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
    "C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
    "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
    "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
    "C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
    "C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
    "C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
    "C:\Program Files\Codemasters\GRID\GRID.exe" = C:\Program Files\Codemasters\GRID\GRID.exe:*:Enabled:GRID -- (Codemasters)
    "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
    "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
    "C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
    "C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
    "C:\Program Files\River Past\Audio Converter Pro\AudioConverter.exe" = C:\Program Files\River Past\Audio Converter Pro\AudioConverter.exe:*:Enabled:River Past Audio Converter Pro -- File not found
    "C:\Program Files\Steam\steam.exe" = C:\Program Files\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
    "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe" = C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo -- ()
    "C:\Program Files\Steam\steamapps\common\i-fluid\I-Fluid.exe" = C:\Program Files\Steam\steamapps\common\i-fluid\I-Fluid.exe:*:Enabled:I-Fluid -- ()
    "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe" = C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe:*:Enabled:Logitech -- (Logitech, Inc.)
    "C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe:*:Enabled:QuickBooks 2010 Data Manager -- (Intuit, Inc.)
    "C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe" = C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe:*:Enabled:Google Talk, Labs Edition -- (Google)
    "C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
    "C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
    "C:\SickBeard-win32-alpha-build458\SickBeard.exe" = C:\SickBeard-win32-alpha-build458\SickBeard.exe:*:Enabled:SickBeard -- File not found
    "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
    "C:\Program Files\AirVideoServer\AirVideoServer.exe" = C:\Program Files\AirVideoServer\AirVideoServer.exe:*:Enabled:Air Video Server -- ()
    "C:\Program Files\Steam\steamapps\common\left 4 dead\srcds.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\srcds.exe:*:Enabled:Left 4 Dead Dedicated Server -- ()
    "C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
    "C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\SickBeard-win32-alpha-build465.02\SickBeard.exe" = C:\SickBeard-win32-alpha-build465.02\SickBeard.exe:*:Enabled:SickBeard -- ()
    "C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
    "C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" = C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{009AC76E-1A66-4682-82B7-417E77F3C648}" = Superior Drummer Installer
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
    "{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
    "{0700E22B-A425-40A5-BD20-04BF618CA0F9}" = QuickBooks Premier: Retail Edition 2010
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
    "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0E6ED660-498C-42F7-9EF4-FB0C96DFC01A}" = Snagit 9.1
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1CD0C3C5-809D-4CFC-904A-1B67C6243637}" = Debugging Tools for Windows (x86)
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F8D186D-8C5C-4589-BC28-1A8964CA74A6}" = Spectro
    "{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis*Disk Director Suite
    "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{2956585F-DB2F-45C2-9363-F8CB0BB4F2A7}" = Sony ACID Pro 6.0
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2B5A75F0-FD85-4094-AB00-94902398D192}" = Sony Media Manager 2.2
    "{2CC4BC82-41CF-43D3-B533-7283AA8BB86F}" = EZXPercussion
    "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{371B17C3-9624-4583-A497-DF980313D851}" = Native Instruments Absynth 5
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{38EE230F-F631-451F-8800-E29F5E5C9E7D}" = iTunes Library Updater
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
    "{3A30DFDF-238C-4DE4-B8D8-D764AF468AA5}" = KORG USB-MIDI Driver Tools for Windows
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{430399DC-98BC-4A7F-8F8E-77981CABAE05}" = EZXVintage
    "{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
    "{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{49DB3527-121C-4E11-83FA-1016BECFA2DA}_is1" = "Film" template for ConvertXToDVD 3
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AEA9A23-D627-4699-8A0F-FC474308C2E6}" = Sony Sound Forge 9.0
    "{4C8169AB-B6C1-413B-81B6-73B77127D82F}" = Microsoft File Transfer Manager
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
    "{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
    "{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{5DE1B7CF-7429-40CA-987F-6BEE09B63787}" = Prime95
    "{60BB45B2-E8E4-41C5-B69F-C6DC5D991DF5}" = Native Instruments Abbey Road 60s Drums
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
    "{6600970A-BAE7-412A-BFFC-91AD793B3A41}" = ASUS WiFi-AP @n
    "{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
    "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
    "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
    "{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
    "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{71702641-2849-45A4-8E62-4B85974B24A0}_is1" = BumpTop
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{7546C4F7-5E12-4E46-BF59-323924C2456B}_is1" = "Champetre" template for ConvertXToDVD 3
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
    "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{8094F7AE-CA21-4AF2-A256-BC918CE0E796}" = EZXClaustrophobic
    "{81CB77FF-9789-4337-A46E-185F7876AC40}" = Adobe Photoshop Lightroom 2.6
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{82DF9225-13EC-41BD-BE31-AAB121B38166}" = EZXNashville
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
    "{876D2C17-263E-43FD-A7E2-34428E82F239}" = Google Talk, Labs Edition
    "{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
    "{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E0E1270-9638-4DD9-B5C7-9F0887C2135F}" = Sony CD Architect 5.2
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
    "{96965E6C-41DB-4E0A-BC65-D92381D51D2A}" = Sony Vegas 7.0d
    "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
    "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
    "{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
    "{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
    "{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
    "{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}" = Sony Vegas Pro 8.0
    "{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
    "{B944FA21-81AF-4A77-8328-CE4F4CC51033}" = Nero 8
    "{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
    "{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
    "{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
    "{C81B363C-3918-4D53-8B90-EBABA515928E}" = ASUS WiFi-AP @n
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}" = MIDI Yoke
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE378F36-E404-4244-A33F-F50A2A6D31BD}" = Microsoft Color Control Panel Applet for Windows XP
    "{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
    "{D1EBF11E-8CE3-4EF5-8E2D-FD5B8D6BD294}" = EZXTwisted
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{D799CA10-F7D5-46FF-97D7-06195C9EDA70}" = BBE Sonic Maximizer 2.0 Full
    "{D799CC16-F3B5-468D-AC67-6F77AAA98173}" = Native Instruments Komplete 6
    "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
    "{D8C6F2D1-96C2-4C4A-83A0-4492E7A48491}" = Audiochecker
    "{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
    "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
    "{DB941B05-96AB-4AC9-B4CE-B428B9E049F3}" = Sony Preset Manager 2.0
    "{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
    "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
    "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
    "{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
    "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
    "{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
    "{F7FD5E5E-3F0C-4931-AA1B-EAB838BC02DB}" = ACID Pro 7.0
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
    "{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "181B29655BDD6EA3FC483A7E4D1C2ED7735873F0" = Windows Driver Package - Apple Inc. Apple Keyboard (08/30/2007 2.0.1.4)
    "Adobe Acrobat 8 Professional" = Adobe Acrobat 8.2.5 Professional
    "Adobe Acrobat 8 Professional_825" = Adobe Acrobat 8.2.5 - CPSID_83708
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
    "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
    "Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "Air Video Server" = Air Video Server 2.4.2
    "Album List" = Album List for Winamp v2.05 (remove only)
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
    "Antares AVOX Bundle VST RTAS_is1" = Antares AVOX Bundle VST RTAS v1.1.3
    "Antares Harmony Engine VST RTAS_is1" = Antares Harmony Engine VST RTAS v1.0
    "Antares Microphone Modeler 1.31 DirectX" = Antares Microphone Modeler 1.31 DirectX
    "ASIO4ALL" = ASIO4ALL
    "Atmosphere_is1" = Atmosphere
    "AudioEase Altiverb 5.4.6" = AudioEase Altiverb 5.4.6
    "AudioMulch Interactive Music Studio_is1" = AudioMulch Interactive Music Studio 2.0.2
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "BeyondCompare3_is1" = Beyond Compare Version 3.1.3
    "BFD" = BFD
    "Canon RAW Codec" = Canon RAW Codec
    "CCleaner" = CCleaner
    "CD - DVD Publishing Service" = CD - DVD Publishing Service
    "CD Art Display_is1" = CD Art Display 2.0
    "cfhd" = CineForm HD CODEC
    "C-Media Oxygen HD Sound" = HT OMEGA CLARO
    "Collab" = Collab
    "Cuttermusic Revitar v2.0" = Cuttermusic Revitar v2.0
    "db audioware Sidechain Compressor VST v1.1.0" = db audioware Sidechain Compressor VST v1.1.0
    "dBpoweramp AAC Encoder" = dBpoweramp AAC Encoder
    "dBpoweramp DirectShow Decoder" = dBpoweramp DirectShow Decoder
    "dBpoweramp DSP Effects" = dBpoweramp DSP Effects
    "dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
    "dBpoweramp m4a Codec" = dBpoweramp m4a Codec
    "dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
    "dBpoweramp Musepack Codec" = dBpoweramp Musepack Codec
    "dBpoweramp Music Converter" = dBpoweramp Music Converter
    "dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
    "dBpoweramp Shorten Codec" = dBpoweramp Shorten Codec
    "dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec
    "dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
    "dBpowerAMP Windows Media Audio 9 Codec" = dBpowerAMP Windows Media Audio 9 Codec
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
    "Drumagog 44.09" = Drumagog 4
    "DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.7.5
    "East West Colossus" = East West Colossus
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EVEREST Ultimate + Corporate Edition_is1" = EVEREST Ultimate v4.20.1257 + Corporate Edition Beta Registered
    "Exact Audio Copy" = Exact Audio Copy 0.99pb5
    "ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
    "File Renamer - Basic" = File Renamer - Basic
    "FileZilla Client" = FileZilla Client 3.3.4.1
    "FL Studio 8" = FL Studio 8
    "Free Video Dub_is1" = Free Video Dub version 1.4
    "GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
    "HandBrake" = Handbrake 0.9.4
    "Har-Bal v2.0" = Har-Bal v2.0
    "ID3-TagIT 3_is1" = ID3-TagIT 3
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "IL Download Manager" = IL Download Manager
    "InFlac" = InFlac 1.1.1
    "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
    "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
    "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "InvelosDVDProfiler_is1" = DVD Profiler Version 3.1.1
    "iZotope Ozone 3.07" = iZotope Ozone 3.07
    "iZotope Ozone 4_is1" = iZotope Ozone 4
    "iZotope Spectron v1.0.6" = iZotope Spectron v1.0.6
    "iZotope Trash 1.06" = iZotope Trash 1.06
    "iZotope Vinyl 1.6_is1" = iZotope Vinyl 1.6
    "LastFM_is1" = Last.fm 1.5.4.27091
    "LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
    "Linksys EasyLink Advisor" = Linksys EasyLink Advisor
    "Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
    "Logitech Vid" = Logitech Vid HD
    "LogMeIn Hamachi" = LogMeIn Hamachi
    "lvdrivers_12.10" = Logitech Webcam Software Driver Package
    "Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Marvell Miniport Driver" = Marvell Miniport Driver
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "mIRC" = mIRC
    "MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
    "Monitor Calibration Wizard" = Monitor Calibration Wizard 1.0
    "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "M-Tron" = M-Tron
    "MyDefrag v4.2.7_is1" = MyDefrag v4.2.7
    "MyDefrag v4.2.8_is1" = MyDefrag v4.2.8
    "N.I Pro-53 v3.0-OxYGeN" = N.I Pro-53 v3.0-OxYGeN
    "Native Instruments Abbey Road 60s Drums" = Native Instruments Abbey Road 60s Drums
    "Native Instruments Absynth 5" = Native Instruments Absynth 5
    "Native Instruments B4 v1.1.5" = Native Instruments B4 v1.1.5
    "Native Instruments Battery 3" = Native Instruments Battery 3
    "Native Instruments ElektrikPiano" = Native Instruments ElektrikPiano (remove only)
    "Native Instruments FM8" = Native Instruments FM8
    "Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
    "Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
    "Native Instruments Guitar Rig v1.2" = Native Instruments Guitar Rig v1.2
    "Native Instruments Komplete 6" = Native Instruments Komplete 6
    "Native Instruments Kontakt 4" = Native Instruments Kontakt 4
    "Native Instruments Kontakt v1.5.3 Incl Keygen" = Native Instruments Kontakt v1.5.3 Incl Keygen
    "Native Instruments Massive" = Native Instruments Massive
    "Native Instruments Reaktor 5" = Native Instruments Reaktor 5
    "Native Instruments Reaktor v4.1.3.005" = Native Instruments Reaktor v4.1.3.005
    "Native Instruments Service Center" = Native Instruments Service Center
    "Native Instruments Spektral Delay v1.57" = Native Instruments Spektral Delay v1.57
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Noise Ninja (Standalone Version)_is1" = Noise Ninja 2 (Standalone Version)
    "Notepad++" = Notepad++
    "NVIDIA Drivers" = NVIDIA Drivers
    "OpenAL" = OpenAL
    "Picasa 3" = Picasa 3
    "PoiZone" = PoiZone
    "PreSonus 1394 Audio Driver v2.46 (FirePod) Setup" = PreSonus 1394 Audio Driver v2.46 (FirePod)
    "PSP 84 v1.0" = PSP 84 v1.0
    "PSP VintageWarmer1.6.5" = PSP VintageWarmer 1.6.5
    "QuickPar" = QuickPar 0.9
    "RealPlayer 12.0" = RealPlayer
    "Revo Uninstaller" = Revo Uninstaller 1.89
    "RivaTuner" = RivaTuner v2.09
    "SABnzbd" = SABnzbd (remove only)
    "Sauerbraten" = Sauerbraten
    "SFTENCDD" = Sonic Foundry Soft Encode 1.0 - Dolby Digital 5.1
    "ShellExView" = ShellExView
    "Soulseek2" = SoulSeek 157 NS 13
    "Spyware Doctor" = Spyware Doctor 6.0
    "Steam App 10180" = Call of Duty: Modern Warfare 2
    "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
    "Steam App 1250" = Killing Floor
    "Steam App 22000" = World of Goo
    "Steam App 22220" = Zeno Clash Demo
    "Steam App 23200" = I-Fluid
    "Steam App 310" = Team Fortress 2 Dedicated Server
    "Steam App 440" = Team Fortress 2
    "Steam App 500" = Left 4 Dead
    "Steam App 510" = Left 4 Dead Dedicated Server
    "Steam App 564" = Left 4 Dead 2 Add-on Support
    "Steinberg Magneto VST v1.5" = Steinberg Magneto VST v1.5
    "Steinberg The Grand 2" = Steinberg The Grand 2
    "Steinberg The Grand 2 v2.0.0.1152" = Steinberg The Grand 2 v2.0.0.1152
    "Steinberg VoiceMachine v1.0" = Steinberg VoiceMachine v1.0
    "SyncBack_is1" = SyncBack
    "SyncroSoft Emu" = SyncroSoft Emu (Remove only)
    "Syncrosoft's License Control" = Syncrosoft's License Control
    "Tag&Rename_is1" = Tag&Rename 3.5
    "TeraCopy_is1" = TeraCopy 2.07 beta
    "The Grand" = Steinberg The Grand
    "The KMPlayer" = The KMPlayer (remove only)
    "Toxic Biohazard" = Toxic Biohazard
    "Trilogy_is1" = Trilogy
    "TVRename" = TV Rename
    "Tweak UI 2.10" = Tweak UI
    "Uninstall_is1" = Uninstall 1.0.0.1
    "VASST Ultimate S3" = VASST Ultimate S3 3.0.3
    "VLC media player" = VLC media player 1.0.1
    "Waves Mercury Complete VST DX RTAS_is1" = Waves Mercury Complete VST DX RTAS v1.01
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WebcamMax" = WebcamMax
    "WIC" = Windows Imaging Component
    "Winamp" = Winamp
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR" = WinRAR
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "XYplorer" = XYplorer 7.10

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In
    "FileBot" = FileBot
    "Google Chrome" = Google Chrome
    "uTorrent" = µTorrent
    "Winamp Detect" = Winamp Detector Plug-in
    "WinDirStat" = WinDirStat 1.1.2

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  9. Broni

    Broni Malware Annihilator Posts: 47,171   +264

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
      O4 - HKLM..\Run: [] File not found
      O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - Reg Error: Key error. File not found
      [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
      [2010/11/08 01:02:51 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Jon\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
      @Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
      @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
      @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
      @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:054B9966
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\Program Files\Grisoft\AVG7\avginet.exe" =-
      "C:\Program Files\Grisoft\AVG7\avgamsvr.exe" =-
      "C:\Program Files\Grisoft\AVG7\avgcc.exe" =-
      
      :Files
      C:\Program Files\AVG
      C:\Program Files\Grisoft
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    Now, try to run Combofix again.
     
  10. gescom

    gescom TS Rookie Topic Starter Posts: 22

    Ran the OTL fix, then I was able to run Combofix.


    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}\ not found.
    C:\WINDOWS\003309_.tmp deleted successfully.
    C:\WINDOWS\DXT5F68.tmp deleted successfully.
    C:\WINDOWS\DXT5F69.tmp deleted successfully.
    C:\WINDOWS\DXT5F6A.tmp deleted successfully.
    C:\Documents and Settings\All Users\Application Data\xmlC4B.tmp deleted successfully.
    C:\Documents and Settings\All Users\Application Data\xmlC4D.tmp deleted successfully.
    C:\Documents and Settings\All Users\Application Data\xmlC4E.tmp deleted successfully.
    File C:\Documents and Settings\Jon\Start Menu\Programs\Startup\Logitech . Product Registration.lnk not found.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:054B9966 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List not found.
    ========== FILES ==========
    C:\Program Files\AVG\AVG8\Firefox\Components folder moved successfully.
    C:\Program Files\AVG\AVG8\Firefox\Chrome folder moved successfully.
    C:\Program Files\AVG\AVG8\Firefox folder moved successfully.
    C:\Program Files\AVG\AVG8 folder moved successfully.
    C:\Program Files\AVG folder moved successfully.
    C:\Program Files\Grisoft\AVG7 folder moved successfully.
    C:\Program Files\Grisoft folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 391903 bytes
    ->Temporary Internet Files folder emptied: 42461159 bytes
    ->FireFox cache emptied: 3438345 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Jon
    ->Temp folder emptied: 1951032379 bytes
    ->Temporary Internet Files folder emptied: 21852954 bytes
    ->Java cache emptied: 128108 bytes
    ->FireFox cache emptied: 70097688 bytes
    ->Google Chrome cache emptied: 211754276 bytes
    ->Flash cache emptied: 3787437 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 65670 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 22749781 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13470044 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 41419469750 bytes

    Total Files Cleaned = 41,734.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: Jon
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11242010_100449

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  11. gescom

    gescom TS Rookie Topic Starter Posts: 22

    ComboFix 10-11-23.05 - Jon 11/24/2010 10:29:42.1.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2464 [GMT -6:00]
    Running from: c:\documents and settings\Jon\Desktop\Combofix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Jon\Application Data\inst.exe
    c:\program files\File Renamer\RICHtx32.ocx
    c:\windows\daemon.dll
    c:\windows\system32\PCLECoInst.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Service_NPF


    ((((((((((((((((((((((((( Files Created from 2010-10-24 to 2010-11-24 )))))))))))))))))))))))))))))))
    .

    2010-11-13 06:05 . 2010-11-24 09:02 -------- d-----w- C:\SickBeard-win32-alpha-build465.02
    2010-11-13 05:01 . 2010-11-13 05:01 -------- d-----w- c:\program files\iPod
    2010-11-13 04:57 . 2010-11-13 04:57 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
    2010-11-06 02:57 . 2010-11-06 02:57 53248 ----a-r- c:\documents and settings\Jon\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2010-11-06 02:54 . 2010-11-24 16:40 -------- d-----w- c:\windows\system32\logishrd
    2010-11-06 02:53 . 2010-11-06 02:53 -------- d-----w- c:\program files\Common Files\LWS
    2010-10-30 17:15 . 2010-10-30 17:17 -------- d-----w- c:\program files\Free Video Joiner
    2010-10-30 16:26 . 2010-10-30 16:26 -------- d-----w- c:\documents and settings\Jon\Application Data\MPEG Streamclip
    2010-10-29 00:28 . 2010-09-23 19:42 95672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-28 21:44 . 2009-03-13 17:01 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2010-09-28 21:44 . 2008-04-21 07:30 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2010-09-18 17:23 . 2004-08-04 00:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-04 00:56 974848 ------w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2001-08-23 20:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2001-08-23 20:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58 . 2004-08-04 00:56 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2004-08-04 00:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-10 05:58 . 2004-08-04 00:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 16:17 . 2010-09-08 16:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 16:17 . 2010-09-08 16:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-01 11:51 . 2004-08-04 00:56 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2004-08-03 23:17 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2004-08-04 00:56 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2004-08-04 00:56 99840 ----a-w- c:\windows\system32\srvsvc.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
    "PowerMate"="c:\program files\Griffin Technology\PowerMate\PowerMate.exe" [2007-12-07 385024]
    "Steam"="c:\program files\steam\steam.exe" [2010-11-24 1242448]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
    "MCW Startup"="c:\program files\Monitor Calibration Wizard\MCW.exe" [2002-12-20 321024]
    "Google Update"="c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-22 133104]
    "AirVideoServer"="c:\program files\AirVideoServer\AirVideoServer.exe" [2010-09-14 4922760]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 2707456]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-09-23 624056]
    "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 385024]
    "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
    "OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 1261475]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
    "nwiz"="nwiz.exe" [2009-02-09 1657376]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
    "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-11-26 1087752]
    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-09 202256]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]

    c:\documents and settings\Jon\Start Menu\Programs\Startup\
    Google Talk, Labs Edition.lnk - c:\documents and settings\Jon\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe [2008-6-24 94704]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    FirePod Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FirePod\FirePod.exe [2008-7-16 1126400]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-14 805392]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-12-16 1153824]
    Shortcut to googletalkplugin.exe.lnk - c:\documents and settings\Jon\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe [2010-9-21 83440]
    Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2008-11-6 7217480]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-10-29 20:11 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
    backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASUS WiFi-AP @n Utility.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ASUS WiFi-AP @n Utility.lnk
    backup=c:\windows\pss\ASUS WiFi-AP @n Utility.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Jon^Start Menu^Programs^Startup^iPhoneRingToneMaker.lnk]
    path=c:\documents and settings\Jon\Start Menu\Programs\Startup\iPhoneRingToneMaker.lnk
    backup=c:\windows\pss\iPhoneRingToneMaker.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ekrn"=2 (0x2)
    "EhttpSrv"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
    "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\Program Files\\SoulseekNS\\slsk.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
    "c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
    "c:\\Program Files\\Steam\\steam.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Documents and Settings\\Jon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
    "c:\\Documents and Settings\\Jon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\i-fluid\\I-Fluid.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "c:\\Program Files\\Logitech Touch Mouse Server\\iTouch-Server-Win.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
    "c:\\Documents and Settings\\Jon\\Local Settings\\Application Data\\Google\\Google Talk, Labs Edition\\GoogleTalkLabsEdition.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\AirVideoServer\\AirVideoServer.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\srcds.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
    "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\SickBeard-win32-alpha-build465.02\\SickBeard.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [4/24/2008 11:05 PM 155136]
    R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [4/24/2008 11:05 PM 5248]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3/23/2009 1:07 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 1:07 PM 66632]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/16/2010 6:15 PM 135336]
    R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2/18/2010 10:19 PM 1051136]
    R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [3/30/2010 10:16 AM 1107336]
    R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
    R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 1:43 PM 204800]
    R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [8/20/2008 12:30 AM 14416]
    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [4/28/2008 5:51 AM 33792]
    R3 cmudaxp;HTO CLARO Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [7/28/2008 5:50 PM 2020160]
    R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [4/22/2008 2:29 AM 17920]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [7/9/2008 6:15 PM 33792]
    S2 gupdate1c97ff19596ef34;Google Update Service (gupdate1c97ff19596ef34);c:\program files\Google\Update\GoogleUpdate.exe [1/26/2009 2:06 PM 133104]
    S2 KeyAgent;KeyAgent;\??\c:\windows\system32\drivers\KeyAgent.sys --> c:\windows\system32\drivers\KeyAgent.sys [?]
    S2 MacHALDriver;Mac HAL;\??\c:\windows\system32\drivers\MacHALDriver.sys --> c:\windows\system32\drivers\MacHALDriver.sys [?]
    S3 i1display;i1 Display;c:\windows\system32\drivers\i1display.sys [8/20/2008 12:30 AM 44344]
    S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [8/21/2009 2:24 AM 6144]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [12/10/2008 2:05 PM 98488]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 1:07 PM 12872]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/18/2008 8:23 PM 356920]
    S3 WinRing0_1_1_1;WinRing0_1_1_1;\??\c:\documents and settings\Jon\Desktop\RealTemp_2.70\WinRing0.sys --> c:\documents and settings\Jon\Desktop\RealTemp_2.70\WinRing0.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 17:34]

    2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-01-26 20:06]

    2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-01-26 20:06]

    2010-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1715567821-725345543-1003Core.job
    - c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 02:17]

    2010-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1715567821-725345543-1003UA.job
    - c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 02:17]

    2010-11-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1715567821-725345543-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

    2010-11-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1715567821-725345543-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

    2010-11-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1715567821-725345543-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

    2010-11-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1715567821-725345543-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
    FF - ProfilePath - c:\documents and settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\
    FF - prefs.js: browser.search.selectedEngine - MSN Encarta - Dictionary
    FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
    FF - component: c:\documents and settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\Jon\Application Data\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\Jon\Application Data\Mozilla\Firefox\Profiles\sgnfpp4t.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
    FF - plugin: c:\documents and settings\Jon\Application Data\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\Jon\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol400.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\Picasa3\npPicasa3.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    HKCU-Run-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
    HKCU-Run-Bandwidth Vista 2 - c:\program files\Bandwidth Vista\Bandwidth Vista 2\bandwidthvista2.exe
    HKLM-Run-USB2Check - c:\windows\system32\PCLECoInst.dll
    HKLM-Run-Cmaudio8788 - cmicnfgp.cpl
    Notify-AtiExtEvent - (no file)
    MSConfigStartUp-BDRegion - c:\program files\Cyberlink\Shared Files\brs.exe
    MSConfigStartUp-CPU Power Monitor - c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
    MSConfigStartUp-egui - c:\program files\ESET\ESET Smart Security\egui.exe
    MSConfigStartUp-PDVD8LanguageShortcut - c:\program files\CyberLink\PowerDVD8\Language\Language.exe
    MSConfigStartUp-RemoteControl8 - c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
    AddRemove-ffdshow_is1 - c:\program files\Combined Community Codec Pack\Filters\FFDShow\unins000.exe
    AddRemove-PreSonus 1394 Audio Driver v2.46 (FirePod) Setup - c:\program files\PreSonus\1394AudioDriver_FirePod\uninst.exe Software\PreSonus\1394AudioDriver_FirePod\Setup



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-24 10:42
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    AirVideoServer = c:\program files\AirVideoServer\AirVideoServer.exe?

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
    @Denied: (3) (LocalSystem)
    "AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET Smart Security\\"
    "DataDir"="ESET\\ESET Smart Security\\"
    "EditionName"="Student Edition"
    "InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
    "LanguageId"=dword:00000409
    "ProductBase"=dword:00000001
    "ProductCode"="{4CEBE5E6-D1FD-4BDF-8C9C-29A9A3CC2B7C}"
    "ProductName"="ESET Smart Security"
    "ProductType"="ess"
    "ProductVersion"="3.0.684.0"
    "UniqueId"="001685CE497F7C11"
    "ScannerBuild"=dword:00000ed0
    "ScannerVersionId"=dword:00000de1
    "ScannerVersion"=""
    "FixId"=dword:00000007
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1232)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll

    - - - - - - - > 'explorer.exe'(1104)
    c:\windows\system32\WININET.dll
    c:\windows\system32\logishrd\LVPrcInj01.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\libusbd-nt.exe
    c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    c:\windows\system32\java.exe
    c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\system32\RunDll32.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
    c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    c:\program files\TechSmith\Snagit 9\TSCHelp.exe
    c:\program files\TechSmith\Snagit 9\SnagPriv.exe
    c:\program files\TechSmith\Snagit 9\snagiteditor.exe
    c:\program files\TechSmith\Snagit 9\TSCHelp.exe
    .
    **************************************************************************
    .
    Completion time: 2010-11-24 10:49:56 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-11-24 16:49

    Pre-Run: 295,513,767,936 bytes free
    Post-Run: 346,964,676,608 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    ;
    ;Warning: Boot.ini is used on Windows XP and earlier operating systems.
    ;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
    ;
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT

    - - End Of File - - 91A46567CAF4C5D160D8640A650A9F27
     
     
  12. gescom

    gescom TS Rookie Topic Starter Posts: 22

    I noticed upon startup that I got a 'not found' error regarding the PCLECoInst.dll file that apparently Combofix deleted(?).
     
  13. Broni

    Broni Malware Annihilator Posts: 47,171   +264

    It looks like Combofix made a mistake. That file is a part of Pinnacle Studio.
    Let's reinstate it...

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    DEQUARANTINE::
    C:\Qoobox\Quarantine\c\windows\system32\PCLECoInst.dll.vir
    
    QUIT::
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt

    =====================================================================

    How is computer doing?

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  14. Broni

    Broni Malware Annihilator Posts: 47,171   +264

    Are you still out there?
     
  15. gescom

    gescom TS Rookie Topic Starter Posts: 22

    Sorry for the delayed response! I've been preoccupied with holidays plans. I ran the scans you said. Security Check's log is below. TFC went fine and ESET came back clean.

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    Sony Preset Manager 2.0
    Antivirus out of date! (On Access scanning disabled!)
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    Malwarebytes' Anti-Malware
    CCleaner
    DH Driver Cleaner Professional Edition
    Java(TM) 6 Update 20
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 8.2.5
    Chinese Simplified Fonts Support For Adobe Reader 8
    Japanese Fonts Support For Adobe Reader 8
    Mozilla Firefox (3.6.8)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Ad-Aware AAWService.exe
    Ad-Aware AAWTray.exe is disabled!
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  16. Broni

    Broni Malware Annihilator Posts: 47,171   +264

    Why is your Avira listed as outdated?

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ========================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  17. Broni

    Broni Malware Annihilator Posts: 47,171   +264

    The issue seems to be resolved.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.