TechSpot

Help me please? My desktop has virus Win32:Bamital-AQ

By JBEEZY
Apr 19, 2011
  1. Hi everybody.

    I'm new here so I apologise if I come across like a lost sheep.

    Last night my computer started showing all these adverts for Win 7 removal tool and that I had to purchase it in order to get my system back up and running.

    I googled and found out it was a virus but now when Avast runs a boot scan it says I have been infected with another virus called Win32:Bamital-AQ?

    Can someone help me please as I am clueless as to where to go,what to do and if I can save my files on my PC? Don't mean to sound desperate but I am....Thanks
     
  2. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. JBEEZY

    JBEEZY TS Rookie Topic Starter Posts: 67

    Thank you for your help.

    I just wanna apologize before hand,I am completely hopeless when it comes to computer talk/programs/jargon etc so please bare with me as I appreciate your help!

    I am on the household laptop but my PC is the one with the infection so I will follow your instructions and hopefully we get there.

    Thanks
     
  4. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    No problem.
    Take your time :)
     
  5. JBEEZY

    JBEEZY TS Rookie Topic Starter Posts: 67

    Do I do all these steps in Safe Mode or Normal?
     
  6. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Normal mode.
     
  7. JBEEZY

    JBEEZY TS Rookie Topic Starter Posts: 67

    Another question..Sorry if I'm sounding dumb,but how do I post up the scan results here from my infected computer without this one becoming infected?
     
  8. JBEEZY

    JBEEZY TS Rookie Topic Starter Posts: 67

    Okay so I followed the steps....This is the Malware Log Report

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6402

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    20/04/2011 6:32:39 p.m.
    mbam-log-2011-04-20 (18-32-39).txt

    Scan type: Quick scan
    Objects scanned: 206152
    Time elapsed: 3 minute(s), 35 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 9
    Registry Values Infected: 1
    Registry Data Items Infected: 4
    Folders Infected: 0
    Files Infected: 8

    Memory Processes Infected:
    c:\Users\RaeJae\AppData\Local\exe.exe (Trojan.FakeAlert) -> 3168 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{03E02289-B9F4-4BB4-B93B-5332A1A1B908} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03E02289-B9F4-4BB4-B93B-5332A1A1B908} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{03E02289-B9F4-4BB4-B93B-5332A1A1B908} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\0ESKOMO9JO (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\RaeJae\AppData\Local\exe.exe" -a "C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\RaeJae\AppData\Local\exe.exe" -a "C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\RaeJae\AppData\Local\exe.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Users\RaeJae\AppData\Local\exe.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\RaeJae\AppData\Local\exe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Users\RaeJae\local settings\application data\exe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Users\RaeJae\local settings\application data\lcp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Users\Public\documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Users\Public\documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{8c3fdd81-7ae0-4605-a46a-2488b179f2a3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
     
  9. JBEEZY

    JBEEZY TS Rookie Topic Starter Posts: 67

    Not sure if this is what it's supposed to look like but this is the GMER Log Report.

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit quick scan 2011-04-20 20:32:49
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502IJ rev.1AA01117
    Running: 1gdrr692.exe; Driver: C:\Users\RaeJae\AppData\Local\Temp\kxdiqpow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  10. JBEEZY

    JBEEZY TS Rookie Topic Starter Posts: 67

    This is the DDR Log Report.

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by RaeJae at 20:35:59.43 on Wed 20/04/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.64.1033.18.2037.1122 [GMT 12:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\NMSAccessU.exe
    C:\Program Files\M-Audio\Oxygen\AudioDevMon.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Freecorder\FLVSrvc.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Windows Live\Family Safety\fsui.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\System32\M-AudioTaskBarIcon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\AnVir Task Manager Free\AnVir.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
    C:\Program Files\NetComm\Common\RaUI.exe
    C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
    c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Hewlett-Packard\KBD\kbd.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\RaeJae\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=93&bd=Presario&pf=cndt
    uSearch Page =
    uStart Page = hxxp://www.google.co.nz/
    uSearch Bar =
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=93&bd=Presario&pf=cndt
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=93&bd=Presario&pf=cndt
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
    uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
    BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
    BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
    BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
    TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
    TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - No File
    uRun: [AnVir Task Manager Free] "c:\program files\anvir task manager free\AnVir.exe" Minimized
    uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [Google Update] "c:\users\raejae\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpsysdrv] c:\program files\hewlett-packard\hp odometer\hpsysdrv.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
    mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
    mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
    mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
    mRun: [KBD] c:\program files\hewlett-packard\kbd\KbdStub.EXE
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
    mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
    mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netcom~1.lnk - c:\program files\netcomm\common\RaUI.exe
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files\dap\dapextie.htm
    IE: &Envoyer à OneNote - /105
    IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-nz.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\raejae\appdata\roaming\mozilla\firefox\profiles\5w8gsb98.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.nz/
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
    FF - component: c:\program files\search settings\ff\components\SearchSettingsFF.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\users\raejae\appdata\roaming\mozilla\firefox\profiles\5w8gsb98.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
    FF - component: c:\users\raejae\appdata\roaming\mozilla\firefox\profiles\5w8gsb98.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\users\raejae\appdata\roaming\mozilla\firefox\profiles\5w8gsb98.default\extensions\{eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c58}\components\sehLibGlue_stub.dll
    FF - component: c:\users\raejae\appdata\roaming\mozilla\firefox\profiles\5w8gsb98.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
    FF - component: c:\users\raejae\appdata\roaming\mozilla\firefox\profiles\5w8gsb98.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nprjplug.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\raejae\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\users\raejae\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\raejae\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2009-12-16 375296]
    R2 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-28 39272]
    R2 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
    R2 OxygenAudioDevMon;Oxygen Audio Device Monitor;c:\program files\m-audio\oxygen\AudioDevMon.exe [2010-3-4 1632776]
    R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [2007-3-29 21984]
    R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\drivers\MAudioFastTrackPro.sys [2009-11-9 158600]
    R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2011-3-23 724992]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-5 1153368]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
    S3 OXYGEN;Service for M-Audio Oxygen;c:\windows\system32\drivers\MAudioOxygen.sys [2010-3-4 112136]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-2 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-04-20 06:23:45 -------- d-----w- c:\users\raejae\appdata\roaming\Malwarebytes
    2011-04-20 06:23:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-20 06:23:27 -------- d-----w- c:\progra~2\Malwarebytes
    2011-04-20 06:23:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-20 06:23:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-20 01:39:20 -------- d-----w- c:\users\raejae\appdata\local\{4C8437FA-9B99-4CBF-A3F1-FA613C1C825C}
    2011-04-19 06:45:46 159080 ----a-w- c:\progra~2\microsoft\windows\sqm\manifest\Sqm10138.bin
    2011-04-19 05:03:50 -------- d-----w- c:\users\raejae\appdata\local\{609E11D7-485F-4B01-99E0-4ABBDE0E8B2A}
    2011-04-19 04:40:17 -------- d-----w- c:\users\raejae\appdata\local\{C2E022B5-C93F-4EF5-A47B-FFCFD20FD017}
    2011-04-16 01:18:39 -------- d-----w- c:\users\raejae\appdata\local\{787EAFD0-2B98-4F63-9D5B-331774D5E51C}
    2011-04-15 03:33:56 2331136 ----a-w- c:\windows\system32\win32k.sys
    2011-04-15 03:33:56 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    2011-04-15 03:33:55 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-04-15 03:33:54 740864 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-15 03:33:53 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-04-15 03:33:53 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-04-15 03:33:53 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-04-15 03:33:53 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-15 03:33:53 1164288 ----a-w- c:\windows\system32\mfc42u.dll
    2011-04-15 03:33:53 1137664 ----a-w- c:\windows\system32\mfc42.dll
    2011-04-14 03:21:28 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-04-14 03:20:23 -------- d-----w- c:\users\raejae\appdata\local\{8E2A8A4C-0535-4076-A51E-8B70D96314DB}
    2011-04-14 00:58:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-04-14 00:24:28 -------- d-----w- c:\users\raejae\appdata\local\Conduit
    2011-04-14 00:12:57 -------- d-----w- c:\users\raejae\appdata\local\{6CF5DCAA-8975-4025-883D-218CE2D891AF}
    2011-04-13 21:22:53 -------- d-----w- c:\program files\AVAST Software
    2011-04-13 21:22:53 -------- d-----w- c:\progra~2\AVAST Software
    2011-04-13 21:22:36 -------- d-----w- c:\progra~2\PC Tools
    2011-04-13 21:02:12 200704 --sha-r- c:\windows\system32\LAPRXYQ.dll
    2011-04-11 21:54:47 -------- d-----w- c:\users\raejae\appdata\local\{04323764-5268-48E8-86F3-62D7DC592526}
    2011-04-11 07:38:30 -------- d-----w- c:\users\raejae\appdata\local\{AAAAF49F-BE39-47CC-9620-25FCB580F967}
    2011-04-11 01:01:54 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-04-11 01:01:54 -------- d-----w- c:\progra~2\AVG10
    2011-04-11 01:00:45 -------- d-----w- c:\program files\AVG
    2011-04-10 07:37:24 -------- d-----w- c:\users\raejae\appdata\local\{1E3AC23E-0819-4446-944C-358872EC34D2}
    2011-04-08 08:59:02 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{a978259a-16ed-4949-b814-d8db3b67fcb0}\mpengine.dll
    2011-04-08 00:56:11 -------- d-----w- c:\users\raejae\appdata\local\{0E7B7C2E-6518-44A6-8DA6-56DE5271BEA1}
    2011-04-08 00:39:00 -------- dc-h--w- c:\progra~2\{F751CA04-FB71-4EC0-ACC9-5B733D122C5E}
    2011-04-08 00:38:42 -------- dc-h--w- c:\progra~2\{20EFD19B-675C-417B-A498-B0161D72FF88}
    2011-04-08 00:36:29 -------- dc-h--w- c:\progra~2\{3C6B30C3-46C9-4FD1-AAC3-6011E43BF0D1}
    2011-04-08 00:16:46 -------- dc-h--w- c:\progra~2\{F828BFD7-781D-4BD3-AD6C-71D19DC23493}
    2011-04-08 00:02:31 -------- dc-h--w- c:\progra~2\{E6F7E8AE-5D26-4508-A961-B0231A24CCAE}
    2011-04-07 23:48:38 -------- dc-h--w- c:\progra~2\{C5A0D307-9319-4B00-9734-C0F4B0454A7B}
    2011-04-07 22:40:23 -------- dc-h--w- c:\progra~2\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}
    2011-04-06 21:00:25 -------- d-----w- c:\users\raejae\appdata\local\{D0D41795-8F52-4E52-93FE-AEBCC1745C49}
    2011-04-06 07:13:52 -------- dc-h--w- c:\progra~2\{16E6DCE6-1916-4566-A3CF-31880CAA7C63}
    2011-04-06 04:13:35 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-04-06 04:13:28 -------- d-----w- c:\program files\DAEMON Tools Lite
    2011-04-06 04:13:00 -------- d-----w- c:\users\raejae\appdata\roaming\DAEMON Tools Lite
    2011-04-06 04:13:00 -------- d-----w- c:\progra~2\DAEMON Tools Lite
    2011-04-06 01:05:32 1332224 ----a-w- c:\windows\system32\SYNSOEMU.DLL
    2011-04-03 22:54:46 -------- d-----w- c:\users\raejae\appdata\local\{4F597D4D-CBC3-427C-A896-C4ECFD6FAFF8}
    2011-04-03 06:49:06 -------- d-----w- c:\users\raejae\appdata\local\{A0BB2CE6-790F-44C5-8D8B-62BADB871418}
    2011-04-02 11:54:57 -------- d-----w- c:\users\raejae\appdata\local\{ED84A8A4-45D6-4F0C-9663-C6F4EF268289}
    2011-04-01 23:50:47 -------- d-----w- c:\users\raejae\appdata\local\{2CA530FE-C91F-421F-8F88-D1364FF07BEB}
    2011-03-31 12:39:42 -------- d-----w- c:\users\raejae\appdata\local\{F06CD8E8-6A07-4E03-B663-8F60F9598E8E}
    2011-03-30 21:17:26 -------- d-----w- c:\progra~2\AVS4YOU
    2011-03-30 21:17:25 -------- d-----w- c:\users\raejae\appdata\roaming\AVS4YOU
    2011-03-30 21:17:07 -------- d-----w- c:\program files\common files\AVSMedia
    2011-03-30 21:17:06 24576 ----a-w- c:\windows\system32\msxml3a.dll
    2011-03-30 21:17:06 -------- d-----w- c:\program files\AVS4YOU
    2011-03-30 20:43:07 1554944 ----a-w- c:\windows\system32\vorbis.acm
    2011-03-30 20:37:53 -------- d-----w- c:\users\raejae\appdata\local\{7E25DA18-103E-4B1B-AF44-54D6418368E5}
    2011-03-29 19:35:19 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-29 19:35:19 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-03-29 19:35:19 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-29 04:27:13 -------- dc-h--w- c:\progra~2\{37C683B9-C5C5-47D2-AC1F-B551207D4066}
    2011-03-23 22:03:46 -------- d-----w- c:\program files\BitTorrent
    2011-03-23 22:03:06 -------- d-----w- c:\users\raejae\appdata\roaming\BitTorrent
    2011-03-23 20:09:22 -------- d-----w- c:\progra~2\Arturia
    2011-03-23 03:07:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-03-23 03:04:17 57344 ----a-w- c:\windows\system32\Wnaspint.dll
    2011-03-23 03:04:17 -------- d-----w- c:\users\raejae\appdata\roaming\Acoustica
    2011-03-23 03:03:37 -------- d-----w- c:\progra~2\Acoustica
    2011-03-23 00:39:02 -------- d-----w- c:\progra~2\Ralink
    2011-03-23 00:38:58 1597440 ----a-w- c:\windows\system32\RaCertMgr.dll
    2011-03-23 00:38:49 724992 ----a-w- c:\windows\system32\drivers\netr28u.sys
    2011-03-23 00:38:49 221184 ----a-w- c:\windows\system32\RaCoInst.dll
    2011-03-23 00:38:49 -------- d-----w- c:\progra~2\NetComm Driver
    2011-03-23 00:38:34 -------- d-----w- c:\program files\Cisco
    2011-03-23 00:38:20 97280 ----a-w- c:\windows\system32\RAEXTUI.dll
    2011-03-23 00:38:20 766464 ----a-w- c:\windows\system32\RAIHV.dll
    2011-03-23 00:38:20 1048576 ----a-w- c:\windows\system32\CiscoEapFast.dll
    2011-03-23 00:38:19 -------- d-----w- c:\program files\NetComm
    2011-03-22 02:42:18 -------- d-----w- c:\program files\ConvertHelper
    2011-03-21 22:49:58 850432 ----a-w- c:\windows\system32\sbe.dll
    2011-03-21 22:49:58 642048 ----a-w- c:\windows\system32\CPFilters.dll
    2011-03-21 22:49:58 534528 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-21 22:49:58 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-21 22:49:11 2690560 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-21 22:49:11 1034240 ----a-w- c:\windows\system32\mstsc.exe
    .
    ==================== Find3M ====================
    .
    2011-03-07 09:51:11 338432 ----a-w- c:\windows\system32\REX Shared Library.dll
    2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-02-24 05:32:44 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-02-24 05:30:16 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-24 04:23:48 386048 ----a-w- c:\windows\system32\html.iec
    2011-02-24 03:50:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-02-19 05:32:08 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-02-19 03:37:02 294912 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-18 05:36:26 428032 ----a-w- c:\windows\system32\vbscript.dll
    2011-02-17 11:22:04 69632 ----a-w- c:\windows\system32\FxShared.dll
    2011-02-17 11:22:04 69632 ----a-w- c:\windows\system32\com.fxpansion.fxshared.dll
    2011-02-02 10:46:57 406528 ----a-w- c:\windows\system32\ReWire.dll
    2011-02-02 05:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
    2007-01-24 14:52:26 65536 ----a-w- c:\program files\common files\NMSAccessU.exe
    .
    ============= FINISH: 20:37:01.58 ===============
     
  11. JBEEZY

    JBEEZY TS Rookie Topic Starter Posts: 67

    And this is the DDR Attachment Log Report.

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 18/01/2010 12:19:44 a.m.
    System Uptime: 20/04/2011 8:27:25 p.m. (0 hours ago)
    .
    Motherboard: MSI | | Boston
    Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz | Socket 775 | 2800/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 455 GiB total, 190.571 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 1.462 GiB free.
    E: is CDROM ()
    F: is Removable
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: AVG Free AVI Loader Driver x86
    Device ID: ROOT\LEGACY_AVGLDX86\0000
    Manufacturer:
    Name: AVG Free AVI Loader Driver x86
    PNP Device ID: ROOT\LEGACY_AVGLDX86\0000
    Service: AvgLdx86
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: AVG Free8 Network Redirector
    Device ID: ROOT\LEGACY_AVGTDIX\0000
    Manufacturer:
    Name: AVG Free8 Network Redirector
    PNP Device ID: ROOT\LEGACY_AVGTDIX\0000
    Service: AvgTdiX
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    1100 DX
    2007 Microsoft Office system
    AAC Decoder
    Abbeyroadplugins EMI Brilliance Pack VST RTAS v1.0.6
    Abbeyroadplugins EMI RS 124 Compressor VST RTAS v1.0
    Abbeyroadplugins EMI TG 12413 Limiter VST RTAS v2.0.1
    Abbeyroadplugins EMI TG Mastering Pack VST RTAS v1.0.2
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Shockwave Player 11.5
    Analog Factory HipHop 2.2.1
    Antares Autotune VST RTAS TDM v5.08
    Antares Filter VST DX v1.01
    Antares Harmony Engine VST RTAS v1.0
    Antares Microphone Modeler DX v1.32
    Antares Tube VST v1.02
    AnVir Task Manager Free
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Arturia Arp2600 V v1.0
    Arturia CS-80V v1.6
    Arturia minimoog V v1.6
    Ashampoo Burning Studio 2010
    Ashampoo Cover Studio 2.2.0
    Ashampoo Internet Accelerator 3.20
    Ashampoo Magical Snap 2.31
    Ashampoo Music Studio 2009
    Ashampoo Slideshow Studio 2010
    ASIO4ALL
    AutoUpdate
    avast! Antivirus
    AVS Image Converter 1.3.3.146
    AVS Update Manager 1.0
    AVS4YOU Software Navigator 1.4
    Bass Station 1.50
    BitTorrent
    Bonjour
    bx_shredspread Native 1.0.3
    CameraHelperMsi
    CCleaner
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Clean! v1.0
    Compatibility Pack for the 2007 Office system
    Conduit Engine
    ConvertHelper 2.2
    CyberLink DVD Suite Deluxe
    D3DX10
    DAEMON Tools Lite
    Digidesign Shared Plug-Ins 7.4
    DirectX for Managed Code Update (Summer 2004)
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Plus Web Player
    DivX Version Checker
    Download Accelerator Plus (DAP)
    Elementals - The Magic Key
    eLicenser Control
    Enhanced Multimedia Keyboard Solution
    erLT
    FL Studio 9
    FlashFXP v3
    Focusrite Scarlett Plug-in Suite 1.1
    Foxit Reader
    Foxit Toolbar
    Freecorder 4.0 Application
    Freecorder Toolbar
    Game Booster
    GEAR driver installer for x86 Win2K
    GForce - impOSCar
    GForce - Oddity
    GMediaMusic - Oddity VST2
    Google Earth
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    H.264 Decoder
    Hardware Diagnostic Tools
    HP Active Support Library
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP Odometer
    HP Picasso Media Center Add-In
    HP Recovery Manager RSS
    HP Support Information
    HP Total Care Setup
    HP Update
    HPAsset component for HP Active Support Library
    IL Download Manager
    ImgBurn
    Intel(R) Graphics Media Accelerator Driver
    Interlok driver setup x32
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 22
    Junk Mail filter update
    KORG padKONTROL Editor Librarian
    KORG USB-MIDI Driver Tools for Windows
    LabelPrint
    LightScribe System Software
    Live 6.0.1
    Live 8.1.3
    Logitech Vid
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    M-Audio FastTrackPro Driver 6.0.2 (x86)
    M-Audio Oxygen Driver 1.2.1 (x86)
    Malwarebytes' Anti-Malware
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Chart Controls for Microsoft .NET Framework 3.5
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access MUI (French) 2010 (Beta)
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel MUI (French) 2010 (Beta)
    Microsoft Office Live Add-in 1.4
    Microsoft Office OneNote MUI (French) 2010 (Beta)
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office Outlook MUI (French) 2010 (Beta)
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint MUI (French) 2010 (Beta)
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Professionnel 2010
    Microsoft Office Proof (Arabic) 2010 (Beta)
    Microsoft Office Proof (Dutch) 2010 (Beta)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010 (Beta)
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010 (Beta)
    Microsoft Office Proof (German) 2010 (Beta)
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010 (Beta)
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (French) 2010 (Beta)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Publisher MUI (French) 2010 (Beta)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (French) 2010 (Beta)
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Single Image 2010 (Beta)
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word MUI (French) 2010 (Beta)
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    MixMeister BPM Analyzer 1.0
    MKV Splitter
    MobileMe Control Panel
    Mozilla Firefox (3.6.3)
    Mozilla Firefox 4.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Murder She Wrote
    Native Instruments Absynth 4
    Native Instruments Battery 3
    Native Instruments Controller Editor
    Native Instruments FM8
    Native Instruments Guitar Rig 4
    Native Instruments Hardware Controller Support
    Native Instruments Komplete 7 Players
    Native Instruments Kontakt 4
    Native Instruments Kontakt Factory Selection
    Native Instruments Kore Player
    Native Instruments Maschine
    Native Instruments Maschine Controller Driver
    Native Instruments Maschine Driver
    Native Instruments Maschine Factory Content
    Native Instruments Maschine Factory Content 1.5
    Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
    Native Instruments Mikro Prism
    Native Instruments Reaktor 5
    Native Instruments Reaktor Factory Selection
    Native Instruments Service Center
    Native Instruments Traktor
    Natural Color Pro
    NetComm NetComm 900n Series Wireless USB Adapter
    Norton Internet Security
    Numedia CD-DVD writing as non-admin user
    NVIDIA PhysX v8.10.29
    OGA Notifier 2.0.0048.0
    PhotoStage Slideshow Producer
    PoiZone
    Power2Go
    PowerDirector
    PreSonus Studio One
    Prosoniq OrangeVocoder v1.4
    Python 2.6 pywin32-212
    Python 2.6.1
    QuickTime
    RB MOLOTOF V1
    RD 2.12
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.0
    Reason 5.0
    Rob Papen Albino 2
    Sakura
    Sawer
    Search Settings v1.2.3
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype Toolbars
    Skype™ 4.2
    SONiVOX DVI Creamy Fuzz Guitar
    Spybot - Search & Destroy
    Steinberg DeClicker v1.21
    Steinberg Mastering Edition v1.0
    Stillwell Audio Plugins Bundle VST v1.52
    System Requirements Lab
    T-RackS 3 Deluxe
    Toxic Biohazard
    TruePianos 1.4.1
    TruePianos: Amber Module 1.4.0
    TruePianos: Diamond Module 1.4.0
    TruePianos: Emerald Module 1.4.0
    TruePianos: Sapphire Module 1.4.0
    TweetDeck
    Universal Audio v4.4.0 Native
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2522999)
    V-Station
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 1.0.3
    VST Compressor
    WavePad Sound Editor
    Waves Mercury Bundle
    Windows 7 Manager
    Windows 7 Upgrade Advisor
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    Xilisoft Video Converter Ultimate
    Yahoo! Install Manager
    .
    ==== Event Viewer Messages From Past Week ========
    .
    20/04/2011 9:52:05 a.m., Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    20/04/2011 9:41:47 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    20/04/2011 9:41:47 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    20/04/2011 9:00:26 a.m., Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    20/04/2011 9:00:25 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    20/04/2011 9:00:25 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    20/04/2011 9:00:23 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    20/04/2011 9:00:17 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    20/04/2011 8:59:52 a.m., Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\RAIHV.dll Error Code: 21
    20/04/2011 8:59:35 a.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 AvgTdiX discache spldr Wanarpv6
    20/04/2011 8:27:48 p.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 AvgTdiX
    20/04/2011 8:27:46 p.m., Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    20/04/2011 6:47:20 p.m., Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {22CB7E43-046D-4AFF-8757-FD6EA2FE124B}. The error: "740" Happened while starting this command: "C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions\{eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c58}\libraries32\SeHExeComServer.exe" -Embedding
    20/04/2011 6:20:43 p.m., Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
    20/04/2011 2:10:27 a.m., Error: Service Control Manager [7000] - The AVG Free WatchDog service failed to start due to the following error: The system cannot find the file specified.
    20/04/2011 1:41:06 p.m., Error: Service Control Manager [7022] - The Windows Search service hung on starting.
    19/04/2011 11:39:15 p.m., Error: Service Control Manager [7038] - The SSDPSRV service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    19/04/2011 11:39:15 p.m., Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024846.
    19/04/2011 11:39:15 p.m., Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The service did not start due to a logon failure.
    19/04/2011 11:39:15 p.m., Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80070032.
    19/04/2011 11:33:21 p.m., Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831
    19/04/2011 11:15:29 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    18/04/2011 9:41:48 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    15/04/2011 11:32:24 a.m., Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR9.
    14/04/2011 9:26:18 a.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
    14/04/2011 9:22:56 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    14/04/2011 8:45:46 a.m., Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {22CB7E43-046D-4AFF-8757-FD6EA2FE124B}. The error: "5" Happened while starting this command: "C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions\{eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c58}\libraries32\SeHExeComServer.exe" -Embedding
    14/04/2011 5:19:07 p.m., Error: bowser [8003] - The master browser has received a server announcement from the computer BROOKS-WHANAU that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D424BA8E-E2D7-4D2D-A630-6039. The master browser is stopping or an election is being forced.
    14/04/2011 4:02:09 p.m., Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
    14/04/2011 3:21:46 p.m., Error: Service Control Manager [7030] - The avast! Web Scanner service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    14/04/2011 3:21:46 p.m., Error: Service Control Manager [7030] - The avast! Mail Scanner service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    14/04/2011 3:21:45 p.m., Error: Service Control Manager [7030] - The avast! iAVS4 Control Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    14/04/2011 3:21:45 p.m., Error: Service Control Manager [7030] - The avast! Antivirus service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    .
    ==== End Of File ===========================
     
  12. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    You did fine :)

    Is your bad computer internet connection working?

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ===================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  13. JBEEZY

    JBEEZY TS Rookie Topic Starter Posts: 67

    Thanks.

    I tried connecting to the Internet and yes it is working now. This is the MBRCheck Log report.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: MSI
    BIOS Manufacturer: Phoenix Technologies, LTD
    System Manufacturer: Compaq-Presario
    System Product Name: NS893AA-ABG CQ3040AN
    Logical Drives Mask: 0x000000bc

    Kernel Drivers (total 186):
    0x83856000 \SystemRoot\system32\ntkrnlpa.exe
    0x8381F000 \SystemRoot\system32\halmacpi.dll
    0x80BAD000 \SystemRoot\system32\kdcom.dll
    0x83E1B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x83E93000 \SystemRoot\system32\PSHED.dll
    0x83EA4000 \SystemRoot\system32\BOOTVID.dll
    0x83EAC000 \SystemRoot\system32\CLFS.SYS
    0x83EEE000 \SystemRoot\system32\CI.dll
    0x89438000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x894A9000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x894B7000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x894FF000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x89508000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x89510000 \SystemRoot\system32\DRIVERS\pci.sys
    0x8953A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x89545000 \SystemRoot\System32\drivers\partmgr.sys
    0x89556000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x89566000 \SystemRoot\System32\drivers\volmgrx.sys
    0x895B1000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x895B8000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x895C6000 \SystemRoot\System32\drivers\mountmgr.sys
    0x895DC000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x89400000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x89423000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x83F99000 \SystemRoot\system32\drivers\fltmgr.sys
    0x895E5000 \SystemRoot\system32\drivers\fileinfo.sys
    0x83FCD000 \SystemRoot\System32\Drivers\TPkd.sys
    0x89620000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8974F000 \SystemRoot\System32\Drivers\msrpc.sys
    0x8977A000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8978D000 \SystemRoot\System32\Drivers\cng.sys
    0x897EA000 \SystemRoot\System32\drivers\pcw.sys
    0x89600000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x89827000 \SystemRoot\system32\drivers\ndis.sys
    0x898DE000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8991C000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x89A29000 \SystemRoot\System32\drivers\tcpip.sys
    0x89B72000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x89BA3000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x89BE2000 \SystemRoot\System32\Drivers\spldr.sys
    0x89941000 \SystemRoot\System32\drivers\rdyboost.sys
    0x89BEA000 \SystemRoot\System32\Drivers\mup.sys
    0x89A00000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x8996E000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x89A08000 \SystemRoot\system32\DRIVERS\disk.sys
    0x899A0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x89800000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8981F000 \SystemRoot\System32\Drivers\Null.SYS
    0x899EA000 \SystemRoot\System32\Drivers\Beep.SYS
    0x89BFA000 \SystemRoot\system32\drivers\MTictwl.sys
    0x899F1000 \SystemRoot\System32\drivers\vga.sys
    0x8E82F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8E850000 \SystemRoot\System32\drivers\watchdog.sys
    0x8E85D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8E865000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8E86D000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x8E875000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8E880000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8E88E000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8E8A5000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8E8B0000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8E8E2000 \SystemRoot\system32\drivers\afd.sys
    0x8E93C000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x8E943000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8E962000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8E970000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8E983000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8E993000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8E9D4000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8E9DE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8E9E8000 \SystemRoot\System32\drivers\discache.sys
    0x8E800000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8E818000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x8EC38000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8EC59000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8EE19000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
    0x8F322000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8EC6B000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x8F3D9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8ECA4000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
    0x8EE00000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8ECC9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8ED14000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8ED23000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8EE0B000 \SystemRoot\system32\DRIVERS\PS2.sys
    0x8ED3B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8EE10000 \SystemRoot\system32\drivers\pfc.sys
    0x8ED48000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8ED52000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x8ED5F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x8ED71000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8ED89000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8ED94000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8EDB6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8EDCE000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8EDE5000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8EC00000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8EE13000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8F63E000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8F672000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8F680000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8F6C4000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x97821000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x97ABE000 \SystemRoot\system32\drivers\portcls.sys
    0x97AED000 \SystemRoot\system32\drivers\drmk.sys
    0x97B2C000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x81E60000 \SystemRoot\System32\win32k.sys
    0x97B2E000 \SystemRoot\System32\drivers\Dxapi.sys
    0x97B38000 \SystemRoot\system32\DRIVERS\netr28u.sys
    0x97800000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x97BF0000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x8F6D5000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x8F6E0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x97817000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x97BFB000 \SystemRoot\System32\Drivers\KORGUMDS.SYS
    0x8F6F3000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x820C0000 \SystemRoot\System32\TSDDD.dll
    0x8F6FE000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8F70B000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x8F716000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x8F71F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x820F0000 \SystemRoot\System32\cdd.dll
    0x82110000 \SystemRoot\System32\ATMFD.DLL
    0x8F730000 \SystemRoot\system32\drivers\luafv.sys
    0x8F74B000 \SystemRoot\system32\drivers\WudfPf.sys
    0x8F765000 \SystemRoot\system32\DRIVERS\fssfltr.sys
    0x8F770000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x8F780000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x8F7C6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x8F7D6000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x8F600000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x94C16000 \SystemRoot\system32\drivers\HTTP.sys
    0x94C9B000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x94CB4000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x94CC6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x94CE9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x94D24000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x94D57000 \SystemRoot\system32\drivers\peauth.sys
    0x94DEE000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x8EC0D000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x94C00000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9A005000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9A054000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9A0A6000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x9A0C7000 \??\C:\Users\RaeJae\AppData\Local\Temp\kxdiqpow.sys
    0x9A14A000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x9A153000 \??\C:\Users\RaeJae\AppData\Local\Temp\mbr.sys
    0x77B60000 \Windows\System32\ntdll.dll
    0x47BF0000 \Windows\System32\smss.exe
    0x77DA0000 \Windows\System32\apisetschema.dll
    0x00210000 \Windows\System32\autochk.exe
    0x77D60000 \Windows\System32\imagehlp.dll
    0x779C0000 \Windows\System32\setupapi.dll
    0x77D50000 \Windows\System32\normaliz.dll
    0x76D70000 \Windows\System32\shell32.dll
    0x77D40000 \Windows\System32\nsi.dll
    0x76CA0000 \Windows\System32\user32.dll
    0x77D30000 \Windows\System32\psapi.dll
    0x76C00000 \Windows\System32\advapi32.dll
    0x76B30000 \Windows\System32\msctf.dll
    0x77CD0000 \Windows\System32\shlwapi.dll
    0x76A90000 \Windows\System32\usp10.dll
    0x76930000 \Windows\System32\ole32.dll
    0x76880000 \Windows\System32\rpcrt4.dll
    0x77CB0000 \Windows\System32\imm32.dll
    0x76800000 \Windows\System32\comdlg32.dll
    0x76720000 \Windows\System32\kernel32.dll
    0x766D0000 \Windows\System32\Wldap32.dll
    0x764D0000 \Windows\System32\iertutil.dll
    0x76440000 \Windows\System32\clbcatq.dll
    0x76420000 \Windows\System32\sechost.dll
    0x76320000 \Windows\System32\wininet.dll
    0x761E0000 \Windows\System32\urlmon.dll
    0x76130000 \Windows\System32\msvcrt.dll
    0x77CA0000 \Windows\System32\lpk.dll
    0x760D0000 \Windows\System32\difxapi.dll
    0x76090000 \Windows\System32\ws2_32.dll
    0x76000000 \Windows\System32\oleaut32.dll
    0x75FB0000 \Windows\System32\gdi32.dll
    0x75F60000 \Windows\System32\KernelBase.dll
    0x75F30000 \Windows\System32\wintrust.dll
    0x75F00000 \Windows\System32\cfgmgr32.dll
    0x75DE0000 \Windows\System32\crypt32.dll
    0x75D50000 \Windows\System32\comctl32.dll
    0x75D30000 \Windows\System32\devobj.dll
    0x75D20000 \Windows\System32\msasn1.dll

    Processes (total 73):
    0 System Idle Process
    4 System
    244 C:\Windows\System32\smss.exe
    368 csrss.exe
    420 C:\Windows\System32\wininit.exe
    432 csrss.exe
    500 C:\Windows\System32\winlogon.exe
    540 C:\Windows\System32\services.exe
    556 C:\Windows\System32\lsass.exe
    564 C:\Windows\System32\lsm.exe
    672 C:\Windows\System32\svchost.exe
    756 C:\Windows\System32\svchost.exe
    844 C:\Windows\System32\svchost.exe
    908 C:\Windows\System32\svchost.exe
    940 C:\Windows\System32\svchost.exe
    1096 C:\Windows\System32\svchost.exe
    1184 C:\Windows\System32\svchost.exe
    1292 C:\Windows\System32\wlanext.exe
    1300 C:\Windows\System32\conhost.exe
    1416 C:\Windows\System32\taskeng.exe
    1424 C:\Windows\System32\spoolsv.exe
    1460 C:\Windows\System32\rundll32.exe
    1496 C:\Windows\System32\svchost.exe
    1596 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1632 C:\Program Files\Application Updater\ApplicationUpdater.exe
    1652 C:\Program Files\Bonjour\mDNSResponder.exe
    1684 C:\Windows\System32\svchost.exe
    1736 C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    1832 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1860 C:\Program Files\Common Files\NMSAccessU.exe
    1920 C:\Program Files\M-Audio\Oxygen\AudioDevMon.exe
    2044 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    376 C:\Windows\System32\svchost.exe
    692 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    1304 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2284 WUDFHost.exe
    3140 C:\Windows\System32\taskhost.exe
    3208 C:\Windows\System32\taskeng.exe
    3216 C:\Windows\System32\dwm.exe
    3392 C:\Windows\explorer.exe
    2524 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    2532 C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    2540 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2604 C:\Windows\System32\hkcmd.exe
    2620 C:\Windows\System32\igfxpers.exe
    2632 C:\Program Files\Freecorder\FLVSrvc.exe
    2692 C:\Windows\System32\igfxsrvc.exe
    2700 C:\Program Files\Windows Live\Family Safety\fsui.exe
    2720 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    2780 C:\Windows\System32\M-AudioTaskBarIcon.exe
    2804 C:\Program Files\iTunes\iTunesHelper.exe
    2836 C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    2888 C:\Program Files\AnVir Task Manager Free\AnVir.exe
    2904 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    2964 C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
    2976 C:\Program Files\NetComm\Common\RaUI.exe
    3120 C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    3356 C:\Windows\System32\SearchIndexer.exe
    2616 C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
    3092 C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
    3060 C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    2184 C:\Program Files\iPod\bin\iPodService.exe
    3756 C:\Program Files\Windows Media Player\wmpnetwk.exe
    660 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    1204 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    1452 C:\Program Files\Hewlett-Packard\KBD\kbd.exe
    2240 C:\Windows\System32\svchost.exe
    2448 dllhost.exe
    6088 C:\Windows\System32\SearchProtocolHost.exe
    4240 C:\Windows\System32\SearchFilterHost.exe
    4608 C:\Users\RaeJae\Desktop\MBRCheck.exe
    5920 C:\Windows\System32\conhost.exe
    1784 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`d6bac000 (NTFS)

    PhysicalDrive0 Model Number: SAMSUNGHD502IJ, Rev: 1AA01117

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: CEFD837A02A1F4445A136688B10013AE4399C2CF


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  14. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Good news :)
    Go on.....
     
  15. JBEEZY

    JBEEZY TS Rookie Topic Starter Posts: 67

    I ran ComboFix and it did its thing then it rebooted the computer,then it showed back up in a Blue Box saying 'Preparing Log Report. Do not run any programs until ComboFix has finished.'

    But as that was happening the programs that usually boot up on startup did (CCleaner,Daemon Tools,Spybot).

    This is the report but I hope its correct and I havent stuffed it up again:/

    ComboFix 11-04-20.03 - RaeJae 21/04/2011 15:15:49.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.64.1033.18.2037.1236 [GMT 12:00]
    Running from: c:\users\RaeJae\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Mozilla Firefox\extensions\searchsettings@spigot.com
    c:\program files\Search Settings
    c:\program files\Search Settings\FF\chrome.manifest
    c:\program files\Search Settings\FF\chrome\content\plugin.js
    c:\program files\Search Settings\FF\chrome\content\plugin.xul
    c:\program files\Search Settings\FF\chrome\content\protection.js
    c:\program files\Search Settings\FF\chrome\content\utils.js
    c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
    c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
    c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
    c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
    c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
    c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
    c:\program files\Search Settings\FF\install.rdf
    c:\program files\Search Settings\SearchSettings.dll
    c:\program files\Search Settings\SearchSettings.exe
    c:\program files\Search Settings\SearchSettingsRes409.dll
    C:\UNWISE.EXE
    c:\virtualdjportable\VirtualDJPortable.exe
    .
    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
    .
    Infected copy of c:\windows\System32\wininit.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
    .
    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-21 to 2011-04-21 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-21 03:22 . 2011-04-21 03:22 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-04-21 03:22 . 2011-04-21 03:22 -------- d-----w- c:\users\ChaKotAshWai\AppData\Local\temp
    2011-04-20 23:27 . 2011-04-20 23:27 -------- d-----w- c:\users\RaeJae\AppData\Local\{5EC40114-D36E-48D6-97F7-C94AA36076D4}
    2011-04-20 06:23 . 2011-04-20 06:23 -------- d-----w- c:\users\RaeJae\AppData\Roaming\Malwarebytes
    2011-04-20 06:23 . 2010-12-20 06:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-20 06:23 . 2011-04-20 06:23 -------- d-----w- c:\programdata\Malwarebytes
    2011-04-20 06:23 . 2011-04-20 06:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-20 06:23 . 2010-12-20 06:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-20 01:39 . 2011-04-20 01:39 -------- d-----w- c:\users\RaeJae\AppData\Local\{4C8437FA-9B99-4CBF-A3F1-FA613C1C825C}
    2011-04-19 06:45 . 2011-04-19 06:45 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
    2011-04-19 05:03 . 2011-04-19 05:04 -------- d-----w- c:\users\RaeJae\AppData\Local\{609E11D7-485F-4B01-99E0-4ABBDE0E8B2A}
    2011-04-19 04:40 . 2011-04-19 04:40 -------- d-----w- c:\users\RaeJae\AppData\Local\{C2E022B5-C93F-4EF5-A47B-FFCFD20FD017}
    2011-04-16 01:18 . 2011-04-18 02:31 -------- d-----w- c:\users\RaeJae\AppData\Local\{787EAFD0-2B98-4F63-9D5B-331774D5E51C}
    2011-04-15 03:33 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys
    2011-04-15 03:33 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    2011-04-15 03:33 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-04-15 03:33 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-15 03:33 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
    2011-04-15 03:33 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
    2011-04-15 03:33 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-04-15 03:33 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-04-15 03:33 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-15 03:33 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-04-14 03:21 . 2009-11-25 00:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-04-14 03:21 . 2009-11-25 00:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-04-14 03:21 . 2009-11-25 00:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2011-04-14 03:21 . 2009-11-25 00:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-04-14 03:21 . 2009-11-25 00:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-04-14 03:21 . 2009-11-25 00:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
    2011-04-14 03:21 . 2009-11-25 00:49 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-04-14 03:21 . 2004-01-09 10:13 380928 ----a-w- c:\windows\system32\actskin4.ocx
    2011-04-14 03:20 . 2011-04-15 03:21 -------- d-----w- c:\users\RaeJae\AppData\Local\{8E2A8A4C-0535-4076-A51E-8B70D96314DB}
    2011-04-14 00:58 . 2011-04-14 00:58 -------- d-----w- c:\program files\Common Files\Java
    2011-04-14 00:58 . 2010-09-14 16:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-04-14 00:24 . 2011-04-14 00:24 -------- d-----w- c:\users\RaeJae\AppData\Local\Conduit
    2011-04-14 00:12 . 2011-04-14 00:12 -------- d-----w- c:\users\RaeJae\AppData\Local\{6CF5DCAA-8975-4025-883D-218CE2D891AF}
    2011-04-13 21:22 . 2011-04-14 00:14 -------- d-----w- c:\programdata\AVAST Software
    2011-04-13 21:22 . 2011-04-13 21:22 -------- d-----w- c:\program files\AVAST Software
    2011-04-13 21:22 . 2011-04-13 21:15 -------- d-----w- c:\programdata\PC Tools
    2011-04-13 21:02 . 2011-04-13 21:02 200704 --sha-r- c:\windows\system32\LAPRXYQ.dll
    2011-04-11 21:54 . 2011-04-13 09:57 -------- d-----w- c:\users\RaeJae\AppData\Local\{04323764-5268-48E8-86F3-62D7DC592526}
    2011-04-11 07:38 . 2011-04-11 07:38 -------- d-----w- c:\users\RaeJae\AppData\Local\{AAAAF49F-BE39-47CC-9620-25FCB580F967}
    2011-04-11 01:01 . 2011-04-13 21:26 -------- d-----w- c:\programdata\AVG10
    2011-04-11 01:01 . 2011-04-11 01:06 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-04-11 01:00 . 2011-04-11 01:00 -------- d-----w- c:\program files\AVG
    2011-04-10 07:37 . 2011-04-10 19:38 -------- d-----w- c:\users\RaeJae\AppData\Local\{1E3AC23E-0819-4446-944C-358872EC34D2}
    2011-04-08 08:59 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A978259A-16ED-4949-B814-D8DB3B67FCB0}\mpengine.dll
    2011-04-08 00:56 . 2011-04-09 12:57 -------- d-----w- c:\users\RaeJae\AppData\Local\{0E7B7C2E-6518-44A6-8DA6-56DE5271BEA1}
    2011-04-08 00:39 . 2011-04-08 00:39 -------- dc-h--w- c:\programdata\{F751CA04-FB71-4EC0-ACC9-5B733D122C5E}
    2011-04-08 00:38 . 2011-04-08 00:38 -------- dc-h--w- c:\programdata\{20EFD19B-675C-417B-A498-B0161D72FF88}
    2011-04-08 00:36 . 2011-04-08 00:36 -------- dc-h--w- c:\programdata\{3C6B30C3-46C9-4FD1-AAC3-6011E43BF0D1}
    2011-04-08 00:16 . 2011-04-08 00:16 -------- dc-h--w- c:\programdata\{F828BFD7-781D-4BD3-AD6C-71D19DC23493}
    2011-04-08 00:02 . 2011-04-08 00:02 -------- dc-h--w- c:\programdata\{E6F7E8AE-5D26-4508-A961-B0231A24CCAE}
    2011-04-07 23:48 . 2011-04-07 23:48 -------- dc-h--w- c:\programdata\{C5A0D307-9319-4B00-9734-C0F4B0454A7B}
    2011-04-07 22:40 . 2011-04-07 22:40 -------- dc-h--w- c:\programdata\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}
    2011-04-06 21:00 . 2011-04-07 12:55 -------- d-----w- c:\users\RaeJae\AppData\Local\{D0D41795-8F52-4E52-93FE-AEBCC1745C49}
    2011-04-06 07:13 . 2011-04-06 07:13 -------- dc-h--w- c:\programdata\{16E6DCE6-1916-4566-A3CF-31880CAA7C63}
    2011-04-06 04:13 . 2011-04-06 04:13 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-04-06 04:13 . 2011-04-06 04:15 -------- d-----w- c:\program files\DAEMON Tools Lite
    2011-04-06 04:13 . 2011-04-10 00:09 -------- d-----w- c:\programdata\DAEMON Tools Lite
    2011-04-06 04:13 . 2011-04-06 04:18 -------- d-----w- c:\users\RaeJae\AppData\Roaming\DAEMON Tools Lite
    2011-04-06 01:05 . 2009-10-24 09:15 1332224 ----a-w- c:\windows\system32\SYNSOEMU.DLL
    2011-04-03 22:54 . 2011-04-06 00:40 -------- d-----w- c:\users\RaeJae\AppData\Local\{4F597D4D-CBC3-427C-A896-C4ECFD6FAFF8}
    2011-04-03 06:49 . 2011-04-03 06:49 -------- d-----w- c:\users\RaeJae\AppData\Local\{A0BB2CE6-790F-44C5-8D8B-62BADB871418}
    2011-04-02 11:54 . 2011-04-02 11:55 -------- d-----w- c:\users\RaeJae\AppData\Local\{ED84A8A4-45D6-4F0C-9663-C6F4EF268289}
    2011-04-01 23:50 . 2011-04-01 23:54 -------- d-----w- c:\users\RaeJae\AppData\Local\{2CA530FE-C91F-421F-8F88-D1364FF07BEB}
    2011-03-31 12:39 . 2011-04-01 00:40 -------- d-----w- c:\users\RaeJae\AppData\Local\{F06CD8E8-6A07-4E03-B663-8F60F9598E8E}
    2011-03-30 21:17 . 2011-03-30 21:17 -------- d-----w- c:\programdata\AVS4YOU
    2011-03-30 21:17 . 2011-03-30 21:17 -------- d-----w- c:\users\RaeJae\AppData\Roaming\AVS4YOU
    2011-03-30 21:17 . 2011-03-30 21:17 -------- d-----w- c:\program files\Common Files\AVSMedia
    2011-03-30 21:17 . 2011-03-30 21:17 -------- d-----w- c:\program files\AVS4YOU
    2011-03-30 21:17 . 2011-01-10 22:53 24576 ----a-w- c:\windows\system32\msxml3a.dll
    2011-03-30 20:43 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm
    2011-03-30 20:37 . 2011-03-30 20:38 -------- d-----w- c:\users\RaeJae\AppData\Local\{7E25DA18-103E-4B1B-AF44-54D6418368E5}
    2011-03-29 19:35 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-29 19:35 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-29 19:35 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-03-29 04:27 . 2011-04-06 07:27 -------- dc-h--w- c:\programdata\{37C683B9-C5C5-47D2-AC1F-B551207D4066}
    2011-03-23 22:03 . 2011-04-06 20:58 -------- d-----w- c:\program files\BitTorrent
    2011-03-23 22:03 . 2011-04-13 21:21 -------- d-----w- c:\users\RaeJae\AppData\Roaming\BitTorrent
    2011-03-23 20:09 . 2011-03-23 20:09 -------- d-----w- c:\programdata\Arturia
    2011-03-23 03:07 . 2009-12-14 02:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-03-23 03:04 . 2011-03-23 03:04 -------- d-----w- c:\users\RaeJae\AppData\Roaming\Acoustica
    2011-03-23 03:04 . 2009-12-14 03:25 57344 ----a-w- c:\windows\system32\Wnaspint.dll
    2011-03-23 03:03 . 2011-03-23 03:03 -------- d-----w- c:\programdata\Acoustica
    2011-03-23 00:39 . 2011-03-23 00:39 -------- d-----w- c:\programdata\Ralink
    2011-03-23 00:38 . 2008-09-08 22:12 1597440 ----a-w- c:\windows\system32\RaCertMgr.dll
    2011-03-23 00:38 . 2011-03-23 00:38 -------- d-----w- c:\programdata\NetComm Driver
    2011-03-23 00:38 . 2009-04-28 05:23 724992 ----a-w- c:\windows\system32\drivers\netr28u.sys
    2011-03-23 00:38 . 2009-04-28 04:50 221184 ----a-w- c:\windows\system32\RaCoInst.dll
    2011-03-23 00:38 . 2011-03-23 00:38 -------- d-----w- c:\program files\Cisco
    2011-03-23 00:38 . 2008-12-03 03:03 97280 ----a-w- c:\windows\system32\RAEXTUI.dll
    2011-03-23 00:38 . 2008-12-03 03:01 766464 ----a-w- c:\windows\system32\RAIHV.dll
    2011-03-23 00:38 . 2008-07-08 19:03 1048576 ----a-w- c:\windows\system32\CiscoEapFast.dll
    2011-03-23 00:38 . 2011-03-23 00:38 -------- d-----w- c:\program files\NetComm
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-21 22:40 . 2010-06-23 22:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-07 09:51 . 2011-03-07 09:51 338432 ----a-w- c:\windows\system32\REX Shared Library.dll
    2011-02-17 11:22 . 2011-02-17 11:22 69632 ----a-w- c:\windows\system32\FxShared.dll
    2011-02-17 11:22 . 2011-02-17 11:22 69632 ----a-w- c:\windows\system32\com.fxpansion.fxshared.dll
    2011-02-03 05:45 . 2011-02-27 20:42 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-02-02 10:46 . 2011-02-02 10:46 406528 ----a-w- c:\windows\system32\ReWire.dll
    2011-02-02 05:11 . 2010-01-03 08:06 222080 ------w- c:\windows\system32\MpSigStub.exe
    2007-01-24 14:52 . 2007-01-24 14:52 65536 ----a-w- c:\program files\Common Files\NMSAccessU.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\Freecorder\prxtbFre0.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-11-17 23:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-10-10 02:51 3906656 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-17 333192]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-10 3906656]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-17 333192]
    "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-10 3906656]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AnVir Task Manager Free"="c:\program files\AnVir Task Manager Free\AnVir.exe" [2009-03-09 1563360]
    "HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-29 1689144]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-04-01 2228536]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-03 75016]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "hpsysdrv"="c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-13 248552]
    "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
    "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
    "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
    "UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
    "KBD"="c:\program files\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-14 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-14 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-14 150552]
    "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752]
    "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2010-09-22 884584]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-11 202256]
    "M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-11-09 643592]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2010-1-9 49220]
    NetComm Wireless Utility.lnk - c:\program files\NetComm\Common\RaUI.exe [2011-3-23 1830912]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "midi1"=KORGUMDD.DRV
    "midi7"=KORGUMDD.DRV
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
    2010-03-04 19:25 2815488 ----a-w- c:\program files\DAP\DAP.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
    2010-05-11 04:43 6061400 ----a-w- c:\program files\Logitech\Vid\Vid.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid HD]
    2010-05-11 04:43 6061400 ----a-w- c:\program files\Logitech\Vid\Vid.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-11-09 13:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [x]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 135664]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-25 4639136]
    R3 OXYGEN;Service for M-Audio Oxygen;c:\windows\system32\DRIVERS\MAudioOxygen.sys [2010-03-03 112136]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-02 1343400]
    S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2009-12-16 375296]
    S2 OxygenAudioDevMon;Oxygen Audio Device Monitor;c:\program files\M-Audio\Oxygen\AudioDevMon.exe [2010-03-03 1632776]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUMDS.SYS [2007-03-28 21984]
    S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [2009-11-09 158600]
    S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-04-28 724992]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 11:00]
    .
    2011-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 11:00]
    .
    2011-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-677347413-2995805031-2245204369-1000Core.job
    - c:\users\RaeJae\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 02:30]
    .
    2011-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-677347413-2995805031-2245204369-1000UA.job
    - c:\users\RaeJae\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 02:30]
    .
    2011-03-28 c:\windows\Tasks\HPCeeScheduleForRaeJae.job
    - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-05-04 08:17]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.nz/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=93&bd=Presario&pf=cndt
    uInternet Settings,ProxyOverride = *.local
    IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
    IE: &Envoyer à OneNote - /105
    IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.nz/
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)
    HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
    MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTAgent.exe
    AddRemove-1100 DX - c:\users\raejae\desktop\meeeaaannn vsti's\DeIsL1.isu
    AddRemove-RD - c:\users\RaeJae\Desktop\Today VST\RD\uninstall.exe
    AddRemove-Native Instruments Hardware Controller Support - c:\programdata\{09B301EE-C58B-408E-8D5D-E17495536D3E}\Hardware Controller Support Setup.exe
    AddRemove-Native Instruments Maschine Driver - c:\programdata\{EADDDB9C-2F20-4408-9D14-618D2AF3ADB4}\Maschine Driver Setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-677347413-2995805031-2245204369-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-677347413-2995805031-2245204369-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(640)
    c:\program files\AnVir Task Manager Free\AnvirHook55.dll
    c:\users\RaeJae\AppData\Local\FLVService\lib\FLVSrvLib.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Windows Live\Family Safety\fsssvc.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\NMSAccessU.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\system32\conhost.exe
    c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe
    c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    c:\windows\system32\sppsvc.exe
    c:\windows\system32\DllHost.exe
    c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\program files\Hewlett-Packard\KBD\kbd.exe
    .
    **************************************************************************
    .
    Completion time: 2011-04-21 15:31:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-04-21 03:31
    .
    Pre-Run: 204,448,718,848 bytes free
    Post-Run: 204,336,889,856 bytes free
    .
    - - End Of File - - F02F6A887488F5FB2B709E420FBC5D02
     
  16. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    It looks good now :)

    Is Avast still complaining about Bamital?
     
  17. JBEEZY

    JBEEZY TS Rookie Topic Starter Posts: 67

    I just ran Avast and no,no more Bamital warning. Does this mean that my computer is completely clean now?

    The Avast I have is only a demo,60 days or something. Can you please suggest what a good security program or combo would be good for my computer? Apart from Avast,I really dont know what else I have or what I shouldn't have?! I know there is Spybot and Anvir Task Manager Free and CCleaner but I'm not entirely sure what does what and if I need certain ones or not.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Good news :)

    We'll run couple more scans to make sure, you're clean.

    As for security programs, I'll post more info at the end of this topic.
    For now...I'm not sure what Avast version you installed, so you can uninstall, what you have now and install ONE of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

    When done....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  19. JBEEZY

    JBEEZY TS Rookie Topic Starter Posts: 67

    My computer just froze up while while in the process of installing Avast..Has the Avast installation progress screen and a Spybot Popup window (Browser Helper Object Value added)..The screen is frozen with these two things on it! What shall I do?
     
  20. JBEEZY

    JBEEZY TS Rookie Topic Starter Posts: 67

    Is okay now,it rebooted. Will do the OTL and post results.
     
  21. JBEEZY

    JBEEZY TS Rookie Topic Starter Posts: 67

    OTL Log Results 1

    OTL logfile created on: 21/04/2011 7:56:26 p.m. - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\RaeJae\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 455.36 Gb Total Space | 190.31 Gb Free Space | 41.79% Space Free | Partition Type: NTFS
    Drive D: | 10.40 Gb Total Space | 1.46 Gb Free Space | 14.05% Space Free | Partition Type: NTFS

    Computer Name: RAEJAE-PC | User Name: RaeJae | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/04/21 16:17:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\RaeJae\Desktop\OTL.exe
    PRC - [2011/04/19 05:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2010/05/11 15:11:30 | 001,188,176 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe
    PRC - [2010/05/11 15:11:20 | 000,341,328 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\LWS\LU\LULnchr.exe
    PRC - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
    PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    PRC - [2010/03/12 11:00:23 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/03/04 06:31:32 | 001,632,776 | ---- | M] (M-Audio) -- C:\Program Files\M-Audio\Oxygen\AudioDevMon.exe
    PRC - [2009/12/16 16:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
    PRC - [2009/11/16 08:59:11 | 000,158,752 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
    PRC - [2009/11/09 13:56:38 | 000,643,592 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe
    PRC - [2009/10/31 18:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
    PRC - [2009/08/28 11:53:00 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    PRC - [2009/07/14 13:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/14 13:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2009/06/29 09:29:48 | 001,830,912 | ---- | M] (NetComm Limited) -- C:\Program Files\NetComm\Common\RaUI.exe
    PRC - [2009/03/09 12:50:50 | 001,563,360 | ---- | M] (AnVir Software) -- C:\Program Files\AnVir Task Manager Free\AnVir.exe
    PRC - [2009/01/26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    PRC - [2007/12/13 15:36:46 | 000,049,220 | ---- | M] (Samsung) -- C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
    PRC - [2007/01/25 02:52:26 | 000,065,536 | ---- | M] () -- C:\Program Files\Common Files\NMSAccessU.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/04/21 16:17:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\RaeJae\Desktop\OTL.exe
    MOD - [2011/04/19 05:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
    MOD - [2010/08/21 17:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/04/19 05:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/03/04 06:31:32 | 001,632,776 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files\M-Audio\Oxygen\AudioDevMon.exe -- (OxygenAudioDevMon)
    SRV - [2010/03/02 14:08:54 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/01/05 06:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/12/16 16:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    SRV - [2009/07/14 13:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 13:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2007/01/25 02:52:26 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\NMSAccessU.exe -- (NMSAccessU)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/04/19 05:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/04/19 05:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/04/19 05:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/04/19 05:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/04/19 05:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2011/04/19 05:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/03/04 06:31:28 | 000,112,136 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioOxygen.sys -- (OXYGEN)
    DRV - [2009/12/02 12:56:16 | 000,092,792 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
    DRV - [2009/11/09 13:56:10 | 000,158,600 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
    DRV - [2009/07/14 11:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/04/28 17:23:52 | 000,724,992 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
    DRV - [2009/01/21 02:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2007/03/29 01:11:00 | 000,021,984 | ---- | M] (KORG Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KORGUMDS.SYS -- (KORGUMDS)
    DRV - [2006/08/28 16:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\MTictwl.sys -- (NCPro)
    DRV - [2006/08/28 16:12:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MTictwl.sys -- (MagicTune)
    DRV - [2005/12/12 16:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
    DRV - [2004/04/01 15:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=93&bd=Presario&pf=cndt
    IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
    IE - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
    FF - prefs.js..browser.startup.homepage: "http://www.google.co.nz/"
    FF - prefs.js..extensions.enabledItems: apptabs@frankyan.com:0.6.2
    FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
    FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.4.0.1
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
    FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4
    FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.2.5.2
    FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
    FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
    FF - prefs.js..extensions.enabledItems: tabberwocky@studio17.wordpress.com:1.1
    FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.2
    FF - prefs.js..extensions.enabledItems: {eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c58}:2.0.2
    FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
    FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.5
    FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
    FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.0.4
    FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/12 11:01:28 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/02 23:06:45 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/02 23:06:45 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011/04/16 16:01:56 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins

    [2010/01/17 23:03:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RaeJae\AppData\Roaming\Mozilla\Extensions
    [2011/04/09 11:25:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions
    [2010/10/28 08:59:02 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
    [2011/03/25 20:39:18 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    [2010/04/28 07:46:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/04/01 09:59:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/03/22 15:10:13 | 000,000,000 | ---D | M] ("SecretHelper") -- C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions\{eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c58}
    [2011/02/03 00:51:40 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
    [2010/03/02 14:19:26 | 000,000,000 | ---D | M] (App Tabs) -- C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions\apptabs@frankyan.com
    [2011/03/25 20:39:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions\engine@conduit.com
    [2010/03/02 14:19:26 | 000,000,000 | ---D | M] (Tabberwocky) -- C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions\tabberwocky@studio17.wordpress.com
    [2011/04/21 15:22:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    File not found (No name found) --
    [2011/04/14 12:58:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 10\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    () (No name found) -- C:\USERS\RAEJAE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5W8GSB98.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
    () (No name found) -- C:\USERS\RAEJAE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5W8GSB98.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
    () (No name found) -- C:\USERS\RAEJAE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5W8GSB98.DEFAULT\EXTENSIONS\{5C46D283-ABDE-4DCE-B83C-08881401921C}.XPI
    () (No name found) -- C:\USERS\RAEJAE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5W8GSB98.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
    () (No name found) -- C:\USERS\RAEJAE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5W8GSB98.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
    [2010/01/05 10:34:19 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    [2007/03/10 11:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

    O1 HOSTS File: ([2011/04/21 15:24:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
    O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
    O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
    O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UpdateLBPShortCut] c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000..\Run: [AnVir Task Manager Free] C:\Program Files\AnVir Task Manager Free\AnVir.exe (AnVir Software)
    O4 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
    O4 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O7 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.8.05.cab (Bebo Uploader Control)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-nz.cab (Windows Live Hotmail Photo Upload Tool)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O24 - Desktop WallPaper: C:\Users\RaeJae\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg
    O24 - Desktop BackupWallPaper: C:\Users\RaeJae\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 09:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: midi1 - C:\Windows\System32\KORGUMDD.DRV (KORG Inc.)
    Drivers32: midi7 - C:\Windows\System32\KORGUMDD.DRV (KORG Inc.)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
    Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
     
  22. JBEEZY

    JBEEZY TS Rookie Topic Starter Posts: 67

    OTL Log Results 2

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/21 19:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2011/04/21 18:38:54 | 000,307,288 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2011/04/21 18:38:54 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2011/04/21 18:38:51 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2011/04/21 18:38:50 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2011/04/21 18:38:50 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2011/04/21 18:38:49 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2011/04/21 18:38:40 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2011/04/21 18:38:40 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/04/21 18:38:01 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\RaeJae\Desktop\OTL.exe
    [2011/04/21 15:31:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/04/21 15:25:42 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{A8AE14F2-1E4F-483A-BD79-952B7A767ADC}
    [2011/04/21 15:24:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/04/21 15:13:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/04/21 15:13:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/04/21 15:13:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/04/21 15:12:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/04/21 15:12:50 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/04/21 15:11:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/04/21 15:10:47 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/21 11:27:04 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{5EC40114-D36E-48D6-97F7-C94AA36076D4}
    [2011/04/20 18:23:45 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Roaming\Malwarebytes
    [2011/04/20 18:23:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/04/20 18:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/04/20 18:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/04/20 18:23:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/04/20 18:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/04/20 16:28:20 | 035,225,928 | ---- | C] (COMODO) -- C:\Users\RaeJae\Desktop\cfw_installer_x86.exe
    [2011/04/20 16:28:20 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\RaeJae\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/04/20 16:28:20 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\RaeJae\Desktop\TFC.exe
    [2011/04/20 13:39:20 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{4C8437FA-9B99-4CBF-A3F1-FA613C1C825C}
    [2011/04/19 17:03:50 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{609E11D7-485F-4B01-99E0-4ABBDE0E8B2A}
    [2011/04/19 16:40:17 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{C2E022B5-C93F-4EF5-A47B-FFCFD20FD017}
    [2011/04/16 13:18:39 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{787EAFD0-2B98-4F63-9D5B-331774D5E51C}
    [2011/04/14 15:20:23 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{8E2A8A4C-0535-4076-A51E-8B70D96314DB}
    [2011/04/14 12:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2011/04/14 12:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/04/14 12:24:28 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\Conduit
    [2011/04/14 12:12:57 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{6CF5DCAA-8975-4025-883D-218CE2D891AF}
    [2011/04/14 09:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2011/04/14 09:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/04/14 09:22:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2011/04/12 22:11:46 | 000,000,000 | R--D | C] -- C:\Users\RaeJae\Desktop\REBEL WITHOUT APPLAUSE
    [2011/04/12 09:54:47 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{04323764-5268-48E8-86F3-62D7DC592526}
    [2011/04/11 22:00:29 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\Desktop\Silverback Gang
    [2011/04/11 19:38:30 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{AAAAF49F-BE39-47CC-9620-25FCB580F967}
    [2011/04/11 13:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
    [2011/04/11 13:01:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
    [2011/04/11 13:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2011/04/10 19:37:24 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{1E3AC23E-0819-4446-944C-358872EC34D2}
    [2011/04/08 12:56:11 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{0E7B7C2E-6518-44A6-8DA6-56DE5271BEA1}
    [2011/04/08 12:39:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F751CA04-FB71-4EC0-ACC9-5B733D122C5E}
    [2011/04/08 12:38:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\{20EFD19B-675C-417B-A498-B0161D72FF88}
    [2011/04/08 12:36:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\{3C6B30C3-46C9-4FD1-AAC3-6011E43BF0D1}
    [2011/04/08 12:16:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F828BFD7-781D-4BD3-AD6C-71D19DC23493}
    [2011/04/08 12:02:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E6F7E8AE-5D26-4508-A961-B0231A24CCAE}
    [2011/04/08 11:48:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C5A0D307-9319-4B00-9734-C0F4B0454A7B}
    [2011/04/08 10:40:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}
    [2011/04/07 09:00:25 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{D0D41795-8F52-4E52-93FE-AEBCC1745C49}
    [2011/04/06 19:13:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{16E6DCE6-1916-4566-A3CF-31880CAA7C63}
    [2011/04/06 16:17:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
    [2011/04/06 16:13:35 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
    [2011/04/06 16:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
    [2011/04/06 16:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
    [2011/04/06 16:13:00 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Roaming\DAEMON Tools Lite
    [2011/04/06 16:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
    [2011/04/06 13:05:32 | 001,332,224 | ---- | C] (AD © 2009) -- C:\Windows\System32\SYNSOEMU.DLL
    [2011/04/05 16:35:21 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\Desktop\Mess Clean After
    [2011/04/04 10:54:46 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{4F597D4D-CBC3-427C-A896-C4ECFD6FAFF8}
    [2011/04/03 18:49:06 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{A0BB2CE6-790F-44C5-8D8B-62BADB871418}
    [2011/04/02 23:54:57 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{ED84A8A4-45D6-4F0C-9663-C6F4EF268289}
    [2011/04/02 11:50:47 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{2CA530FE-C91F-421F-8F88-D1364FF07BEB}
    [2011/04/01 00:39:42 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{F06CD8E8-6A07-4E03-B663-8F60F9598E8E}
    [2011/03/31 09:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
    [2011/03/31 09:17:25 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Roaming\AVS4YOU
    [2011/03/31 09:17:18 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
    [2011/03/31 09:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
    [2011/03/31 09:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
    [2011/03/31 09:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
    [2011/03/31 08:37:53 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{7E25DA18-103E-4B1B-AF44-54D6418368E5}
    [2011/03/29 16:27:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\{37C683B9-C5C5-47D2-AC1F-B551207D4066}
    [2011/03/24 10:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
    [2011/03/24 10:03:06 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Roaming\BitTorrent
    [2011/03/24 08:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Arturia
    [2011/03/23 15:04:17 | 000,057,344 | ---- | C] (NexiTech, Inc.) -- C:\Windows\System32\Wnaspint.dll
    [2011/03/23 15:04:17 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Roaming\Acoustica
    [2011/03/23 15:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Acoustica
    [2011/03/23 12:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
    [2011/03/23 12:38:58 | 001,597,440 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RaCertMgr.dll
    [2011/03/23 12:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetComm Wireless
    [2011/03/23 12:38:49 | 000,724,992 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\System32\drivers\netr28u.sys
    [2011/03/23 12:38:49 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\System32\RaCoInst.dll
    [2011/03/23 12:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NetComm Driver
    [2011/03/23 12:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
    [2011/03/23 12:38:20 | 000,766,464 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RAIHV.dll
    [2011/03/23 12:38:20 | 000,097,280 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RAEXTUI.dll
    [2011/03/23 12:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\NetComm

    ========== Files - Modified Within 30 Days ==========

    [2011/04/21 19:42:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/04/21 19:22:21 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/04/21 19:22:21 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/04/21 19:21:58 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-677347413-2995805031-2245204369-1000UA.job
    [2011/04/21 19:20:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-677347413-2995805031-2245204369-1000Core.job
    [2011/04/21 19:15:16 | 000,000,632 | RHS- | M] () -- C:\Users\RaeJae\ntuser.pol
    [2011/04/21 19:15:13 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/04/21 19:14:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/04/21 19:14:30 | 1602,101,248 | -HS- | M] () -- C:\hiberfil.sys
    [2011/04/21 19:10:53 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/04/21 19:10:52 | 000,000,000 | ---- | M] () -- C:\Windows\System32\config.nt
    [2011/04/21 18:17:13 | 002,144,362 | ---- | M] () -- C:\Users\RaeJae\Desktop\Noize Kontrol - What Goes On Tour Rough Beat.mp3
    [2011/04/21 16:17:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\RaeJae\Desktop\OTL.exe
    [2011/04/21 16:15:08 | 056,189,640 | ---- | M] () -- C:\Users\RaeJae\Desktop\setup_av_free.exe
    [2011/04/21 15:24:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/04/21 15:12:43 | 004,325,691 | R--- | M] () -- C:\Users\RaeJae\Desktop\ComboFix.exe
    [2011/04/21 13:48:10 | 000,080,384 | ---- | M] () -- C:\Users\RaeJae\Desktop\MBRCheck.exe
    [2011/04/20 18:23:28 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/04/20 18:21:12 | 000,010,374 | -HS- | M] () -- C:\Users\RaeJae\AppData\Local\0v128yg110yy544h80wqr2
    [2011/04/20 17:30:52 | 000,010,374 | -HS- | M] () -- C:\ProgramData\0v128yg110yy544h80wqr2
    [2011/04/20 16:23:15 | 000,659,294 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/04/20 16:23:15 | 000,140,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/04/20 14:18:50 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\RaeJae\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/04/20 14:17:12 | 000,625,664 | ---- | M] () -- C:\Users\RaeJae\Desktop\dds.scr
    [2011/04/20 14:16:38 | 000,301,568 | ---- | M] () -- C:\Users\RaeJae\Desktop\1gdrr692.exe
    [2011/04/20 14:15:34 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\RaeJae\Desktop\TFC.exe
    [2011/04/20 11:58:22 | 035,225,928 | ---- | M] (COMODO) -- C:\Users\RaeJae\Desktop\cfw_installer_x86.exe
    [2011/04/20 09:41:52 | 000,003,486 | ---- | M] () -- C:\Users\RaeJae\Documents\cc_20110420_094146.reg
    [2011/04/19 05:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/04/19 05:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2011/04/19 05:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2011/04/19 05:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2011/04/19 05:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2011/04/19 05:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2011/04/19 05:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2011/04/19 05:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2011/04/16 13:16:52 | 000,438,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/04/14 12:26:14 | 000,045,494 | ---- | M] () -- C:\Users\RaeJae\Documents\cc_20110414_122612.reg
    [2011/04/14 12:24:44 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/04/14 09:21:42 | 000,008,782 | ---- | M] () -- C:\Users\RaeJae\Documents\cc_20110414_092139.reg
    [2011/04/14 09:02:12 | 000,200,704 | RHS- | M] () -- C:\Windows\System32\LAPRXYQ.dll
    [2011/04/11 18:02:34 | 000,000,000 | ---- | M] () -- C:\Users\RaeJae\AppData\Local\prvlcl.dat
    [2011/04/11 13:06:30 | 074,465,036 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
    [2011/04/09 13:36:19 | 000,114,422 | ---- | M] () -- C:\Users\RaeJae\Documents\cc_20110409_133615.reg
    [2011/04/08 14:02:18 | 035,778,560 | ---- | M] () -- C:\Users\RaeJae\Desktop\Maschine 1.5 Beat.wav
    [2011/04/08 12:38:41 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Controller Editor.lnk
    [2011/04/08 10:40:23 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Service Center.lnk
    [2011/04/08 08:56:46 | 024,977,120 | ---- | M] () -- C:\Users\RaeJae\Desktop\Maschine Rough.wav
    [2011/04/07 18:48:30 | 015,274,235 | ---- | M] () -- C:\Users\RaeJae\Desktop\PainKiller - HitzBeat.mp3
    [2011/04/06 16:13:35 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
    [2011/04/06 16:13:29 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    [2011/04/02 14:44:39 | 000,002,830 | ---- | M] () -- C:\Users\RaeJae\Documents\cc_20110402_154436.reg
    [2011/03/31 17:08:10 | 000,015,442 | ---- | M] () -- C:\Users\RaeJae\Documents\cc_20110331_180806.reg
    [2011/03/31 09:17:20 | 000,001,257 | ---- | M] () -- C:\Users\RaeJae\Desktop\AVS4YOU Software Navigator.lnk
    [2011/03/31 09:17:10 | 000,001,201 | ---- | M] () -- C:\Users\RaeJae\Desktop\AVS Image Converter.lnk
    [2011/03/28 15:09:54 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRaeJae.job
    [2011/03/25 00:02:51 | 000,036,534 | ---- | M] () -- C:\Users\RaeJae\Desktop\Document 1.rns
    [2011/03/24 10:03:47 | 000,000,963 | ---- | M] () -- C:\Users\RaeJae\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
    [2011/03/24 10:03:47 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
    [2011/03/23 17:23:12 | 000,023,544 | ---- | M] () -- C:\Users\RaeJae\Documents\cc_20110323_182300.reg
    [2011/03/23 12:38:58 | 000,001,947 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NetComm Wireless Utility.lnk

    ========== Files Created - No Company Name ==========

    [2011/04/21 18:38:54 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/04/21 18:37:58 | 056,189,640 | ---- | C] () -- C:\Users\RaeJae\Desktop\setup_av_free.exe
    [2011/04/21 18:15:10 | 002,144,362 | ---- | C] () -- C:\Users\RaeJae\Desktop\Noize Kontrol - What Goes On Tour Rough Beat.mp3
    [2011/04/21 15:13:15 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/04/21 15:13:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/04/21 15:13:15 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/04/21 15:13:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/04/21 15:13:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/04/21 13:53:06 | 000,080,384 | ---- | C] () -- C:\Users\RaeJae\Desktop\MBRCheck.exe
    [2011/04/21 13:53:05 | 004,325,691 | R--- | C] () -- C:\Users\RaeJae\Desktop\ComboFix.exe
    [2011/04/20 18:23:28 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/04/20 16:28:22 | 000,301,568 | ---- | C] () -- C:\Users\RaeJae\Desktop\1gdrr692.exe
    [2011/04/20 16:28:20 | 000,625,664 | ---- | C] () -- C:\Users\RaeJae\Desktop\dds.scr
    [2011/04/20 09:41:50 | 000,003,486 | ---- | C] () -- C:\Users\RaeJae\Documents\cc_20110420_094146.reg
    [2011/04/19 23:26:16 | 000,010,374 | -HS- | C] () -- C:\Users\RaeJae\AppData\Local\0v128yg110yy544h80wqr2
    [2011/04/19 23:26:16 | 000,010,374 | -HS- | C] () -- C:\ProgramData\0v128yg110yy544h80wqr2
    [2011/04/16 19:11:07 | 015,274,235 | ---- | C] () -- C:\Users\RaeJae\Desktop\PainKiller - HitzBeat.mp3
    [2011/04/14 12:26:13 | 000,045,494 | ---- | C] () -- C:\Users\RaeJae\Documents\cc_20110414_122612.reg
    [2011/04/14 09:21:41 | 000,008,782 | ---- | C] () -- C:\Users\RaeJae\Documents\cc_20110414_092139.reg
    [2011/04/14 09:02:12 | 000,200,704 | RHS- | C] () -- C:\Windows\System32\LAPRXYQ.dll
    [2011/04/11 13:06:30 | 074,465,036 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
    [2011/04/09 13:36:17 | 000,114,422 | ---- | C] () -- C:\Users\RaeJae\Documents\cc_20110409_133615.reg
    [2011/04/08 14:02:18 | 035,778,560 | ---- | C] () -- C:\Users\RaeJae\Desktop\Maschine 1.5 Beat.wav
    [2011/04/08 12:38:41 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Controller Editor.lnk
    [2011/04/08 10:40:23 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Service Center.lnk
    [2011/04/08 08:56:41 | 024,977,120 | ---- | C] () -- C:\Users\RaeJae\Desktop\Maschine Rough.wav
    [2011/04/06 16:13:29 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    [2011/04/02 14:44:37 | 000,002,830 | ---- | C] () -- C:\Users\RaeJae\Documents\cc_20110402_154436.reg
    [2011/03/31 17:08:09 | 000,015,442 | ---- | C] () -- C:\Users\RaeJae\Documents\cc_20110331_180806.reg
    [2011/03/31 09:17:20 | 000,001,257 | ---- | C] () -- C:\Users\RaeJae\Desktop\AVS4YOU Software Navigator.lnk
    [2011/03/31 09:17:10 | 000,001,201 | ---- | C] () -- C:\Users\RaeJae\Desktop\AVS Image Converter.lnk
    [2011/03/24 16:10:44 | 000,036,534 | ---- | C] () -- C:\Users\RaeJae\Desktop\Document 1.rns
    [2011/03/24 10:03:47 | 000,000,963 | ---- | C] () -- C:\Users\RaeJae\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
    [2011/03/24 10:03:47 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
    [2011/03/23 17:23:02 | 000,023,544 | ---- | C] () -- C:\Users\RaeJae\Documents\cc_20110323_182300.reg
    [2011/03/23 12:38:58 | 000,001,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NetComm Wireless Utility.lnk
    [2011/03/23 12:38:49 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
    [2011/02/17 23:22:04 | 000,069,632 | ---- | C] () -- C:\Windows\System32\FxShared.dll
    [2011/02/17 23:22:04 | 000,069,632 | ---- | C] () -- C:\Windows\System32\com.fxpansion.fxshared.dll
    [2011/01/18 14:25:24 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
    [2010/12/20 16:24:25 | 002,600,164 | ---- | C] () -- C:\Users\RaeJae\AppData\Local\TempMediaPlay.wav
    [2010/12/10 12:11:06 | 000,000,004 | ---- | C] () -- C:\ProgramData\sysid100.dat
    [2010/12/01 09:14:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\Hyperman.dll
    [2010/12/01 09:11:54 | 000,024,576 | ---- | C] () -- C:\Windows\System32\Wavlbsys.dll
    [2010/11/30 14:04:41 | 000,129,024 | ---- | C] () -- C:\Windows\UNWISE.EXE
    [2010/11/30 13:58:05 | 000,520,267 | ---- | C] () -- C:\Windows\System32\libmmd.dll
    [2010/11/30 13:23:51 | 000,002,240 | ---- | C] () -- C:\Windows\LENDIG.sys
    [2010/11/29 11:55:05 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll
    [2010/10/15 10:48:13 | 000,000,000 | ---- | C] () -- C:\Users\RaeJae\AppData\Local\prvlcl.dat
    [2010/08/25 03:00:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\privatedata.dll
    [2010/08/14 19:14:27 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2010/06/29 23:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
    [2010/06/02 10:35:15 | 000,217,088 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
    [2010/06/02 10:35:09 | 001,362,460 | ---- | C] () -- C:\Windows\System32\ExpansionHD_Firmware.bin
    [2010/05/14 21:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
    [2010/05/14 21:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
    [2010/05/14 21:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
    [2010/05/14 21:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
    [2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
    [2010/05/03 11:29:33 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
    [2010/05/03 11:27:48 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
    [2010/05/03 11:27:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
    [2010/02/25 20:31:40 | 000,005,632 | ---- | C] () -- C:\Users\RaeJae\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/02/02 01:09:05 | 000,212,992 | ---- | C] () -- C:\Windows\ALCHUNIN.EXE
    [2010/01/24 16:06:36 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
    [2010/01/21 13:38:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/01/17 23:08:10 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
    [2010/01/09 13:40:49 | 000,013,312 | ---- | C] () -- C:\Windows\System32\drivers\MTictwl.sys
    [2010/01/08 12:31:11 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
    [2010/01/05 12:08:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2010/01/04 01:21:38 | 000,000,052 | ---- | C] () -- C:\Windows\Relax.ini
    [2010/01/04 01:13:49 | 000,185,856 | ---- | C] () -- C:\Windows\System32\Bmp2Jpeg.dll
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/07/14 16:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 16:33:53 | 000,438,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/14 14:05:48 | 000,659,294 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/14 14:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/14 14:05:48 | 000,140,320 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/14 14:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/14 14:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/14 14:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/14 11:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/14 11:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/14 11:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/06/11 09:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2009/05/05 01:19:59 | 000,354,816 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
    [2009/05/05 01:19:59 | 000,108,032 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
    [2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
    [2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2007/04/18 22:07:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
    [2007/01/25 02:52:26 | 000,065,536 | ---- | C] () -- C:\Program Files\Common Files\NMSAccessU.exe

    ========== LOP Check ==========

    [2010/04/23 18:33:46 | 000,000,000 | ---D | M] -- C:\Users\ChaKotAshWai\AppData\Roaming\Ashampoo Cover Studio 2
    [2010/06/06 15:32:01 | 000,000,000 | ---D | M] -- C:\Users\ChaKotAshWai\AppData\Roaming\ElementalsTheMagicKey
    [2010/09/24 18:50:26 | 000,000,000 | ---D | M] -- C:\Users\ChaKotAshWai\AppData\Roaming\Friday's games
    [2010/05/04 18:50:56 | 000,000,000 | ---D | M] -- C:\Users\ChaKotAshWai\AppData\Roaming\funkitron
    [2010/05/04 18:36:06 | 000,000,000 | ---D | M] -- C:\Users\ChaKotAshWai\AppData\Roaming\Jane s Hotel Family Hero
    [2010/02/09 17:02:12 | 000,000,000 | ---D | M] -- C:\Users\ChaKotAshWai\AppData\Roaming\WildTangent
    [2010/12/09 11:15:20 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\4Front
    [2010/06/02 09:13:21 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Ableton
    [2011/03/23 15:04:17 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Acoustica
    [2010/01/17 23:03:32 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Ambient Design
    [2010/06/01 18:50:10 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Ancient Quest of Saqqarah__wildtan
    [2010/11/30 12:32:50 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Applied Acoustics Systems
    [2010/04/27 07:55:42 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Ashampoo
    [2011/04/13 02:57:59 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Ashampoo Cover Studio 2
    [2011/02/03 14:34:01 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\AVG10
    [2011/04/14 09:21:00 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\BitTorrent
    [2010/12/27 15:54:51 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Blue Cat Audio
    [2010/01/17 23:03:32 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Bump Technologies, Inc
    [2010/06/17 09:05:15 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/04/06 16:18:18 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\DAEMON Tools Lite
    [2011/02/02 22:43:16 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\DAEMON Tools Pro
    [2010/12/03 09:05:50 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Deckadance16
    [2010/06/29 19:20:03 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Dexpot
    [2010/11/30 13:39:59 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\FabFilter
    [2010/01/17 23:03:33 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Foxit
    [2010/03/30 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Foxit Software
    [2010/10/15 11:44:40 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\FreeImageConverter
    [2010/04/22 20:52:55 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\FreezeTag
    [2010/10/11 10:20:15 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\FrostWire
    [2010/05/11 19:27:47 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\funkitron
    [2011/02/17 23:23:59 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\FXpansion
    [2010/03/05 08:51:26 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\GetRightToGo
    [2010/03/31 13:54:48 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\ImgBurn
    [2010/08/17 17:45:37 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\ImTOO
    [2010/02/03 11:10:03 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\IObit
    [2010/06/12 10:16:40 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\iShell
    [2010/12/10 13:07:11 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\iZotope
    [2010/06/27 18:40:20 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Leadertech
    [2010/01/20 15:42:52 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\MysteryStudio
    [2010/05/10 20:02:49 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\NCH Swift Sound
    [2011/04/01 01:55:23 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\PACE Anti-Piracy
    [2011/04/05 16:34:44 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\PreSonus
    [2011/02/02 22:48:25 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Propellerhead Software
    [2010/02/03 01:00:48 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Publish Providers
    [2010/01/20 17:28:41 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Recordpad
    [2010/11/11 15:42:34 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Smartelectronix
    [2010/12/20 19:30:30 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Sony
    [2010/02/23 12:10:19 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\SynthMaker
    [2010/05/07 12:39:07 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\SystemRequirementsLab
    [2010/11/02 18:18:29 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\TweakNow RegCleaner
    [2010/05/10 10:49:16 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
    [2010/01/24 20:38:04 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Uniblue
    [2010/01/17 23:03:42 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Virtual City
    [2010/02/17 12:15:33 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\VitySoft
    [2010/12/06 09:57:27 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Waves Audio
    [2010/01/17 23:03:43 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\WildTangent
    [2010/01/17 23:03:43 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\WinBatch
    [2010/03/05 08:53:15 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Xilisoft Corporation
    [2011/03/04 21:48:30 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/06/11 09:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/07/14 13:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/01/18 19:41:48 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/04/21 15:31:52 | 000,026,243 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/11 09:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010/10/15 13:31:44 | 000,001,370 | ---- | M] () -- C:\docuPrinter.log
    [2010/10/21 21:53:27 | 000,002,750 | ---- | M] () -- C:\FINIS_IT.TXT
    [2011/04/21 19:14:30 | 1602,101,248 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/20 16:25:30 | 000,015,803 | ---- | M] () -- C:\INSTALL.LOG
    [2010/08/06 12:17:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/08/06 12:17:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/04/21 19:14:35 | 2136,137,728 | -HS- | M] () -- C:\pagefile.sys
    [2009/05/05 01:44:16 | 000,000,349 | ---- | M] () -- C:\updatedatfix.log
    [2008/08/27 00:37:52 | 000,000,458 | ---- | M] () -- C:\Windows Sidebar

    < %systemroot%\Fonts\*.com >
    [2009/07/14 16:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 16:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 16:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 16:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/11 09:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/06/22 17:58:20 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2009/07/14 13:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2009/07/14 13:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/04/19 05:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 16:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/01/04 02:44:15 | 000,000,221 | -HS- | M] () -- C:\Users\RaeJae\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
    [2010/01/17 23:20:41 | 000,000,221 | -HS- | M] () -- C:\Users\RaeJae\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2010/01/05 10:35:14 | 000,000,201 | ---- | M] () -- C:\Users\RaeJae\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.url

    < %USERPROFILE%\Desktop\*.exe >
    [2011/04/20 14:16:38 | 000,301,568 | ---- | M] () -- C:\Users\RaeJae\Desktop\1gdrr692.exe
    [2011/04/20 11:58:22 | 035,225,928 | ---- | M] (COMODO) -- C:\Users\RaeJae\Desktop\cfw_installer_x86.exe
    [2011/04/21 15:12:43 | 004,325,691 | R--- | M] () -- C:\Users\RaeJae\Desktop\ComboFix.exe
    [2011/04/20 14:18:50 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\RaeJae\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/04/21 13:48:10 | 000,080,384 | ---- | M] () -- C:\Users\RaeJae\Desktop\MBRCheck.exe
    [2011/04/21 16:17:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\RaeJae\Desktop\OTL.exe
    [2011/04/21 16:15:08 | 056,189,640 | ---- | M] () -- C:\Users\RaeJae\Desktop\setup_av_free.exe
    [2011/04/20 14:15:34 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\RaeJae\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >
    [2007/01/25 02:52:26 | 000,065,536 | ---- | M] () -- C:\Program Files\Common Files\NMSAccessU.exe

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/11 09:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/14 21:36:52 | 000,000,402 | -HS- | M] () -- C:\Users\RaeJae\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/04/20 17:30:52 | 000,010,374 | -HS- | M] () -- C:\ProgramData\0v128yg110yy544h80wqr2

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 1238 bytes -> C:\Users\RaeJae\AppData\Local\3KDlJfWHhxqk8US:eek:0XruD21dPH8RG99Zx2A
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:D74B6CF5
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 1057 bytes -> C:\Users\RaeJae\AppData\Local\mhpZyXByCHO9WP:Fu8w9uaQQLrCJXEJHIpdfbnC
    @Alternate Data Stream - 1033 bytes -> C:\Users\RaeJae\AppData\Local\Temp:SVSytjQYCf1FZESAvcJs0tQMN

    < End of report >
     
  23. JBEEZY

    JBEEZY TS Rookie Topic Starter Posts: 67

    OTL Log Extras

    OTL Extras logfile created on: 21/04/2011 7:56:26 p.m. - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\RaeJae\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 455.36 Gb Total Space | 190.31 Gb Free Space | 41.79% Space Free | Partition Type: NTFS
    Drive D: | 10.40 Gb Total Space | 1.46 Gb Free Space | 14.05% Space Free | Partition Type: NTFS

    Computer Name: RAEJAE-PC | User Name: RaeJae | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-677347413-2995805031-2245204369-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
    "{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
    "{0E086923-AAA3-4F98-A6E2-48B64CE27553}" = Native Instruments Reaktor Factory Selection
    "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
    "{11F703F5-DCAF-49EC-8CD2-488F483E32B0}" = KORG USB-MIDI Driver Tools for Windows
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20140000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2010 (Beta)
    "{20140000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2010 (Beta)
    "{20140000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2010 (Beta)
    "{20140000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2010 (Beta)
    "{20140000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2010 (Beta)
    "{20140000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2010 (Beta)
    "{20140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010 (Beta)
    "{20140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 (Beta)
    "{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
    "{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
    "{20140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010 (Beta)
    "{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
    "{20140000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2010 (Beta)
    "{20140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 (Beta)
    "{20140000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2010 (Beta)
    "{20140000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2010 (Beta)
    "{20F5F3A3-8BF3-68B2-7133-D8A43F69AC7D}" = TweetDeck
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{236E0A03-6110-485E-B0F9-399215948BB7}" = M-Audio FastTrackPro Driver 6.0.2 (x86)
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
    "{267B3E82-C941-47D8-BCD3-1BBBB56FCBC6}" = Native Instruments Maschine Controller Driver
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
    "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
    "{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
    "{33286B63-B749-4D54-AA04-5631319B168D}" = GEAR driver installer for x86 Win2K
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{348CE492-86E7-4594-9051-2F3DCE39463F}" = V-Station
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
    "{423C4130-EBC3-410A-B3A0-37BBF9D607D5}" = T-RackS 3 Deluxe
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4EBE7270-A95A-4A03-82C0-41A6F38A4DB2}" = Native Instruments Maschine Factory Content 1.5
    "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{6438691E-D44E-4A18-B6C4-D1EB26281D6A}" = Native Instruments Mikro Prism
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7F099B88-FE9D-4287-BE5F-3ED2BD16223C}" = Native Instruments Maschine
    "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{80D3F817-2D33-4643-B900-64AE2C0C4745}" = M-Audio Oxygen Driver 1.2.1 (x86)
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = NetComm NetComm 900n Series Wireless USB Adapter
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{94056AE8-EF0F-45E4-A1B4-D754115F8A28}" = Numedia CD-DVD writing as non-admin user
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{9FA2E0CF-64E8-3536-BA71-618A48D9AF55}" = Google Talk Plugin
    "{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A2DDE39D-BA16-4DBB-9C96-A6703142DCF3}" = Native Instruments Komplete 7 Players
    "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1" = Bass Station 1.50
    "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{AFE354A5-640F-4A23-94C8-0B441E8967CA}" = Digidesign Shared Plug-Ins 7.4
    "{B0FC9E28-1CE6-4A40-BEF1-C6E6EDFCA070}" = Native Instruments Kontakt Factory Selection
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
    "{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D28571EC-82E4-414D-B09D-BBA1B5B3FE55}" = Native Instruments Maschine Factory Content
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
    "{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
    "{D5D3F942-1061-4031-8032-D78728F9A920}" = Windows 7 Manager
    "{D77332DD-FA53-4E49-9F4B-3863B8D56196}" = KORG padKONTROL Editor Librarian
    "{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1" = Focusrite Scarlett Plug-in Suite 1.1
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
    "{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
    "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
    "{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
    "{FC6AFD44-EDF9-4A03-AB9E-16A5391FE24F}" = Native Instruments Maschine
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "{FF600C37-6328-4348-A67A-3F85D8039604}" = Native Instruments Kore Player
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Abbeyroadplugins EMI Brilliance Pack VST RTAS_is1" = Abbeyroadplugins EMI Brilliance Pack VST RTAS v1.0.6
    "Abbeyroadplugins EMI RS 124 Compressor VST RTAS_is1" = Abbeyroadplugins EMI RS 124 Compressor VST RTAS v1.0
    "Abbeyroadplugins EMI TG 12413 Limiter VST RTAS_is1" = Abbeyroadplugins EMI TG 12413 Limiter VST RTAS v2.0.1
    "Abbeyroadplugins EMI TG Mastering Pack VST RTAS_is1" = Abbeyroadplugins EMI TG Mastering Pack VST RTAS v1.0.2
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Analog Factory HipHop_is1" = Analog Factory HipHop 2.2.1
    "Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
    "Antares Filter VST DX v1.01" = Antares Filter VST DX v1.01
    "Antares Harmony Engine VST RTAS_is1" = Antares Harmony Engine VST RTAS v1.0
    "Antares Microphone Modeler DX v1.32" = Antares Microphone Modeler DX v1.32
    "Antares Tube VST v1.02" = Antares Tube VST v1.02
    "AnVir Task Manager Free" = AnVir Task Manager Free
    "Arturia Arp2600 V v1.0" = Arturia Arp2600 V v1.0
    "Arturia CS-80V_is1" = Arturia CS-80V v1.6
    "Arturia minimoog V_is1" = Arturia minimoog V v1.6
    "Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
    "Ashampoo Cover Studio 2_is1" = Ashampoo Cover Studio 2.2.0
    "Ashampoo Internet Accelerator 3_is1" = Ashampoo Internet Accelerator 3.20
    "Ashampoo Magical Snap 2_is1" = Ashampoo Magical Snap 2.31
    "Ashampoo Music Studio 2009_is1" = Ashampoo Music Studio 2009
    "Ashampoo Slideshow Studio 2010_is1" = Ashampoo Slideshow Studio 2010
    "ASIO4ALL" = ASIO4ALL
    "Ask Toolbar_is1" = Foxit Toolbar
    "avast" = avast! Free Antivirus
    "AVS Image Converter_is1" = AVS Image Converter 1.3.3.146
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "BitTorrent" = BitTorrent
    "bx_shredspread Native_is1" = bx_shredspread Native 1.0.3
    "CCleaner" = CCleaner
    "Clean!" = Clean! v1.0
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "conduitEngine" = Conduit Engine
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "DeClicker" = Steinberg DeClicker v1.21
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
    "eLicenser Control" = eLicenser Control
    "FL Studio 9" = FL Studio 9
    "Foxit Reader" = Foxit Reader
    "Freecorder Toolbar" = Freecorder Toolbar
    "Freecorder4.0" = Freecorder 4.0 Application
    "Game Booster_is1" = Game Booster
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "IL Download Manager" = IL Download Manager
    "ImgBurn" = ImgBurn
    "impOSCar" = GForce - impOSCar
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "Live 6.0.1" = Live 6.0.1
    "Live 8.1.3" = Live 8.1.3
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mastering Edition" = Steinberg Mastering Edition v1.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
    "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
    "Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
    "Native Instruments Absynth 4" = Native Instruments Absynth 4
    "Native Instruments Battery 3" = Native Instruments Battery 3
    "Native Instruments Controller Editor" = Native Instruments Controller Editor
    "Native Instruments FM8" = Native Instruments FM8
    "Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
    "Native Instruments Komplete 7 Players" = Native Instruments Komplete 7 Players
    "Native Instruments Kontakt 4" = Native Instruments Kontakt 4
    "Native Instruments Kontakt Factory Selection" = Native Instruments Kontakt Factory Selection
    "Native Instruments Kore Player" = Native Instruments Kore Player
    "Native Instruments Maschine" = Native Instruments Maschine
    "Native Instruments Maschine Controller Driver" = Native Instruments Maschine Controller Driver
    "Native Instruments Maschine Factory Content" = Native Instruments Maschine Factory Content
    "Native Instruments Maschine Factory Content 1.5" = Native Instruments Maschine Factory Content 1.5
    "Native Instruments Massive v1.0.1.008 VSTi DXi RTAS" = Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
    "Native Instruments Mikro Prism" = Native Instruments Mikro Prism
    "Native Instruments Reaktor 5" = Native Instruments Reaktor 5
    "Native Instruments Reaktor Factory Selection" = Native Instruments Reaktor Factory Selection
    "Native Instruments Service Center" = Native Instruments Service Center
    "Native Instruments Traktor" = Native Instruments Traktor
    "Oddity" = GForce - Oddity
    "Oddity VST2" = GMediaMusic - Oddity VST2
    "Office14.SingleImage" = Microsoft Office Professionnel 2010
    "PC-Doctor for Windows" = Hardware Diagnostic Tools
    "PhotoStage" = PhotoStage Slideshow Producer
    "PoiZone" = PoiZone
    "PreSonus Studio One" = PreSonus Studio One
    "PROHYBRIDR" = 2007 Microsoft Office system
    "Prosoniq OrangeVocoder v1.4" = Prosoniq OrangeVocoder v1.4
    "pywin32-py2.6" = Python 2.6 pywin32-212
    "RB MOLOTOF V11.0.0" = RB MOLOTOF V1
    "RealPlayer 12.0" = RealPlayer
    "Reason5_is1" = Reason 5.0
    "Rob Papen Albino 2" = Rob Papen Albino 2
    "Sakura" = Sakura
    "Sawer" = Sawer
    "SONiVOX 2.0 DVI Creamy Fuzz Guitar_is1" = SONiVOX DVI Creamy Fuzz Guitar
    "Stillwell Audio Plugins Bundle VST v1.52" = Stillwell Audio Plugins Bundle VST v1.52
    "Toxic Biohazard" = Toxic Biohazard
    "TruePianos: Amber Module_is1" = TruePianos: Amber Module 1.4.0
    "TruePianos: Diamond Module_is1" = TruePianos: Diamond Module 1.4.0
    "TruePianos: Emerald Module_is1" = TruePianos: Emerald Module 1.4.0
    "TruePianos: Sapphire Module_is1" = TruePianos: Sapphire Module 1.4.0
    "TruePianos_is1" = TruePianos 1.4.1
    "TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
    "Universal Audio v4.4.0 Native" = Universal Audio v4.4.0 Native
    "VLC media player" = VLC media player 1.0.3
    "VST" = VST Compressor
    "WavePad" = WavePad Sound Editor
    "Waves Mercury Bundle" = Waves Mercury Bundle
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WT083427" = Elementals - The Magic Key
    "WT083777" = Murder She Wrote
    "Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
    "YInstHelper" = Yahoo! Install Manager

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-677347413-2995805031-2245204369-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/10/2010 8:39:46 p.m. | Computer Name = RaeJae-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 999

    Error - 2/10/2010 8:39:46 p.m. | Computer Name = RaeJae-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 999

    Error - 2/10/2010 8:39:47 p.m. | Computer Name = RaeJae-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/10/2010 8:39:47 p.m. | Computer Name = RaeJae-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 3058

    Error - 2/10/2010 8:39:47 p.m. | Computer Name = RaeJae-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3058

    Error - 2/10/2010 8:39:48 p.m. | Computer Name = RaeJae-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/10/2010 8:39:48 p.m. | Computer Name = RaeJae-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4056

    Error - 2/10/2010 8:39:48 p.m. | Computer Name = RaeJae-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4056

    Error - 2/10/2010 8:39:49 p.m. | Computer Name = RaeJae-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/10/2010 8:39:49 p.m. | Computer Name = RaeJae-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5055

    [ System Events ]
    Error - 21/04/2011 12:07:35 a.m. | Computer Name = RaeJae-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AvgLdx86 AvgMfx86 AvgTdiX

    Error - 21/04/2011 12:10:22 a.m. | Computer Name = RaeJae-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the ShellHWDetection service.

    Error - 21/04/2011 3:06:39 a.m. | Computer Name = RaeJae-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 6:38:06 p.m. on ?21/?04/?2011 was
    unexpected.

    Error - 21/04/2011 3:06:39 a.m. | Computer Name = RaeJae-PC | Source = Service Control Manager | ID = 7000
    Description = The aswFsBlk service failed to start due to the following error: %%2

    Error - 21/04/2011 3:06:44 a.m. | Computer Name = RaeJae-PC | Source = Service Control Manager | ID = 7001
    Description = The SBSD Security Center Service service depends on the Security Center
    service which failed to start because of the following error: %%1058

    Error - 21/04/2011 3:06:49 a.m. | Computer Name = RaeJae-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    aswRdr AvgLdx86 AvgMfx86 AvgTdiX

    Error - 21/04/2011 3:07:27 a.m. | Computer Name = RaeJae-PC | Source = bowser | ID = 8003
    Description =

    Error - 21/04/2011 3:15:13 a.m. | Computer Name = RaeJae-PC | Source = Service Control Manager | ID = 7001
    Description = The SBSD Security Center Service service depends on the Security Center
    service which failed to start because of the following error: %%1058

    Error - 21/04/2011 3:15:14 a.m. | Computer Name = RaeJae-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AvgLdx86 AvgMfx86 AvgTdiX

    Error - 21/04/2011 3:18:04 a.m. | Computer Name = RaeJae-PC | Source = bowser | ID = 8003
    Description =


    < End of report >
     
  24. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
      O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
      O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
      O3 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [2011/04/11 13:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
      [2011/04/11 13:01:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
      [2011/04/11 13:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
      [2011/04/20 18:21:12 | 000,010,374 | -HS- | M] () -- C:\Users\RaeJae\AppData\Local\0v128yg110yy544h80wqr2
      [2011/04/20 17:30:52 | 000,010,374 | -HS- | M] () -- C:\ProgramData\0v128yg110yy544h80wqr2
      [2011/04/14 09:02:12 | 000,200,704 | RHS- | C] () -- C:\Windows\System32\LAPRXYQ.dll
      [2011/02/03 14:34:01 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\AVG10
      [2010/01/24 20:38:04 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Uniblue
      @Alternate Data Stream - 1238 bytes -> C:\Users\RaeJae\AppData\Local\3KDlJfWHhxqk8US:o0XruD21dPH8RG99Zx2A
      @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:D74B6CF5
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
      @Alternate Data Stream - 1057 bytes -> C:\Users\RaeJae\AppData\Local\mhpZyXByCHO9WP:Fu8w9uaQQLrCJXEJHIpdfbnC
      @Alternate Data Stream - 1033 bytes -> C:\Users\RaeJae\AppData\Local\Temp:SVSytjQYCf1FZESAvcJs0tQMN
      
      :Files
      C:\Program Files\AskBarDis
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  25. JBEEZY

    JBEEZY TS Rookie Topic Starter Posts: 67

    I am about to run the OTL Scan again but Avast has recommended that it be opened in a sandbox. Shall I do this?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...