Solved Help me please? My desktop has virus Win32:Bamital-AQ

Status
Not open for further replies.
J

JBEEZY

Posts: 66   +0
Hi everybody.

I'm new here so I apologise if I come across like a lost sheep.

Last night my computer started showing all these adverts for Win 7 removal tool and that I had to purchase it in order to get my system back up and running.

I googled and found out it was a virus but now when Avast runs a boot scan it says I have been infected with another virus called Win32:Bamital-AQ?

Can someone help me please as I am clueless as to where to go,what to do and if I can save my files on my PC? Don't mean to sound desperate but I am....Thanks
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Thank you for your help.

I just wanna apologize before hand,I am completely hopeless when it comes to computer talk/programs/jargon etc so please bare with me as I appreciate your help!

I am on the household laptop but my PC is the one with the infection so I will follow your instructions and hopefully we get there.

Thanks
 
Another question..Sorry if I'm sounding dumb,but how do I post up the scan results here from my infected computer without this one becoming infected?
 
Okay so I followed the steps....This is the Malware Log Report

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6402

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20/04/2011 6:32:39 p.m.
mbam-log-2011-04-20 (18-32-39).txt

Scan type: Quick scan
Objects scanned: 206152
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
c:\Users\RaeJae\AppData\Local\exe.exe (Trojan.FakeAlert) -> 3168 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{03E02289-B9F4-4BB4-B93B-5332A1A1B908} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03E02289-B9F4-4BB4-B93B-5332A1A1B908} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{03E02289-B9F4-4BB4-B93B-5332A1A1B908} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\0ESKOMO9JO (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\RaeJae\AppData\Local\exe.exe" -a "C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\RaeJae\AppData\Local\exe.exe" -a "C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\RaeJae\AppData\Local\exe.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Users\RaeJae\AppData\Local\exe.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\RaeJae\AppData\Local\exe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\RaeJae\local settings\application data\exe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\RaeJae\local settings\application data\lcp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Public\documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Public\documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{8c3fdd81-7ae0-4605-a46a-2488b179f2a3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
 
Not sure if this is what it's supposed to look like but this is the GMER Log Report.

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-20 20:32:49
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502IJ rev.1AA01117
Running: 1gdrr692.exe; Driver: C:\Users\RaeJae\AppData\Local\Temp\kxdiqpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
This is the DDR Log Report.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by RaeJae at 20:35:59.43 on Wed 20/04/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.64.1033.18.2037.1122 [GMT 12:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\NMSAccessU.exe
C:\Program Files\M-Audio\Oxygen\AudioDevMon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\AnVir Task Manager Free\AnVir.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\NetComm\Common\RaUI.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\KBD\kbd.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\RaeJae\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=93&bd=Presario&pf=cndt
uSearch Page =
uStart Page = hxxp://www.google.co.nz/
uSearch Bar =
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=93&bd=Presario&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=93&bd=Presario&pf=cndt
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - No File
uRun: [AnVir Task Manager Free] "c:\program files\anvir task manager free\AnVir.exe" Minimized
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\users\raejae\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpsysdrv] c:\program files\hewlett-packard\hp odometer\hpsysdrv.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [KBD] c:\program files\hewlett-packard\kbd\KbdStub.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netcom~1.lnk - c:\program files\netcomm\common\RaUI.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: &Envoyer à OneNote - /105
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-nz.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\raejae\appdata\roaming\mozilla\firefox\profiles\5w8gsb98.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.nz/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\program files\search settings\ff\components\SearchSettingsFF.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\raejae\appdata\roaming\mozilla\firefox\profiles\5w8gsb98.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - component: c:\users\raejae\appdata\roaming\mozilla\firefox\profiles\5w8gsb98.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\raejae\appdata\roaming\mozilla\firefox\profiles\5w8gsb98.default\extensions\{eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c58}\components\sehLibGlue_stub.dll
FF - component: c:\users\raejae\appdata\roaming\mozilla\firefox\profiles\5w8gsb98.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - component: c:\users\raejae\appdata\roaming\mozilla\firefox\profiles\5w8gsb98.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\raejae\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\raejae\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\raejae\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2009-12-16 375296]
R2 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-28 39272]
R2 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
R2 OxygenAudioDevMon;Oxygen Audio Device Monitor;c:\program files\m-audio\oxygen\AudioDevMon.exe [2010-3-4 1632776]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [2007-3-29 21984]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\drivers\MAudioFastTrackPro.sys [2009-11-9 158600]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2011-3-23 724992]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-5 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 OXYGEN;Service for M-Audio Oxygen;c:\windows\system32\drivers\MAudioOxygen.sys [2010-3-4 112136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-2 1343400]
.
=============== Created Last 30 ================
.
2011-04-20 06:23:45 -------- d-----w- c:\users\raejae\appdata\roaming\Malwarebytes
2011-04-20 06:23:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-20 06:23:27 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-20 06:23:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 06:23:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-20 01:39:20 -------- d-----w- c:\users\raejae\appdata\local\{4C8437FA-9B99-4CBF-A3F1-FA613C1C825C}
2011-04-19 06:45:46 159080 ----a-w- c:\progra~2\microsoft\windows\sqm\manifest\Sqm10138.bin
2011-04-19 05:03:50 -------- d-----w- c:\users\raejae\appdata\local\{609E11D7-485F-4B01-99E0-4ABBDE0E8B2A}
2011-04-19 04:40:17 -------- d-----w- c:\users\raejae\appdata\local\{C2E022B5-C93F-4EF5-A47B-FFCFD20FD017}
2011-04-16 01:18:39 -------- d-----w- c:\users\raejae\appdata\local\{787EAFD0-2B98-4F63-9D5B-331774D5E51C}
2011-04-15 03:33:56 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 03:33:56 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 03:33:55 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 03:33:54 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 03:33:53 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 03:33:53 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-15 03:33:53 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 03:33:53 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 03:33:53 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 03:33:53 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 03:21:28 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-14 03:20:23 -------- d-----w- c:\users\raejae\appdata\local\{8E2A8A4C-0535-4076-A51E-8B70D96314DB}
2011-04-14 00:58:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 00:24:28 -------- d-----w- c:\users\raejae\appdata\local\Conduit
2011-04-14 00:12:57 -------- d-----w- c:\users\raejae\appdata\local\{6CF5DCAA-8975-4025-883D-218CE2D891AF}
2011-04-13 21:22:53 -------- d-----w- c:\program files\AVAST Software
2011-04-13 21:22:53 -------- d-----w- c:\progra~2\AVAST Software
2011-04-13 21:22:36 -------- d-----w- c:\progra~2\PC Tools
2011-04-13 21:02:12 200704 --sha-r- c:\windows\system32\LAPRXYQ.dll
2011-04-11 21:54:47 -------- d-----w- c:\users\raejae\appdata\local\{04323764-5268-48E8-86F3-62D7DC592526}
2011-04-11 07:38:30 -------- d-----w- c:\users\raejae\appdata\local\{AAAAF49F-BE39-47CC-9620-25FCB580F967}
2011-04-11 01:01:54 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-11 01:01:54 -------- d-----w- c:\progra~2\AVG10
2011-04-11 01:00:45 -------- d-----w- c:\program files\AVG
2011-04-10 07:37:24 -------- d-----w- c:\users\raejae\appdata\local\{1E3AC23E-0819-4446-944C-358872EC34D2}
2011-04-08 08:59:02 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{a978259a-16ed-4949-b814-d8db3b67fcb0}\mpengine.dll
2011-04-08 00:56:11 -------- d-----w- c:\users\raejae\appdata\local\{0E7B7C2E-6518-44A6-8DA6-56DE5271BEA1}
2011-04-08 00:39:00 -------- dc-h--w- c:\progra~2\{F751CA04-FB71-4EC0-ACC9-5B733D122C5E}
2011-04-08 00:38:42 -------- dc-h--w- c:\progra~2\{20EFD19B-675C-417B-A498-B0161D72FF88}
2011-04-08 00:36:29 -------- dc-h--w- c:\progra~2\{3C6B30C3-46C9-4FD1-AAC3-6011E43BF0D1}
2011-04-08 00:16:46 -------- dc-h--w- c:\progra~2\{F828BFD7-781D-4BD3-AD6C-71D19DC23493}
2011-04-08 00:02:31 -------- dc-h--w- c:\progra~2\{E6F7E8AE-5D26-4508-A961-B0231A24CCAE}
2011-04-07 23:48:38 -------- dc-h--w- c:\progra~2\{C5A0D307-9319-4B00-9734-C0F4B0454A7B}
2011-04-07 22:40:23 -------- dc-h--w- c:\progra~2\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}
2011-04-06 21:00:25 -------- d-----w- c:\users\raejae\appdata\local\{D0D41795-8F52-4E52-93FE-AEBCC1745C49}
2011-04-06 07:13:52 -------- dc-h--w- c:\progra~2\{16E6DCE6-1916-4566-A3CF-31880CAA7C63}
2011-04-06 04:13:35 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-04-06 04:13:28 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-04-06 04:13:00 -------- d-----w- c:\users\raejae\appdata\roaming\DAEMON Tools Lite
2011-04-06 04:13:00 -------- d-----w- c:\progra~2\DAEMON Tools Lite
2011-04-06 01:05:32 1332224 ----a-w- c:\windows\system32\SYNSOEMU.DLL
2011-04-03 22:54:46 -------- d-----w- c:\users\raejae\appdata\local\{4F597D4D-CBC3-427C-A896-C4ECFD6FAFF8}
2011-04-03 06:49:06 -------- d-----w- c:\users\raejae\appdata\local\{A0BB2CE6-790F-44C5-8D8B-62BADB871418}
2011-04-02 11:54:57 -------- d-----w- c:\users\raejae\appdata\local\{ED84A8A4-45D6-4F0C-9663-C6F4EF268289}
2011-04-01 23:50:47 -------- d-----w- c:\users\raejae\appdata\local\{2CA530FE-C91F-421F-8F88-D1364FF07BEB}
2011-03-31 12:39:42 -------- d-----w- c:\users\raejae\appdata\local\{F06CD8E8-6A07-4E03-B663-8F60F9598E8E}
2011-03-30 21:17:26 -------- d-----w- c:\progra~2\AVS4YOU
2011-03-30 21:17:25 -------- d-----w- c:\users\raejae\appdata\roaming\AVS4YOU
2011-03-30 21:17:07 -------- d-----w- c:\program files\common files\AVSMedia
2011-03-30 21:17:06 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-03-30 21:17:06 -------- d-----w- c:\program files\AVS4YOU
2011-03-30 20:43:07 1554944 ----a-w- c:\windows\system32\vorbis.acm
2011-03-30 20:37:53 -------- d-----w- c:\users\raejae\appdata\local\{7E25DA18-103E-4B1B-AF44-54D6418368E5}
2011-03-29 19:35:19 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-29 19:35:19 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-29 19:35:19 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-29 04:27:13 -------- dc-h--w- c:\progra~2\{37C683B9-C5C5-47D2-AC1F-B551207D4066}
2011-03-23 22:03:46 -------- d-----w- c:\program files\BitTorrent
2011-03-23 22:03:06 -------- d-----w- c:\users\raejae\appdata\roaming\BitTorrent
2011-03-23 20:09:22 -------- d-----w- c:\progra~2\Arturia
2011-03-23 03:07:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-03-23 03:04:17 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2011-03-23 03:04:17 -------- d-----w- c:\users\raejae\appdata\roaming\Acoustica
2011-03-23 03:03:37 -------- d-----w- c:\progra~2\Acoustica
2011-03-23 00:39:02 -------- d-----w- c:\progra~2\Ralink
2011-03-23 00:38:58 1597440 ----a-w- c:\windows\system32\RaCertMgr.dll
2011-03-23 00:38:49 724992 ----a-w- c:\windows\system32\drivers\netr28u.sys
2011-03-23 00:38:49 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2011-03-23 00:38:49 -------- d-----w- c:\progra~2\NetComm Driver
2011-03-23 00:38:34 -------- d-----w- c:\program files\Cisco
2011-03-23 00:38:20 97280 ----a-w- c:\windows\system32\RAEXTUI.dll
2011-03-23 00:38:20 766464 ----a-w- c:\windows\system32\RAIHV.dll
2011-03-23 00:38:20 1048576 ----a-w- c:\windows\system32\CiscoEapFast.dll
2011-03-23 00:38:19 -------- d-----w- c:\program files\NetComm
2011-03-22 02:42:18 -------- d-----w- c:\program files\ConvertHelper
2011-03-21 22:49:58 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-21 22:49:58 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-21 22:49:58 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-21 22:49:58 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-21 22:49:11 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-21 22:49:11 1034240 ----a-w- c:\windows\system32\mstsc.exe
.
==================== Find3M ====================
.
2011-03-07 09:51:11 338432 ----a-w- c:\windows\system32\REX Shared Library.dll
2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-02-24 05:32:44 981504 ----a-w- c:\windows\system32\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-24 04:23:48 386048 ----a-w- c:\windows\system32\html.iec
2011-02-24 03:50:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-19 05:32:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 03:37:02 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-02-18 05:36:26 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-17 11:22:04 69632 ----a-w- c:\windows\system32\FxShared.dll
2011-02-17 11:22:04 69632 ----a-w- c:\windows\system32\com.fxpansion.fxshared.dll
2011-02-02 10:46:57 406528 ----a-w- c:\windows\system32\ReWire.dll
2011-02-02 05:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2007-01-24 14:52:26 65536 ----a-w- c:\program files\common files\NMSAccessU.exe
.
============= FINISH: 20:37:01.58 ===============
 
And this is the DDR Attachment Log Report.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 18/01/2010 12:19:44 a.m.
System Uptime: 20/04/2011 8:27:25 p.m. (0 hours ago)
.
Motherboard: MSI | | Boston
Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz | Socket 775 | 2800/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 190.571 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.462 GiB free.
E: is CDROM ()
F: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: AVG Free AVI Loader Driver x86
Device ID: ROOT\LEGACY_AVGLDX86\0000
Manufacturer:
Name: AVG Free AVI Loader Driver x86
PNP Device ID: ROOT\LEGACY_AVGLDX86\0000
Service: AvgLdx86
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: AVG Free8 Network Redirector
Device ID: ROOT\LEGACY_AVGTDIX\0000
Manufacturer:
Name: AVG Free8 Network Redirector
PNP Device ID: ROOT\LEGACY_AVGTDIX\0000
Service: AvgTdiX
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
1100 DX
2007 Microsoft Office system
AAC Decoder
Abbeyroadplugins EMI Brilliance Pack VST RTAS v1.0.6
Abbeyroadplugins EMI RS 124 Compressor VST RTAS v1.0
Abbeyroadplugins EMI TG 12413 Limiter VST RTAS v2.0.1
Abbeyroadplugins EMI TG Mastering Pack VST RTAS v1.0.2
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Analog Factory HipHop 2.2.1
Antares Autotune VST RTAS TDM v5.08
Antares Filter VST DX v1.01
Antares Harmony Engine VST RTAS v1.0
Antares Microphone Modeler DX v1.32
Antares Tube VST v1.02
AnVir Task Manager Free
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arturia Arp2600 V v1.0
Arturia CS-80V v1.6
Arturia minimoog V v1.6
Ashampoo Burning Studio 2010
Ashampoo Cover Studio 2.2.0
Ashampoo Internet Accelerator 3.20
Ashampoo Magical Snap 2.31
Ashampoo Music Studio 2009
Ashampoo Slideshow Studio 2010
ASIO4ALL
AutoUpdate
avast! Antivirus
AVS Image Converter 1.3.3.146
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Bass Station 1.50
BitTorrent
Bonjour
bx_shredspread Native 1.0.3
CameraHelperMsi
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Clean! v1.0
Compatibility Pack for the 2007 Office system
Conduit Engine
ConvertHelper 2.2
CyberLink DVD Suite Deluxe
D3DX10
DAEMON Tools Lite
Digidesign Shared Plug-Ins 7.4
DirectX for Managed Code Update (Summer 2004)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
Download Accelerator Plus (DAP)
Elementals - The Magic Key
eLicenser Control
Enhanced Multimedia Keyboard Solution
erLT
FL Studio 9
FlashFXP v3
Focusrite Scarlett Plug-in Suite 1.1
Foxit Reader
Foxit Toolbar
Freecorder 4.0 Application
Freecorder Toolbar
Game Booster
GEAR driver installer for x86 Win2K
GForce - impOSCar
GForce - Oddity
GMediaMusic - Oddity VST2
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
Hardware Diagnostic Tools
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP Odometer
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Support Information
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
IL Download Manager
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Interlok driver setup x32
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
KORG padKONTROL Editor Librarian
KORG USB-MIDI Driver Tools for Windows
LabelPrint
LightScribe System Software
Live 6.0.1
Live 8.1.3
Logitech Vid
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
M-Audio FastTrackPro Driver 6.0.2 (x86)
M-Audio Oxygen Driver 1.2.1 (x86)
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (French) 2010 (Beta)
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2010 (Beta)
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (French) 2010 (Beta)
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (French) 2010 (Beta)
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2010 (Beta)
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Hybrid 2007
Microsoft Office Professionnel 2010
Microsoft Office Proof (Arabic) 2010 (Beta)
Microsoft Office Proof (Dutch) 2010 (Beta)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010 (Beta)
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010 (Beta)
Microsoft Office Proof (German) 2010 (Beta)
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010 (Beta)
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2010 (Beta)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (French) 2010 (Beta)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2010 (Beta)
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Single Image 2010 (Beta)
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2010 (Beta)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MixMeister BPM Analyzer 1.0
MKV Splitter
MobileMe Control Panel
Mozilla Firefox (3.6.3)
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Murder She Wrote
Native Instruments Absynth 4
Native Instruments Battery 3
Native Instruments Controller Editor
Native Instruments FM8
Native Instruments Guitar Rig 4
Native Instruments Hardware Controller Support
Native Instruments Komplete 7 Players
Native Instruments Kontakt 4
Native Instruments Kontakt Factory Selection
Native Instruments Kore Player
Native Instruments Maschine
Native Instruments Maschine Controller Driver
Native Instruments Maschine Driver
Native Instruments Maschine Factory Content
Native Instruments Maschine Factory Content 1.5
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
Native Instruments Mikro Prism
Native Instruments Reaktor 5
Native Instruments Reaktor Factory Selection
Native Instruments Service Center
Native Instruments Traktor
Natural Color Pro
NetComm NetComm 900n Series Wireless USB Adapter
Norton Internet Security
Numedia CD-DVD writing as non-admin user
NVIDIA PhysX v8.10.29
OGA Notifier 2.0.0048.0
PhotoStage Slideshow Producer
PoiZone
Power2Go
PowerDirector
PreSonus Studio One
Prosoniq OrangeVocoder v1.4
Python 2.6 pywin32-212
Python 2.6.1
QuickTime
RB MOLOTOF V1
RD 2.12
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Reason 5.0
Rob Papen Albino 2
Sakura
Sawer
Search Settings v1.2.3
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 4.2
SONiVOX DVI Creamy Fuzz Guitar
Spybot - Search & Destroy
Steinberg DeClicker v1.21
Steinberg Mastering Edition v1.0
Stillwell Audio Plugins Bundle VST v1.52
System Requirements Lab
T-RackS 3 Deluxe
Toxic Biohazard
TruePianos 1.4.1
TruePianos: Amber Module 1.4.0
TruePianos: Diamond Module 1.4.0
TruePianos: Emerald Module 1.4.0
TruePianos: Sapphire Module 1.4.0
TweetDeck
Universal Audio v4.4.0 Native
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2522999)
V-Station
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.3
VST Compressor
WavePad Sound Editor
Waves Mercury Bundle
Windows 7 Manager
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Xilisoft Video Converter Ultimate
Yahoo! Install Manager
.
==== Event Viewer Messages From Past Week ========
.
20/04/2011 9:52:05 a.m., Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
20/04/2011 9:41:47 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
20/04/2011 9:41:47 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
20/04/2011 9:00:26 a.m., Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
20/04/2011 9:00:25 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
20/04/2011 9:00:25 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
20/04/2011 9:00:23 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
20/04/2011 9:00:17 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
20/04/2011 8:59:52 a.m., Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\RAIHV.dll Error Code: 21
20/04/2011 8:59:35 a.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 AvgTdiX discache spldr Wanarpv6
20/04/2011 8:27:48 p.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 AvgTdiX
20/04/2011 8:27:46 p.m., Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
20/04/2011 6:47:20 p.m., Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {22CB7E43-046D-4AFF-8757-FD6EA2FE124B}. The error: "740" Happened while starting this command: "C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions\{eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c58}\libraries32\SeHExeComServer.exe" -Embedding
20/04/2011 6:20:43 p.m., Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
20/04/2011 2:10:27 a.m., Error: Service Control Manager [7000] - The AVG Free WatchDog service failed to start due to the following error: The system cannot find the file specified.
20/04/2011 1:41:06 p.m., Error: Service Control Manager [7022] - The Windows Search service hung on starting.
19/04/2011 11:39:15 p.m., Error: Service Control Manager [7038] - The SSDPSRV service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
19/04/2011 11:39:15 p.m., Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024846.
19/04/2011 11:39:15 p.m., Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The service did not start due to a logon failure.
19/04/2011 11:39:15 p.m., Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80070032.
19/04/2011 11:33:21 p.m., Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831
19/04/2011 11:15:29 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
18/04/2011 9:41:48 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
15/04/2011 11:32:24 a.m., Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR9.
14/04/2011 9:26:18 a.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
14/04/2011 9:22:56 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
14/04/2011 8:45:46 a.m., Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {22CB7E43-046D-4AFF-8757-FD6EA2FE124B}. The error: "5" Happened while starting this command: "C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions\{eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c58}\libraries32\SeHExeComServer.exe" -Embedding
14/04/2011 5:19:07 p.m., Error: bowser [8003] - The master browser has received a server announcement from the computer BROOKS-WHANAU that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D424BA8E-E2D7-4D2D-A630-6039. The master browser is stopping or an election is being forced.
14/04/2011 4:02:09 p.m., Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
14/04/2011 3:21:46 p.m., Error: Service Control Manager [7030] - The avast! Web Scanner service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
14/04/2011 3:21:46 p.m., Error: Service Control Manager [7030] - The avast! Mail Scanner service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
14/04/2011 3:21:45 p.m., Error: Service Control Manager [7030] - The avast! iAVS4 Control Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
14/04/2011 3:21:45 p.m., Error: Service Control Manager [7030] - The avast! Antivirus service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================
 
You did fine :)

Is your bad computer internet connection working?

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

===================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Thanks.

I tried connecting to the Internet and yes it is working now. This is the MBRCheck Log report.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: MSI
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Compaq-Presario
System Product Name: NS893AA-ABG CQ3040AN
Logical Drives Mask: 0x000000bc

Kernel Drivers (total 186):
0x83856000 \SystemRoot\system32\ntkrnlpa.exe
0x8381F000 \SystemRoot\system32\halmacpi.dll
0x80BAD000 \SystemRoot\system32\kdcom.dll
0x83E1B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83E93000 \SystemRoot\system32\PSHED.dll
0x83EA4000 \SystemRoot\system32\BOOTVID.dll
0x83EAC000 \SystemRoot\system32\CLFS.SYS
0x83EEE000 \SystemRoot\system32\CI.dll
0x89438000 \SystemRoot\system32\drivers\Wdf01000.sys
0x894A9000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x894B7000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x894FF000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x89508000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x89510000 \SystemRoot\system32\DRIVERS\pci.sys
0x8953A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x89545000 \SystemRoot\System32\drivers\partmgr.sys
0x89556000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x89566000 \SystemRoot\System32\drivers\volmgrx.sys
0x895B1000 \SystemRoot\system32\DRIVERS\intelide.sys
0x895B8000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x895C6000 \SystemRoot\System32\drivers\mountmgr.sys
0x895DC000 \SystemRoot\system32\DRIVERS\atapi.sys
0x89400000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x89423000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x83F99000 \SystemRoot\system32\drivers\fltmgr.sys
0x895E5000 \SystemRoot\system32\drivers\fileinfo.sys
0x83FCD000 \SystemRoot\System32\Drivers\TPkd.sys
0x89620000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8974F000 \SystemRoot\System32\Drivers\msrpc.sys
0x8977A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8978D000 \SystemRoot\System32\Drivers\cng.sys
0x897EA000 \SystemRoot\System32\drivers\pcw.sys
0x89600000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x89827000 \SystemRoot\system32\drivers\ndis.sys
0x898DE000 \SystemRoot\system32\drivers\NETIO.SYS
0x8991C000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x89A29000 \SystemRoot\System32\drivers\tcpip.sys
0x89B72000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89BA3000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x89BE2000 \SystemRoot\System32\Drivers\spldr.sys
0x89941000 \SystemRoot\System32\drivers\rdyboost.sys
0x89BEA000 \SystemRoot\System32\Drivers\mup.sys
0x89A00000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8996E000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x89A08000 \SystemRoot\system32\DRIVERS\disk.sys
0x899A0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x89800000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8981F000 \SystemRoot\System32\Drivers\Null.SYS
0x899EA000 \SystemRoot\System32\Drivers\Beep.SYS
0x89BFA000 \SystemRoot\system32\drivers\MTictwl.sys
0x899F1000 \SystemRoot\System32\drivers\vga.sys
0x8E82F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E850000 \SystemRoot\System32\drivers\watchdog.sys
0x8E85D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E865000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E86D000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8E875000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E880000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E88E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E8A5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E8B0000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E8E2000 \SystemRoot\system32\drivers\afd.sys
0x8E93C000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8E943000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E962000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E970000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E983000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E993000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E9D4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E9DE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E9E8000 \SystemRoot\System32\drivers\discache.sys
0x8E800000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E818000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8EC38000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8EC59000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8EE19000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8F322000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EC6B000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8F3D9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8ECA4000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x8EE00000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8ECC9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8ED14000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8ED23000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EE0B000 \SystemRoot\system32\DRIVERS\PS2.sys
0x8ED3B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8EE10000 \SystemRoot\system32\drivers\pfc.sys
0x8ED48000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8ED52000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8ED5F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8ED71000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8ED89000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8ED94000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EDB6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EDCE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8EDE5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EC00000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EE13000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F63E000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F672000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F680000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F6C4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x97821000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x97ABE000 \SystemRoot\system32\drivers\portcls.sys
0x97AED000 \SystemRoot\system32\drivers\drmk.sys
0x97B2C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x81E60000 \SystemRoot\System32\win32k.sys
0x97B2E000 \SystemRoot\System32\drivers\Dxapi.sys
0x97B38000 \SystemRoot\system32\DRIVERS\netr28u.sys
0x97800000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x97BF0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8F6D5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8F6E0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x97817000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x97BFB000 \SystemRoot\System32\Drivers\KORGUMDS.SYS
0x8F6F3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x820C0000 \SystemRoot\System32\TSDDD.dll
0x8F6FE000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F70B000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8F716000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8F71F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x820F0000 \SystemRoot\System32\cdd.dll
0x82110000 \SystemRoot\System32\ATMFD.DLL
0x8F730000 \SystemRoot\system32\drivers\luafv.sys
0x8F74B000 \SystemRoot\system32\drivers\WudfPf.sys
0x8F765000 \SystemRoot\system32\DRIVERS\fssfltr.sys
0x8F770000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8F780000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8F7C6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8F7D6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8F600000 \SystemRoot\System32\Drivers\fastfat.SYS
0x94C16000 \SystemRoot\system32\drivers\HTTP.sys
0x94C9B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x94CB4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x94CC6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x94CE9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x94D24000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x94D57000 \SystemRoot\system32\drivers\peauth.sys
0x94DEE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8EC0D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x94C00000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9A005000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9A054000 \SystemRoot\System32\DRIVERS\srv.sys
0x9A0A6000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9A0C7000 \??\C:\Users\RaeJae\AppData\Local\Temp\kxdiqpow.sys
0x9A14A000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x9A153000 \??\C:\Users\RaeJae\AppData\Local\Temp\mbr.sys
0x77B60000 \Windows\System32\ntdll.dll
0x47BF0000 \Windows\System32\smss.exe
0x77DA0000 \Windows\System32\apisetschema.dll
0x00210000 \Windows\System32\autochk.exe
0x77D60000 \Windows\System32\imagehlp.dll
0x779C0000 \Windows\System32\setupapi.dll
0x77D50000 \Windows\System32\normaliz.dll
0x76D70000 \Windows\System32\shell32.dll
0x77D40000 \Windows\System32\nsi.dll
0x76CA0000 \Windows\System32\user32.dll
0x77D30000 \Windows\System32\psapi.dll
0x76C00000 \Windows\System32\advapi32.dll
0x76B30000 \Windows\System32\msctf.dll
0x77CD0000 \Windows\System32\shlwapi.dll
0x76A90000 \Windows\System32\usp10.dll
0x76930000 \Windows\System32\ole32.dll
0x76880000 \Windows\System32\rpcrt4.dll
0x77CB0000 \Windows\System32\imm32.dll
0x76800000 \Windows\System32\comdlg32.dll
0x76720000 \Windows\System32\kernel32.dll
0x766D0000 \Windows\System32\Wldap32.dll
0x764D0000 \Windows\System32\iertutil.dll
0x76440000 \Windows\System32\clbcatq.dll
0x76420000 \Windows\System32\sechost.dll
0x76320000 \Windows\System32\wininet.dll
0x761E0000 \Windows\System32\urlmon.dll
0x76130000 \Windows\System32\msvcrt.dll
0x77CA0000 \Windows\System32\lpk.dll
0x760D0000 \Windows\System32\difxapi.dll
0x76090000 \Windows\System32\ws2_32.dll
0x76000000 \Windows\System32\oleaut32.dll
0x75FB0000 \Windows\System32\gdi32.dll
0x75F60000 \Windows\System32\KernelBase.dll
0x75F30000 \Windows\System32\wintrust.dll
0x75F00000 \Windows\System32\cfgmgr32.dll
0x75DE0000 \Windows\System32\crypt32.dll
0x75D50000 \Windows\System32\comctl32.dll
0x75D30000 \Windows\System32\devobj.dll
0x75D20000 \Windows\System32\msasn1.dll

Processes (total 73):
0 System Idle Process
4 System
244 C:\Windows\System32\smss.exe
368 csrss.exe
420 C:\Windows\System32\wininit.exe
432 csrss.exe
500 C:\Windows\System32\winlogon.exe
540 C:\Windows\System32\services.exe
556 C:\Windows\System32\lsass.exe
564 C:\Windows\System32\lsm.exe
672 C:\Windows\System32\svchost.exe
756 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\wlanext.exe
1300 C:\Windows\System32\conhost.exe
1416 C:\Windows\System32\taskeng.exe
1424 C:\Windows\System32\spoolsv.exe
1460 C:\Windows\System32\rundll32.exe
1496 C:\Windows\System32\svchost.exe
1596 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1632 C:\Program Files\Application Updater\ApplicationUpdater.exe
1652 C:\Program Files\Bonjour\mDNSResponder.exe
1684 C:\Windows\System32\svchost.exe
1736 C:\Program Files\Windows Live\Family Safety\fsssvc.exe
1832 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1860 C:\Program Files\Common Files\NMSAccessU.exe
1920 C:\Program Files\M-Audio\Oxygen\AudioDevMon.exe
2044 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
376 C:\Windows\System32\svchost.exe
692 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
1304 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2284 WUDFHost.exe
3140 C:\Windows\System32\taskhost.exe
3208 C:\Windows\System32\taskeng.exe
3216 C:\Windows\System32\dwm.exe
3392 C:\Windows\explorer.exe
2524 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2532 C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
2540 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2604 C:\Windows\System32\hkcmd.exe
2620 C:\Windows\System32\igfxpers.exe
2632 C:\Program Files\Freecorder\FLVSrvc.exe
2692 C:\Windows\System32\igfxsrvc.exe
2700 C:\Program Files\Windows Live\Family Safety\fsui.exe
2720 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2780 C:\Windows\System32\M-AudioTaskBarIcon.exe
2804 C:\Program Files\iTunes\iTunesHelper.exe
2836 C:\Program Files\Alwil Software\Avast4\ashDisp.exe
2888 C:\Program Files\AnVir Task Manager Free\AnVir.exe
2904 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
2964 C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
2976 C:\Program Files\NetComm\Common\RaUI.exe
3120 C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
3356 C:\Windows\System32\SearchIndexer.exe
2616 C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
3092 C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
3060 C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
2184 C:\Program Files\iPod\bin\iPodService.exe
3756 C:\Program Files\Windows Media Player\wmpnetwk.exe
660 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
1204 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1452 C:\Program Files\Hewlett-Packard\KBD\kbd.exe
2240 C:\Windows\System32\svchost.exe
2448 dllhost.exe
6088 C:\Windows\System32\SearchProtocolHost.exe
4240 C:\Windows\System32\SearchFilterHost.exe
4608 C:\Users\RaeJae\Desktop\MBRCheck.exe
5920 C:\Windows\System32\conhost.exe
1784 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`d6bac000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD502IJ, Rev: 1AA01117

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: CEFD837A02A1F4445A136688B10013AE4399C2CF


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
I ran ComboFix and it did its thing then it rebooted the computer,then it showed back up in a Blue Box saying 'Preparing Log Report. Do not run any programs until ComboFix has finished.'

But as that was happening the programs that usually boot up on startup did (CCleaner,Daemon Tools,Spybot).

This is the report but I hope its correct and I havent stuffed it up again:/

ComboFix 11-04-20.03 - RaeJae 21/04/2011 15:15:49.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.64.1033.18.2037.1236 [GMT 12:00]
Running from: c:\users\RaeJae\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\extensions\searchsettings@spigot.com
c:\program files\Search Settings
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\SearchSettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
C:\UNWISE.EXE
c:\virtualdjportable\VirtualDJPortable.exe
.
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
.
Infected copy of c:\windows\System32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
.
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2011-03-21 to 2011-04-21 )))))))))))))))))))))))))))))))
.
.
2011-04-21 03:22 . 2011-04-21 03:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-21 03:22 . 2011-04-21 03:22 -------- d-----w- c:\users\ChaKotAshWai\AppData\Local\temp
2011-04-20 23:27 . 2011-04-20 23:27 -------- d-----w- c:\users\RaeJae\AppData\Local\{5EC40114-D36E-48D6-97F7-C94AA36076D4}
2011-04-20 06:23 . 2011-04-20 06:23 -------- d-----w- c:\users\RaeJae\AppData\Roaming\Malwarebytes
2011-04-20 06:23 . 2010-12-20 06:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-20 06:23 . 2011-04-20 06:23 -------- d-----w- c:\programdata\Malwarebytes
2011-04-20 06:23 . 2011-04-20 06:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-20 06:23 . 2010-12-20 06:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 01:39 . 2011-04-20 01:39 -------- d-----w- c:\users\RaeJae\AppData\Local\{4C8437FA-9B99-4CBF-A3F1-FA613C1C825C}
2011-04-19 06:45 . 2011-04-19 06:45 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-04-19 05:03 . 2011-04-19 05:04 -------- d-----w- c:\users\RaeJae\AppData\Local\{609E11D7-485F-4B01-99E0-4ABBDE0E8B2A}
2011-04-19 04:40 . 2011-04-19 04:40 -------- d-----w- c:\users\RaeJae\AppData\Local\{C2E022B5-C93F-4EF5-A47B-FFCFD20FD017}
2011-04-16 01:18 . 2011-04-18 02:31 -------- d-----w- c:\users\RaeJae\AppData\Local\{787EAFD0-2B98-4F63-9D5B-331774D5E51C}
2011-04-15 03:33 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 03:33 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 03:33 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 03:33 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 03:33 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 03:33 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 03:33 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 03:33 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 03:33 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 03:33 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-14 03:21 . 2009-11-25 00:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-14 03:21 . 2009-11-25 00:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-14 03:21 . 2009-11-25 00:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2011-04-14 03:21 . 2009-11-25 00:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-14 03:21 . 2009-11-25 00:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-14 03:21 . 2009-11-25 00:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-14 03:21 . 2009-11-25 00:49 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-14 03:21 . 2004-01-09 10:13 380928 ----a-w- c:\windows\system32\actskin4.ocx
2011-04-14 03:20 . 2011-04-15 03:21 -------- d-----w- c:\users\RaeJae\AppData\Local\{8E2A8A4C-0535-4076-A51E-8B70D96314DB}
2011-04-14 00:58 . 2011-04-14 00:58 -------- d-----w- c:\program files\Common Files\Java
2011-04-14 00:58 . 2010-09-14 16:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 00:24 . 2011-04-14 00:24 -------- d-----w- c:\users\RaeJae\AppData\Local\Conduit
2011-04-14 00:12 . 2011-04-14 00:12 -------- d-----w- c:\users\RaeJae\AppData\Local\{6CF5DCAA-8975-4025-883D-218CE2D891AF}
2011-04-13 21:22 . 2011-04-14 00:14 -------- d-----w- c:\programdata\AVAST Software
2011-04-13 21:22 . 2011-04-13 21:22 -------- d-----w- c:\program files\AVAST Software
2011-04-13 21:22 . 2011-04-13 21:15 -------- d-----w- c:\programdata\PC Tools
2011-04-13 21:02 . 2011-04-13 21:02 200704 --sha-r- c:\windows\system32\LAPRXYQ.dll
2011-04-11 21:54 . 2011-04-13 09:57 -------- d-----w- c:\users\RaeJae\AppData\Local\{04323764-5268-48E8-86F3-62D7DC592526}
2011-04-11 07:38 . 2011-04-11 07:38 -------- d-----w- c:\users\RaeJae\AppData\Local\{AAAAF49F-BE39-47CC-9620-25FCB580F967}
2011-04-11 01:01 . 2011-04-13 21:26 -------- d-----w- c:\programdata\AVG10
2011-04-11 01:01 . 2011-04-11 01:06 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-11 01:00 . 2011-04-11 01:00 -------- d-----w- c:\program files\AVG
2011-04-10 07:37 . 2011-04-10 19:38 -------- d-----w- c:\users\RaeJae\AppData\Local\{1E3AC23E-0819-4446-944C-358872EC34D2}
2011-04-08 08:59 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A978259A-16ED-4949-B814-D8DB3B67FCB0}\mpengine.dll
2011-04-08 00:56 . 2011-04-09 12:57 -------- d-----w- c:\users\RaeJae\AppData\Local\{0E7B7C2E-6518-44A6-8DA6-56DE5271BEA1}
2011-04-08 00:39 . 2011-04-08 00:39 -------- dc-h--w- c:\programdata\{F751CA04-FB71-4EC0-ACC9-5B733D122C5E}
2011-04-08 00:38 . 2011-04-08 00:38 -------- dc-h--w- c:\programdata\{20EFD19B-675C-417B-A498-B0161D72FF88}
2011-04-08 00:36 . 2011-04-08 00:36 -------- dc-h--w- c:\programdata\{3C6B30C3-46C9-4FD1-AAC3-6011E43BF0D1}
2011-04-08 00:16 . 2011-04-08 00:16 -------- dc-h--w- c:\programdata\{F828BFD7-781D-4BD3-AD6C-71D19DC23493}
2011-04-08 00:02 . 2011-04-08 00:02 -------- dc-h--w- c:\programdata\{E6F7E8AE-5D26-4508-A961-B0231A24CCAE}
2011-04-07 23:48 . 2011-04-07 23:48 -------- dc-h--w- c:\programdata\{C5A0D307-9319-4B00-9734-C0F4B0454A7B}
2011-04-07 22:40 . 2011-04-07 22:40 -------- dc-h--w- c:\programdata\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}
2011-04-06 21:00 . 2011-04-07 12:55 -------- d-----w- c:\users\RaeJae\AppData\Local\{D0D41795-8F52-4E52-93FE-AEBCC1745C49}
2011-04-06 07:13 . 2011-04-06 07:13 -------- dc-h--w- c:\programdata\{16E6DCE6-1916-4566-A3CF-31880CAA7C63}
2011-04-06 04:13 . 2011-04-06 04:13 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-04-06 04:13 . 2011-04-06 04:15 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-04-06 04:13 . 2011-04-10 00:09 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-04-06 04:13 . 2011-04-06 04:18 -------- d-----w- c:\users\RaeJae\AppData\Roaming\DAEMON Tools Lite
2011-04-06 01:05 . 2009-10-24 09:15 1332224 ----a-w- c:\windows\system32\SYNSOEMU.DLL
2011-04-03 22:54 . 2011-04-06 00:40 -------- d-----w- c:\users\RaeJae\AppData\Local\{4F597D4D-CBC3-427C-A896-C4ECFD6FAFF8}
2011-04-03 06:49 . 2011-04-03 06:49 -------- d-----w- c:\users\RaeJae\AppData\Local\{A0BB2CE6-790F-44C5-8D8B-62BADB871418}
2011-04-02 11:54 . 2011-04-02 11:55 -------- d-----w- c:\users\RaeJae\AppData\Local\{ED84A8A4-45D6-4F0C-9663-C6F4EF268289}
2011-04-01 23:50 . 2011-04-01 23:54 -------- d-----w- c:\users\RaeJae\AppData\Local\{2CA530FE-C91F-421F-8F88-D1364FF07BEB}
2011-03-31 12:39 . 2011-04-01 00:40 -------- d-----w- c:\users\RaeJae\AppData\Local\{F06CD8E8-6A07-4E03-B663-8F60F9598E8E}
2011-03-30 21:17 . 2011-03-30 21:17 -------- d-----w- c:\programdata\AVS4YOU
2011-03-30 21:17 . 2011-03-30 21:17 -------- d-----w- c:\users\RaeJae\AppData\Roaming\AVS4YOU
2011-03-30 21:17 . 2011-03-30 21:17 -------- d-----w- c:\program files\Common Files\AVSMedia
2011-03-30 21:17 . 2011-03-30 21:17 -------- d-----w- c:\program files\AVS4YOU
2011-03-30 21:17 . 2011-01-10 22:53 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-03-30 20:43 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm
2011-03-30 20:37 . 2011-03-30 20:38 -------- d-----w- c:\users\RaeJae\AppData\Local\{7E25DA18-103E-4B1B-AF44-54D6418368E5}
2011-03-29 19:35 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-29 19:35 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-29 19:35 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-29 04:27 . 2011-04-06 07:27 -------- dc-h--w- c:\programdata\{37C683B9-C5C5-47D2-AC1F-B551207D4066}
2011-03-23 22:03 . 2011-04-06 20:58 -------- d-----w- c:\program files\BitTorrent
2011-03-23 22:03 . 2011-04-13 21:21 -------- d-----w- c:\users\RaeJae\AppData\Roaming\BitTorrent
2011-03-23 20:09 . 2011-03-23 20:09 -------- d-----w- c:\programdata\Arturia
2011-03-23 03:07 . 2009-12-14 02:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-03-23 03:04 . 2011-03-23 03:04 -------- d-----w- c:\users\RaeJae\AppData\Roaming\Acoustica
2011-03-23 03:04 . 2009-12-14 03:25 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2011-03-23 03:03 . 2011-03-23 03:03 -------- d-----w- c:\programdata\Acoustica
2011-03-23 00:39 . 2011-03-23 00:39 -------- d-----w- c:\programdata\Ralink
2011-03-23 00:38 . 2008-09-08 22:12 1597440 ----a-w- c:\windows\system32\RaCertMgr.dll
2011-03-23 00:38 . 2011-03-23 00:38 -------- d-----w- c:\programdata\NetComm Driver
2011-03-23 00:38 . 2009-04-28 05:23 724992 ----a-w- c:\windows\system32\drivers\netr28u.sys
2011-03-23 00:38 . 2009-04-28 04:50 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2011-03-23 00:38 . 2011-03-23 00:38 -------- d-----w- c:\program files\Cisco
2011-03-23 00:38 . 2008-12-03 03:03 97280 ----a-w- c:\windows\system32\RAEXTUI.dll
2011-03-23 00:38 . 2008-12-03 03:01 766464 ----a-w- c:\windows\system32\RAIHV.dll
2011-03-23 00:38 . 2008-07-08 19:03 1048576 ----a-w- c:\windows\system32\CiscoEapFast.dll
2011-03-23 00:38 . 2011-03-23 00:38 -------- d-----w- c:\program files\NetComm
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 22:40 . 2010-06-23 22:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-07 09:51 . 2011-03-07 09:51 338432 ----a-w- c:\windows\system32\REX Shared Library.dll
2011-02-17 11:22 . 2011-02-17 11:22 69632 ----a-w- c:\windows\system32\FxShared.dll
2011-02-17 11:22 . 2011-02-17 11:22 69632 ----a-w- c:\windows\system32\com.fxpansion.fxshared.dll
2011-02-03 05:45 . 2011-02-27 20:42 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 10:46 . 2011-02-02 10:46 406528 ----a-w- c:\windows\system32\ReWire.dll
2011-02-02 05:11 . 2010-01-03 08:06 222080 ------w- c:\windows\system32\MpSigStub.exe
2007-01-24 14:52 . 2007-01-24 14:52 65536 ----a-w- c:\program files\Common Files\NMSAccessU.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Freecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-17 23:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-10 02:51 3906656 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-17 333192]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-10 3906656]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-17 333192]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-10 3906656]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnVir Task Manager Free"="c:\program files\AnVir Task Manager Free\AnVir.exe" [2009-03-09 1563360]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-29 1689144]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-04-01 2228536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-03 75016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"hpsysdrv"="c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-13 248552]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"KBD"="c:\program files\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-14 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-14 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-14 150552]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2010-09-22 884584]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-11 202256]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-11-09 643592]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2010-1-9 49220]
NetComm Wireless Utility.lnk - c:\program files\NetComm\Common\RaUI.exe [2011-3-23 1830912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=KORGUMDD.DRV
"midi7"=KORGUMDD.DRV
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2010-03-04 19:25 2815488 ----a-w- c:\program files\DAP\DAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2010-05-11 04:43 6061400 ----a-w- c:\program files\Logitech\Vid\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid HD]
2010-05-11 04:43 6061400 ----a-w- c:\program files\Logitech\Vid\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-09 13:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [x]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-25 4639136]
R3 OXYGEN;Service for M-Audio Oxygen;c:\windows\system32\DRIVERS\MAudioOxygen.sys [2010-03-03 112136]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-02 1343400]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2009-12-16 375296]
S2 OxygenAudioDevMon;Oxygen Audio Device Monitor;c:\program files\M-Audio\Oxygen\AudioDevMon.exe [2010-03-03 1632776]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUMDS.SYS [2007-03-28 21984]
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [2009-11-09 158600]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-04-28 724992]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 11:00]
.
2011-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 11:00]
.
2011-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-677347413-2995805031-2245204369-1000Core.job
- c:\users\RaeJae\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 02:30]
.
2011-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-677347413-2995805031-2245204369-1000UA.job
- c:\users\RaeJae\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 02:30]
.
2011-03-28 c:\windows\Tasks\HPCeeScheduleForRaeJae.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-05-04 08:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=93&bd=Presario&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Envoyer à OneNote - /105
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.nz/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTAgent.exe
AddRemove-1100 DX - c:\users\raejae\desktop\meeeaaannn vsti's\DeIsL1.isu
AddRemove-RD - c:\users\RaeJae\Desktop\Today VST\RD\uninstall.exe
AddRemove-Native Instruments Hardware Controller Support - c:\programdata\{09B301EE-C58B-408E-8D5D-E17495536D3E}\Hardware Controller Support Setup.exe
AddRemove-Native Instruments Maschine Driver - c:\programdata\{EADDDB9C-2F20-4408-9D14-618D2AF3ADB4}\Maschine Driver Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-677347413-2995805031-2245204369-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-677347413-2995805031-2245204369-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(640)
c:\program files\AnVir Task Manager Free\AnvirHook55.dll
c:\users\RaeJae\AppData\Local\FLVService\lib\FLVSrvLib.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Windows Live\Family Safety\fsssvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\NMSAccessU.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\DllHost.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\KBD\kbd.exe
.
**************************************************************************
.
Completion time: 2011-04-21 15:31:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-21 03:31
.
Pre-Run: 204,448,718,848 bytes free
Post-Run: 204,336,889,856 bytes free
.
- - End Of File - - F02F6A887488F5FB2B709E420FBC5D02
 
I just ran Avast and no,no more Bamital warning. Does this mean that my computer is completely clean now?

The Avast I have is only a demo,60 days or something. Can you please suggest what a good security program or combo would be good for my computer? Apart from Avast,I really dont know what else I have or what I shouldn't have?! I know there is Spybot and Anvir Task Manager Free and CCleaner but I'm not entirely sure what does what and if I need certain ones or not.
 
Good news :)

Does this mean that my computer is completely clean now?
Click to expand...
We'll run couple more scans to make sure, you're clean.

As for security programs, I'll post more info at the end of this topic.
For now...I'm not sure what Avast version you installed, so you can uninstall, what you have now and install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

When done....

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
My computer just froze up while while in the process of installing Avast..Has the Avast installation progress screen and a Spybot Popup window (Browser Helper Object Value added)..The screen is frozen with these two things on it! What shall I do?
 
OTL Log Results 1

OTL logfile created on: 21/04/2011 7:56:26 p.m. - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\RaeJae\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.36 Gb Total Space | 190.31 Gb Free Space | 41.79% Space Free | Partition Type: NTFS
Drive D: | 10.40 Gb Total Space | 1.46 Gb Free Space | 14.05% Space Free | Partition Type: NTFS

Computer Name: RAEJAE-PC | User Name: RaeJae | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/21 16:17:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\RaeJae\Desktop\OTL.exe
PRC - [2011/04/19 05:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/05/11 15:11:30 | 001,188,176 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe
PRC - [2010/05/11 15:11:20 | 000,341,328 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\LWS\LU\LULnchr.exe
PRC - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/03/12 11:00:23 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/04 06:31:32 | 001,632,776 | ---- | M] (M-Audio) -- C:\Program Files\M-Audio\Oxygen\AudioDevMon.exe
PRC - [2009/12/16 16:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009/11/16 08:59:11 | 000,158,752 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2009/11/09 13:56:38 | 000,643,592 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe
PRC - [2009/10/31 18:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/08/28 11:53:00 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/14 13:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 13:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/29 09:29:48 | 001,830,912 | ---- | M] (NetComm Limited) -- C:\Program Files\NetComm\Common\RaUI.exe
PRC - [2009/03/09 12:50:50 | 001,563,360 | ---- | M] (AnVir Software) -- C:\Program Files\AnVir Task Manager Free\AnVir.exe
PRC - [2009/01/26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/12/13 15:36:46 | 000,049,220 | ---- | M] (Samsung) -- C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
PRC - [2007/01/25 02:52:26 | 000,065,536 | ---- | M] () -- C:\Program Files\Common Files\NMSAccessU.exe


========== Modules (SafeList) ==========

MOD - [2011/04/21 16:17:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\RaeJae\Desktop\OTL.exe
MOD - [2011/04/19 05:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/21 17:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/19 05:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/04 06:31:32 | 001,632,776 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files\M-Audio\Oxygen\AudioDevMon.exe -- (OxygenAudioDevMon)
SRV - [2010/03/02 14:08:54 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/05 06:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/12/16 16:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/07/14 13:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 13:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/01/25 02:52:26 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\NMSAccessU.exe -- (NMSAccessU)


========== Driver Services (SafeList) ==========

DRV - [2011/04/19 05:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/19 05:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/19 05:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/19 05:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/19 05:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/04/19 05:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/04 06:31:28 | 000,112,136 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioOxygen.sys -- (OXYGEN)
DRV - [2009/12/02 12:56:16 | 000,092,792 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/11/09 13:56:10 | 000,158,600 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV - [2009/07/14 11:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/04/28 17:23:52 | 000,724,992 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/01/21 02:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/03/29 01:11:00 | 000,021,984 | ---- | M] (KORG Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KORGUMDS.SYS -- (KORGUMDS)
DRV - [2006/08/28 16:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2006/08/28 16:12:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MTictwl.sys -- (MagicTune)
DRV - [2005/12/12 16:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2004/04/01 15:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=93&bd=Presario&pf=cndt
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
IE - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.nz/"
FF - prefs.js..extensions.enabledItems: apptabs@frankyan.com:0.6.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.4.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.2.5.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: tabberwocky@studio17.wordpress.com:1.1
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.2
FF - prefs.js..extensions.enabledItems: {eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c58}:2.0.2
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.5
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.0.4
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/12 11:01:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/02 23:06:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/02 23:06:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011/04/16 16:01:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins

[2010/01/17 23:03:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RaeJae\AppData\Roaming\Mozilla\Extensions
[2011/04/09 11:25:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions
[2010/10/28 08:59:02 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/03/25 20:39:18 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/04/28 07:46:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/01 09:59:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/22 15:10:13 | 000,000,000 | ---D | M] ("SecretHelper") -- C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions\{eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c58}
[2011/02/03 00:51:40 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010/03/02 14:19:26 | 000,000,000 | ---D | M] (App Tabs) -- C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions\apptabs@frankyan.com
[2011/03/25 20:39:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions\engine@conduit.com
[2010/03/02 14:19:26 | 000,000,000 | ---D | M] (Tabberwocky) -- C:\Users\RaeJae\AppData\Roaming\Mozilla\Firefox\Profiles\5w8gsb98.default\extensions\tabberwocky@studio17.wordpress.com
[2011/04/21 15:22:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/14 12:58:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 10\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\RAEJAE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5W8GSB98.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\USERS\RAEJAE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5W8GSB98.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\RAEJAE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5W8GSB98.DEFAULT\EXTENSIONS\{5C46D283-ABDE-4DCE-B83C-08881401921C}.XPI
() (No name found) -- C:\USERS\RAEJAE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5W8GSB98.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
() (No name found) -- C:\USERS\RAEJAE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5W8GSB98.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2010/01/05 10:34:19 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2007/03/10 11:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2011/04/21 15:24:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000..\Run: [AnVir Task Manager Free] C:\Program Files\AnVir Task Manager Free\AnVir.exe (AnVir Software)
O4 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.8.05.cab (Bebo Uploader Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-nz.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\RaeJae\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg
O24 - Desktop BackupWallPaper: C:\Users\RaeJae\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 09:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: midi1 - C:\Windows\System32\KORGUMDD.DRV (KORG Inc.)
Drivers32: midi7 - C:\Windows\System32\KORGUMDD.DRV (KORG Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
OTL Log Results 2

========== Files/Folders - Created Within 30 Days ==========

[2011/04/21 19:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/04/21 18:38:54 | 000,307,288 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/21 18:38:54 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/04/21 18:38:51 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/21 18:38:50 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/21 18:38:50 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/21 18:38:49 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/21 18:38:40 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/04/21 18:38:40 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/21 18:38:01 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\RaeJae\Desktop\OTL.exe
[2011/04/21 15:31:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/21 15:25:42 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{A8AE14F2-1E4F-483A-BD79-952B7A767ADC}
[2011/04/21 15:24:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/21 15:13:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/21 15:13:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/21 15:13:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/21 15:12:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/21 15:12:50 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/04/21 15:11:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/21 15:10:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/21 11:27:04 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{5EC40114-D36E-48D6-97F7-C94AA36076D4}
[2011/04/20 18:23:45 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Roaming\Malwarebytes
[2011/04/20 18:23:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/20 18:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/20 18:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/20 18:23:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/20 18:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/20 16:28:20 | 035,225,928 | ---- | C] (COMODO) -- C:\Users\RaeJae\Desktop\cfw_installer_x86.exe
[2011/04/20 16:28:20 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\RaeJae\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/20 16:28:20 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\RaeJae\Desktop\TFC.exe
[2011/04/20 13:39:20 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{4C8437FA-9B99-4CBF-A3F1-FA613C1C825C}
[2011/04/19 17:03:50 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{609E11D7-485F-4B01-99E0-4ABBDE0E8B2A}
[2011/04/19 16:40:17 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{C2E022B5-C93F-4EF5-A47B-FFCFD20FD017}
[2011/04/16 13:18:39 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{787EAFD0-2B98-4F63-9D5B-331774D5E51C}
[2011/04/14 15:20:23 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{8E2A8A4C-0535-4076-A51E-8B70D96314DB}
[2011/04/14 12:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/04/14 12:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/14 12:24:28 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\Conduit
[2011/04/14 12:12:57 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{6CF5DCAA-8975-4025-883D-218CE2D891AF}
[2011/04/14 09:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/04/14 09:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/14 09:22:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/04/12 22:11:46 | 000,000,000 | R--D | C] -- C:\Users\RaeJae\Desktop\REBEL WITHOUT APPLAUSE
[2011/04/12 09:54:47 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{04323764-5268-48E8-86F3-62D7DC592526}
[2011/04/11 22:00:29 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\Desktop\Silverback Gang
[2011/04/11 19:38:30 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{AAAAF49F-BE39-47CC-9620-25FCB580F967}
[2011/04/11 13:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/04/11 13:01:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/04/11 13:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/04/10 19:37:24 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{1E3AC23E-0819-4446-944C-358872EC34D2}
[2011/04/08 12:56:11 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{0E7B7C2E-6518-44A6-8DA6-56DE5271BEA1}
[2011/04/08 12:39:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F751CA04-FB71-4EC0-ACC9-5B733D122C5E}
[2011/04/08 12:38:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\{20EFD19B-675C-417B-A498-B0161D72FF88}
[2011/04/08 12:36:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\{3C6B30C3-46C9-4FD1-AAC3-6011E43BF0D1}
[2011/04/08 12:16:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F828BFD7-781D-4BD3-AD6C-71D19DC23493}
[2011/04/08 12:02:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E6F7E8AE-5D26-4508-A961-B0231A24CCAE}
[2011/04/08 11:48:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C5A0D307-9319-4B00-9734-C0F4B0454A7B}
[2011/04/08 10:40:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}
[2011/04/07 09:00:25 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{D0D41795-8F52-4E52-93FE-AEBCC1745C49}
[2011/04/06 19:13:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{16E6DCE6-1916-4566-A3CF-31880CAA7C63}
[2011/04/06 16:17:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2011/04/06 16:13:35 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/04/06 16:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/04/06 16:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011/04/06 16:13:00 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Roaming\DAEMON Tools Lite
[2011/04/06 16:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/04/06 13:05:32 | 001,332,224 | ---- | C] (AD © 2009) -- C:\Windows\System32\SYNSOEMU.DLL
[2011/04/05 16:35:21 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\Desktop\Mess Clean After
[2011/04/04 10:54:46 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{4F597D4D-CBC3-427C-A896-C4ECFD6FAFF8}
[2011/04/03 18:49:06 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{A0BB2CE6-790F-44C5-8D8B-62BADB871418}
[2011/04/02 23:54:57 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{ED84A8A4-45D6-4F0C-9663-C6F4EF268289}
[2011/04/02 11:50:47 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{2CA530FE-C91F-421F-8F88-D1364FF07BEB}
[2011/04/01 00:39:42 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{F06CD8E8-6A07-4E03-B663-8F60F9598E8E}
[2011/03/31 09:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2011/03/31 09:17:25 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Roaming\AVS4YOU
[2011/03/31 09:17:18 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/03/31 09:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/03/31 09:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2011/03/31 09:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2011/03/31 08:37:53 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Local\{7E25DA18-103E-4B1B-AF44-54D6418368E5}
[2011/03/29 16:27:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\{37C683B9-C5C5-47D2-AC1F-B551207D4066}
[2011/03/24 10:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2011/03/24 10:03:06 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Roaming\BitTorrent
[2011/03/24 08:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Arturia
[2011/03/23 15:04:17 | 000,057,344 | ---- | C] (NexiTech, Inc.) -- C:\Windows\System32\Wnaspint.dll
[2011/03/23 15:04:17 | 000,000,000 | ---D | C] -- C:\Users\RaeJae\AppData\Roaming\Acoustica
[2011/03/23 15:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Acoustica
[2011/03/23 12:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2011/03/23 12:38:58 | 001,597,440 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RaCertMgr.dll
[2011/03/23 12:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetComm Wireless
[2011/03/23 12:38:49 | 000,724,992 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\System32\drivers\netr28u.sys
[2011/03/23 12:38:49 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\System32\RaCoInst.dll
[2011/03/23 12:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NetComm Driver
[2011/03/23 12:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2011/03/23 12:38:20 | 000,766,464 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RAIHV.dll
[2011/03/23 12:38:20 | 000,097,280 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RAEXTUI.dll
[2011/03/23 12:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\NetComm

========== Files - Modified Within 30 Days ==========

[2011/04/21 19:42:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/21 19:22:21 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/21 19:22:21 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/21 19:21:58 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-677347413-2995805031-2245204369-1000UA.job
[2011/04/21 19:20:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-677347413-2995805031-2245204369-1000Core.job
[2011/04/21 19:15:16 | 000,000,632 | RHS- | M] () -- C:\Users\RaeJae\ntuser.pol
[2011/04/21 19:15:13 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/21 19:14:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/21 19:14:30 | 1602,101,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/21 19:10:53 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/21 19:10:52 | 000,000,000 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/21 18:17:13 | 002,144,362 | ---- | M] () -- C:\Users\RaeJae\Desktop\Noize Kontrol - What Goes On Tour Rough Beat.mp3
[2011/04/21 16:17:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\RaeJae\Desktop\OTL.exe
[2011/04/21 16:15:08 | 056,189,640 | ---- | M] () -- C:\Users\RaeJae\Desktop\setup_av_free.exe
[2011/04/21 15:24:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/21 15:12:43 | 004,325,691 | R--- | M] () -- C:\Users\RaeJae\Desktop\ComboFix.exe
[2011/04/21 13:48:10 | 000,080,384 | ---- | M] () -- C:\Users\RaeJae\Desktop\MBRCheck.exe
[2011/04/20 18:23:28 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/20 18:21:12 | 000,010,374 | -HS- | M] () -- C:\Users\RaeJae\AppData\Local\0v128yg110yy544h80wqr2
[2011/04/20 17:30:52 | 000,010,374 | -HS- | M] () -- C:\ProgramData\0v128yg110yy544h80wqr2
[2011/04/20 16:23:15 | 000,659,294 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/20 16:23:15 | 000,140,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/20 14:18:50 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\RaeJae\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/20 14:17:12 | 000,625,664 | ---- | M] () -- C:\Users\RaeJae\Desktop\dds.scr
[2011/04/20 14:16:38 | 000,301,568 | ---- | M] () -- C:\Users\RaeJae\Desktop\1gdrr692.exe
[2011/04/20 14:15:34 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\RaeJae\Desktop\TFC.exe
[2011/04/20 11:58:22 | 035,225,928 | ---- | M] (COMODO) -- C:\Users\RaeJae\Desktop\cfw_installer_x86.exe
[2011/04/20 09:41:52 | 000,003,486 | ---- | M] () -- C:\Users\RaeJae\Documents\cc_20110420_094146.reg
[2011/04/19 05:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/19 05:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/04/19 05:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/19 05:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/19 05:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/19 05:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/19 05:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/19 05:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/04/16 13:16:52 | 000,438,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/14 12:26:14 | 000,045,494 | ---- | M] () -- C:\Users\RaeJae\Documents\cc_20110414_122612.reg
[2011/04/14 12:24:44 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/14 09:21:42 | 000,008,782 | ---- | M] () -- C:\Users\RaeJae\Documents\cc_20110414_092139.reg
[2011/04/14 09:02:12 | 000,200,704 | RHS- | M] () -- C:\Windows\System32\LAPRXYQ.dll
[2011/04/11 18:02:34 | 000,000,000 | ---- | M] () -- C:\Users\RaeJae\AppData\Local\prvlcl.dat
[2011/04/11 13:06:30 | 074,465,036 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/04/09 13:36:19 | 000,114,422 | ---- | M] () -- C:\Users\RaeJae\Documents\cc_20110409_133615.reg
[2011/04/08 14:02:18 | 035,778,560 | ---- | M] () -- C:\Users\RaeJae\Desktop\Maschine 1.5 Beat.wav
[2011/04/08 12:38:41 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Controller Editor.lnk
[2011/04/08 10:40:23 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Service Center.lnk
[2011/04/08 08:56:46 | 024,977,120 | ---- | M] () -- C:\Users\RaeJae\Desktop\Maschine Rough.wav
[2011/04/07 18:48:30 | 015,274,235 | ---- | M] () -- C:\Users\RaeJae\Desktop\PainKiller - HitzBeat.mp3
[2011/04/06 16:13:35 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/04/06 16:13:29 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/04/02 14:44:39 | 000,002,830 | ---- | M] () -- C:\Users\RaeJae\Documents\cc_20110402_154436.reg
[2011/03/31 17:08:10 | 000,015,442 | ---- | M] () -- C:\Users\RaeJae\Documents\cc_20110331_180806.reg
[2011/03/31 09:17:20 | 000,001,257 | ---- | M] () -- C:\Users\RaeJae\Desktop\AVS4YOU Software Navigator.lnk
[2011/03/31 09:17:10 | 000,001,201 | ---- | M] () -- C:\Users\RaeJae\Desktop\AVS Image Converter.lnk
[2011/03/28 15:09:54 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRaeJae.job
[2011/03/25 00:02:51 | 000,036,534 | ---- | M] () -- C:\Users\RaeJae\Desktop\Document 1.rns
[2011/03/24 10:03:47 | 000,000,963 | ---- | M] () -- C:\Users\RaeJae\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/03/24 10:03:47 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2011/03/23 17:23:12 | 000,023,544 | ---- | M] () -- C:\Users\RaeJae\Documents\cc_20110323_182300.reg
[2011/03/23 12:38:58 | 000,001,947 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NetComm Wireless Utility.lnk

========== Files Created - No Company Name ==========

[2011/04/21 18:38:54 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/21 18:37:58 | 056,189,640 | ---- | C] () -- C:\Users\RaeJae\Desktop\setup_av_free.exe
[2011/04/21 18:15:10 | 002,144,362 | ---- | C] () -- C:\Users\RaeJae\Desktop\Noize Kontrol - What Goes On Tour Rough Beat.mp3
[2011/04/21 15:13:15 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/21 15:13:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/21 15:13:15 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/21 15:13:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/21 15:13:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/21 13:53:06 | 000,080,384 | ---- | C] () -- C:\Users\RaeJae\Desktop\MBRCheck.exe
[2011/04/21 13:53:05 | 004,325,691 | R--- | C] () -- C:\Users\RaeJae\Desktop\ComboFix.exe
[2011/04/20 18:23:28 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/20 16:28:22 | 000,301,568 | ---- | C] () -- C:\Users\RaeJae\Desktop\1gdrr692.exe
[2011/04/20 16:28:20 | 000,625,664 | ---- | C] () -- C:\Users\RaeJae\Desktop\dds.scr
[2011/04/20 09:41:50 | 000,003,486 | ---- | C] () -- C:\Users\RaeJae\Documents\cc_20110420_094146.reg
[2011/04/19 23:26:16 | 000,010,374 | -HS- | C] () -- C:\Users\RaeJae\AppData\Local\0v128yg110yy544h80wqr2
[2011/04/19 23:26:16 | 000,010,374 | -HS- | C] () -- C:\ProgramData\0v128yg110yy544h80wqr2
[2011/04/16 19:11:07 | 015,274,235 | ---- | C] () -- C:\Users\RaeJae\Desktop\PainKiller - HitzBeat.mp3
[2011/04/14 12:26:13 | 000,045,494 | ---- | C] () -- C:\Users\RaeJae\Documents\cc_20110414_122612.reg
[2011/04/14 09:21:41 | 000,008,782 | ---- | C] () -- C:\Users\RaeJae\Documents\cc_20110414_092139.reg
[2011/04/14 09:02:12 | 000,200,704 | RHS- | C] () -- C:\Windows\System32\LAPRXYQ.dll
[2011/04/11 13:06:30 | 074,465,036 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/04/09 13:36:17 | 000,114,422 | ---- | C] () -- C:\Users\RaeJae\Documents\cc_20110409_133615.reg
[2011/04/08 14:02:18 | 035,778,560 | ---- | C] () -- C:\Users\RaeJae\Desktop\Maschine 1.5 Beat.wav
[2011/04/08 12:38:41 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Controller Editor.lnk
[2011/04/08 10:40:23 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Service Center.lnk
[2011/04/08 08:56:41 | 024,977,120 | ---- | C] () -- C:\Users\RaeJae\Desktop\Maschine Rough.wav
[2011/04/06 16:13:29 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/04/02 14:44:37 | 000,002,830 | ---- | C] () -- C:\Users\RaeJae\Documents\cc_20110402_154436.reg
[2011/03/31 17:08:09 | 000,015,442 | ---- | C] () -- C:\Users\RaeJae\Documents\cc_20110331_180806.reg
[2011/03/31 09:17:20 | 000,001,257 | ---- | C] () -- C:\Users\RaeJae\Desktop\AVS4YOU Software Navigator.lnk
[2011/03/31 09:17:10 | 000,001,201 | ---- | C] () -- C:\Users\RaeJae\Desktop\AVS Image Converter.lnk
[2011/03/24 16:10:44 | 000,036,534 | ---- | C] () -- C:\Users\RaeJae\Desktop\Document 1.rns
[2011/03/24 10:03:47 | 000,000,963 | ---- | C] () -- C:\Users\RaeJae\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/03/24 10:03:47 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2011/03/23 17:23:02 | 000,023,544 | ---- | C] () -- C:\Users\RaeJae\Documents\cc_20110323_182300.reg
[2011/03/23 12:38:58 | 000,001,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NetComm Wireless Utility.lnk
[2011/03/23 12:38:49 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2011/02/17 23:22:04 | 000,069,632 | ---- | C] () -- C:\Windows\System32\FxShared.dll
[2011/02/17 23:22:04 | 000,069,632 | ---- | C] () -- C:\Windows\System32\com.fxpansion.fxshared.dll
[2011/01/18 14:25:24 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2010/12/20 16:24:25 | 002,600,164 | ---- | C] () -- C:\Users\RaeJae\AppData\Local\TempMediaPlay.wav
[2010/12/10 12:11:06 | 000,000,004 | ---- | C] () -- C:\ProgramData\sysid100.dat
[2010/12/01 09:14:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\Hyperman.dll
[2010/12/01 09:11:54 | 000,024,576 | ---- | C] () -- C:\Windows\System32\Wavlbsys.dll
[2010/11/30 14:04:41 | 000,129,024 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2010/11/30 13:58:05 | 000,520,267 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[2010/11/30 13:23:51 | 000,002,240 | ---- | C] () -- C:\Windows\LENDIG.sys
[2010/11/29 11:55:05 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll
[2010/10/15 10:48:13 | 000,000,000 | ---- | C] () -- C:\Users\RaeJae\AppData\Local\prvlcl.dat
[2010/08/25 03:00:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\privatedata.dll
[2010/08/14 19:14:27 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/06/29 23:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/06/02 10:35:15 | 000,217,088 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2010/06/02 10:35:09 | 001,362,460 | ---- | C] () -- C:\Windows\System32\ExpansionHD_Firmware.bin
[2010/05/14 21:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/05/14 21:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/05/14 21:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/05/14 21:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010/05/03 11:29:33 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2010/05/03 11:27:48 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2010/05/03 11:27:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
[2010/02/25 20:31:40 | 000,005,632 | ---- | C] () -- C:\Users\RaeJae\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/02 01:09:05 | 000,212,992 | ---- | C] () -- C:\Windows\ALCHUNIN.EXE
[2010/01/24 16:06:36 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2010/01/21 13:38:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/17 23:08:10 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/01/09 13:40:49 | 000,013,312 | ---- | C] () -- C:\Windows\System32\drivers\MTictwl.sys
[2010/01/08 12:31:11 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/01/05 12:08:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/01/04 01:21:38 | 000,000,052 | ---- | C] () -- C:\Windows\Relax.ini
[2010/01/04 01:13:49 | 000,185,856 | ---- | C] () -- C:\Windows\System32\Bmp2Jpeg.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 16:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 16:33:53 | 000,438,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 14:05:48 | 000,659,294 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 14:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 14:05:48 | 000,140,320 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 14:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 14:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 14:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 11:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 11:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 11:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 09:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/05 01:19:59 | 000,354,816 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2009/05/05 01:19:59 | 000,108,032 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/04/18 22:07:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2007/01/25 02:52:26 | 000,065,536 | ---- | C] () -- C:\Program Files\Common Files\NMSAccessU.exe

========== LOP Check ==========

[2010/04/23 18:33:46 | 000,000,000 | ---D | M] -- C:\Users\ChaKotAshWai\AppData\Roaming\Ashampoo Cover Studio 2
[2010/06/06 15:32:01 | 000,000,000 | ---D | M] -- C:\Users\ChaKotAshWai\AppData\Roaming\ElementalsTheMagicKey
[2010/09/24 18:50:26 | 000,000,000 | ---D | M] -- C:\Users\ChaKotAshWai\AppData\Roaming\Friday's games
[2010/05/04 18:50:56 | 000,000,000 | ---D | M] -- C:\Users\ChaKotAshWai\AppData\Roaming\funkitron
[2010/05/04 18:36:06 | 000,000,000 | ---D | M] -- C:\Users\ChaKotAshWai\AppData\Roaming\Jane s Hotel Family Hero
[2010/02/09 17:02:12 | 000,000,000 | ---D | M] -- C:\Users\ChaKotAshWai\AppData\Roaming\WildTangent
[2010/12/09 11:15:20 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\4Front
[2010/06/02 09:13:21 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Ableton
[2011/03/23 15:04:17 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Acoustica
[2010/01/17 23:03:32 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Ambient Design
[2010/06/01 18:50:10 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Ancient Quest of Saqqarah__wildtan
[2010/11/30 12:32:50 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Applied Acoustics Systems
[2010/04/27 07:55:42 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Ashampoo
[2011/04/13 02:57:59 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Ashampoo Cover Studio 2
[2011/02/03 14:34:01 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\AVG10
[2011/04/14 09:21:00 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\BitTorrent
[2010/12/27 15:54:51 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Blue Cat Audio
[2010/01/17 23:03:32 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Bump Technologies, Inc
[2010/06/17 09:05:15 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/06 16:18:18 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\DAEMON Tools Lite
[2011/02/02 22:43:16 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\DAEMON Tools Pro
[2010/12/03 09:05:50 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Deckadance16
[2010/06/29 19:20:03 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Dexpot
[2010/11/30 13:39:59 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\FabFilter
[2010/01/17 23:03:33 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Foxit
[2010/03/30 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Foxit Software
[2010/10/15 11:44:40 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\FreeImageConverter
[2010/04/22 20:52:55 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\FreezeTag
[2010/10/11 10:20:15 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\FrostWire
[2010/05/11 19:27:47 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\funkitron
[2011/02/17 23:23:59 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\FXpansion
[2010/03/05 08:51:26 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\GetRightToGo
[2010/03/31 13:54:48 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\ImgBurn
[2010/08/17 17:45:37 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\ImTOO
[2010/02/03 11:10:03 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\IObit
[2010/06/12 10:16:40 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\iShell
[2010/12/10 13:07:11 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\iZotope
[2010/06/27 18:40:20 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Leadertech
[2010/01/20 15:42:52 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\MysteryStudio
[2010/05/10 20:02:49 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\NCH Swift Sound
[2011/04/01 01:55:23 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\PACE Anti-Piracy
[2011/04/05 16:34:44 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\PreSonus
[2011/02/02 22:48:25 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Propellerhead Software
[2010/02/03 01:00:48 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Publish Providers
[2010/01/20 17:28:41 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Recordpad
[2010/11/11 15:42:34 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Smartelectronix
[2010/12/20 19:30:30 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Sony
[2010/02/23 12:10:19 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\SynthMaker
[2010/05/07 12:39:07 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\SystemRequirementsLab
[2010/11/02 18:18:29 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\TweakNow RegCleaner
[2010/05/10 10:49:16 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/01/24 20:38:04 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Uniblue
[2010/01/17 23:03:42 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Virtual City
[2010/02/17 12:15:33 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\VitySoft
[2010/12/06 09:57:27 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Waves Audio
[2010/01/17 23:03:43 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\WildTangent
[2010/01/17 23:03:43 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\WinBatch
[2010/03/05 08:53:15 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Xilisoft Corporation
[2011/03/04 21:48:30 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/11 09:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 13:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/01/18 19:41:48 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/04/21 15:31:52 | 000,026,243 | ---- | M] () -- C:\ComboFix.txt
[2009/06/11 09:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/10/15 13:31:44 | 000,001,370 | ---- | M] () -- C:\docuPrinter.log
[2010/10/21 21:53:27 | 000,002,750 | ---- | M] () -- C:\FINIS_IT.TXT
[2011/04/21 19:14:30 | 1602,101,248 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/20 16:25:30 | 000,015,803 | ---- | M] () -- C:\INSTALL.LOG
[2010/08/06 12:17:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/06 12:17:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/04/21 19:14:35 | 2136,137,728 | -HS- | M] () -- C:\pagefile.sys
[2009/05/05 01:44:16 | 000,000,349 | ---- | M] () -- C:\updatedatfix.log
[2008/08/27 00:37:52 | 000,000,458 | ---- | M] () -- C:\Windows Sidebar

< %systemroot%\Fonts\*.com >
[2009/07/14 16:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 16:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 16:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 16:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 09:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/06/22 17:58:20 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2009/07/14 13:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/14 13:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/04/19 05:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 16:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/01/04 02:44:15 | 000,000,221 | -HS- | M] () -- C:\Users\RaeJae\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2010/01/17 23:20:41 | 000,000,221 | -HS- | M] () -- C:\Users\RaeJae\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/01/05 10:35:14 | 000,000,201 | ---- | M] () -- C:\Users\RaeJae\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.url

< %USERPROFILE%\Desktop\*.exe >
[2011/04/20 14:16:38 | 000,301,568 | ---- | M] () -- C:\Users\RaeJae\Desktop\1gdrr692.exe
[2011/04/20 11:58:22 | 035,225,928 | ---- | M] (COMODO) -- C:\Users\RaeJae\Desktop\cfw_installer_x86.exe
[2011/04/21 15:12:43 | 004,325,691 | R--- | M] () -- C:\Users\RaeJae\Desktop\ComboFix.exe
[2011/04/20 14:18:50 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\RaeJae\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/21 13:48:10 | 000,080,384 | ---- | M] () -- C:\Users\RaeJae\Desktop\MBRCheck.exe
[2011/04/21 16:17:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\RaeJae\Desktop\OTL.exe
[2011/04/21 16:15:08 | 056,189,640 | ---- | M] () -- C:\Users\RaeJae\Desktop\setup_av_free.exe
[2011/04/20 14:15:34 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\RaeJae\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >
[2007/01/25 02:52:26 | 000,065,536 | ---- | M] () -- C:\Program Files\Common Files\NMSAccessU.exe

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/11 09:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/14 21:36:52 | 000,000,402 | -HS- | M] () -- C:\Users\RaeJae\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/04/20 17:30:52 | 000,010,374 | -HS- | M] () -- C:\ProgramData\0v128yg110yy544h80wqr2

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 1238 bytes -> C:\Users\RaeJae\AppData\Local\3KDlJfWHhxqk8US:eek:0XruD21dPH8RG99Zx2A
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:D74B6CF5
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 1057 bytes -> C:\Users\RaeJae\AppData\Local\mhpZyXByCHO9WP:Fu8w9uaQQLrCJXEJHIpdfbnC
@Alternate Data Stream - 1033 bytes -> C:\Users\RaeJae\AppData\Local\Temp:SVSytjQYCf1FZESAvcJs0tQMN

< End of report >
 
OTL Log Extras

OTL Extras logfile created on: 21/04/2011 7:56:26 p.m. - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\RaeJae\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.36 Gb Total Space | 190.31 Gb Free Space | 41.79% Space Free | Partition Type: NTFS
Drive D: | 10.40 Gb Total Space | 1.46 Gb Free Space | 14.05% Space Free | Partition Type: NTFS

Computer Name: RAEJAE-PC | User Name: RaeJae | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-677347413-2995805031-2245204369-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E086923-AAA3-4F98-A6E2-48B64CE27553}" = Native Instruments Reaktor Factory Selection
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{11F703F5-DCAF-49EC-8CD2-488F483E32B0}" = KORG USB-MIDI Driver Tools for Windows
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20140000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2010 (Beta)
"{20140000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2010 (Beta)
"{20140000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2010 (Beta)
"{20140000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2010 (Beta)
"{20140000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2010 (Beta)
"{20140000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2010 (Beta)
"{20140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010 (Beta)
"{20140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2010 (Beta)
"{20140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 (Beta)
"{20140000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2010 (Beta)
"{20140000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2010 (Beta)
"{20F5F3A3-8BF3-68B2-7133-D8A43F69AC7D}" = TweetDeck
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236E0A03-6110-485E-B0F9-399215948BB7}" = M-Audio FastTrackPro Driver 6.0.2 (x86)
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{267B3E82-C941-47D8-BCD3-1BBBB56FCBC6}" = Native Instruments Maschine Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{33286B63-B749-4D54-AA04-5631319B168D}" = GEAR driver installer for x86 Win2K
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{348CE492-86E7-4594-9051-2F3DCE39463F}" = V-Station
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{423C4130-EBC3-410A-B3A0-37BBF9D607D5}" = T-RackS 3 Deluxe
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4EBE7270-A95A-4A03-82C0-41A6F38A4DB2}" = Native Instruments Maschine Factory Content 1.5
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6438691E-D44E-4A18-B6C4-D1EB26281D6A}" = Native Instruments Mikro Prism
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F099B88-FE9D-4287-BE5F-3ED2BD16223C}" = Native Instruments Maschine
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80D3F817-2D33-4643-B900-64AE2C0C4745}" = M-Audio Oxygen Driver 1.2.1 (x86)
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = NetComm NetComm 900n Series Wireless USB Adapter
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94056AE8-EF0F-45E4-A1B4-D754115F8A28}" = Numedia CD-DVD writing as non-admin user
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FA2E0CF-64E8-3536-BA71-618A48D9AF55}" = Google Talk Plugin
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2DDE39D-BA16-4DBB-9C96-A6703142DCF3}" = Native Instruments Komplete 7 Players
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1" = Bass Station 1.50
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFE354A5-640F-4A23-94C8-0B441E8967CA}" = Digidesign Shared Plug-Ins 7.4
"{B0FC9E28-1CE6-4A40-BEF1-C6E6EDFCA070}" = Native Instruments Kontakt Factory Selection
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D28571EC-82E4-414D-B09D-BBA1B5B3FE55}" = Native Instruments Maschine Factory Content
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D5D3F942-1061-4031-8032-D78728F9A920}" = Windows 7 Manager
"{D77332DD-FA53-4E49-9F4B-3863B8D56196}" = KORG padKONTROL Editor Librarian
"{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1" = Focusrite Scarlett Plug-in Suite 1.1
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FC6AFD44-EDF9-4A03-AB9E-16A5391FE24F}" = Native Instruments Maschine
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF600C37-6328-4348-A67A-3F85D8039604}" = Native Instruments Kore Player
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Abbeyroadplugins EMI Brilliance Pack VST RTAS_is1" = Abbeyroadplugins EMI Brilliance Pack VST RTAS v1.0.6
"Abbeyroadplugins EMI RS 124 Compressor VST RTAS_is1" = Abbeyroadplugins EMI RS 124 Compressor VST RTAS v1.0
"Abbeyroadplugins EMI TG 12413 Limiter VST RTAS_is1" = Abbeyroadplugins EMI TG 12413 Limiter VST RTAS v2.0.1
"Abbeyroadplugins EMI TG Mastering Pack VST RTAS_is1" = Abbeyroadplugins EMI TG Mastering Pack VST RTAS v1.0.2
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Analog Factory HipHop_is1" = Analog Factory HipHop 2.2.1
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"Antares Filter VST DX v1.01" = Antares Filter VST DX v1.01
"Antares Harmony Engine VST RTAS_is1" = Antares Harmony Engine VST RTAS v1.0
"Antares Microphone Modeler DX v1.32" = Antares Microphone Modeler DX v1.32
"Antares Tube VST v1.02" = Antares Tube VST v1.02
"AnVir Task Manager Free" = AnVir Task Manager Free
"Arturia Arp2600 V v1.0" = Arturia Arp2600 V v1.0
"Arturia CS-80V_is1" = Arturia CS-80V v1.6
"Arturia minimoog V_is1" = Arturia minimoog V v1.6
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Ashampoo Cover Studio 2_is1" = Ashampoo Cover Studio 2.2.0
"Ashampoo Internet Accelerator 3_is1" = Ashampoo Internet Accelerator 3.20
"Ashampoo Magical Snap 2_is1" = Ashampoo Magical Snap 2.31
"Ashampoo Music Studio 2009_is1" = Ashampoo Music Studio 2009
"Ashampoo Slideshow Studio 2010_is1" = Ashampoo Slideshow Studio 2010
"ASIO4ALL" = ASIO4ALL
"Ask Toolbar_is1" = Foxit Toolbar
"avast" = avast! Free Antivirus
"AVS Image Converter_is1" = AVS Image Converter 1.3.3.146
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BitTorrent" = BitTorrent
"bx_shredspread Native_is1" = bx_shredspread Native 1.0.3
"CCleaner" = CCleaner
"Clean!" = Clean! v1.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"DeClicker" = Steinberg DeClicker v1.21
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"eLicenser Control" = eLicenser Control
"FL Studio 9" = FL Studio 9
"Foxit Reader" = Foxit Reader
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.0" = Freecorder 4.0 Application
"Game Booster_is1" = Game Booster
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IL Download Manager" = IL Download Manager
"ImgBurn" = ImgBurn
"impOSCar" = GForce - impOSCar
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Live 6.0.1" = Live 6.0.1
"Live 8.1.3" = Live 8.1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mastering Edition" = Steinberg Mastering Edition v1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Native Instruments Absynth 4" = Native Instruments Absynth 4
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Komplete 7 Players" = Native Instruments Komplete 7 Players
"Native Instruments Kontakt 4" = Native Instruments Kontakt 4
"Native Instruments Kontakt Factory Selection" = Native Instruments Kontakt Factory Selection
"Native Instruments Kore Player" = Native Instruments Kore Player
"Native Instruments Maschine" = Native Instruments Maschine
"Native Instruments Maschine Controller Driver" = Native Instruments Maschine Controller Driver
"Native Instruments Maschine Factory Content" = Native Instruments Maschine Factory Content
"Native Instruments Maschine Factory Content 1.5" = Native Instruments Maschine Factory Content 1.5
"Native Instruments Massive v1.0.1.008 VSTi DXi RTAS" = Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
"Native Instruments Mikro Prism" = Native Instruments Mikro Prism
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Factory Selection" = Native Instruments Reaktor Factory Selection
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"Oddity" = GForce - Oddity
"Oddity VST2" = GMediaMusic - Oddity VST2
"Office14.SingleImage" = Microsoft Office Professionnel 2010
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"PhotoStage" = PhotoStage Slideshow Producer
"PoiZone" = PoiZone
"PreSonus Studio One" = PreSonus Studio One
"PROHYBRIDR" = 2007 Microsoft Office system
"Prosoniq OrangeVocoder v1.4" = Prosoniq OrangeVocoder v1.4
"pywin32-py2.6" = Python 2.6 pywin32-212
"RB MOLOTOF V11.0.0" = RB MOLOTOF V1
"RealPlayer 12.0" = RealPlayer
"Reason5_is1" = Reason 5.0
"Rob Papen Albino 2" = Rob Papen Albino 2
"Sakura" = Sakura
"Sawer" = Sawer
"SONiVOX 2.0 DVI Creamy Fuzz Guitar_is1" = SONiVOX DVI Creamy Fuzz Guitar
"Stillwell Audio Plugins Bundle VST v1.52" = Stillwell Audio Plugins Bundle VST v1.52
"Toxic Biohazard" = Toxic Biohazard
"TruePianos: Amber Module_is1" = TruePianos: Amber Module 1.4.0
"TruePianos: Diamond Module_is1" = TruePianos: Diamond Module 1.4.0
"TruePianos: Emerald Module_is1" = TruePianos: Emerald Module 1.4.0
"TruePianos: Sapphire Module_is1" = TruePianos: Sapphire Module 1.4.0
"TruePianos_is1" = TruePianos 1.4.1
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Universal Audio v4.4.0 Native" = Universal Audio v4.4.0 Native
"VLC media player" = VLC media player 1.0.3
"VST" = VST Compressor
"WavePad" = WavePad Sound Editor
"Waves Mercury Bundle" = Waves Mercury Bundle
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WT083427" = Elementals - The Magic Key
"WT083777" = Murder She Wrote
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-677347413-2995805031-2245204369-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/10/2010 8:39:46 p.m. | Computer Name = RaeJae-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 999

Error - 2/10/2010 8:39:46 p.m. | Computer Name = RaeJae-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 999

Error - 2/10/2010 8:39:47 p.m. | Computer Name = RaeJae-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/10/2010 8:39:47 p.m. | Computer Name = RaeJae-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3058

Error - 2/10/2010 8:39:47 p.m. | Computer Name = RaeJae-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3058

Error - 2/10/2010 8:39:48 p.m. | Computer Name = RaeJae-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/10/2010 8:39:48 p.m. | Computer Name = RaeJae-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4056

Error - 2/10/2010 8:39:48 p.m. | Computer Name = RaeJae-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4056

Error - 2/10/2010 8:39:49 p.m. | Computer Name = RaeJae-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/10/2010 8:39:49 p.m. | Computer Name = RaeJae-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5055

[ System Events ]
Error - 21/04/2011 12:07:35 a.m. | Computer Name = RaeJae-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 AvgTdiX

Error - 21/04/2011 12:10:22 a.m. | Computer Name = RaeJae-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 21/04/2011 3:06:39 a.m. | Computer Name = RaeJae-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:38:06 p.m. on ?21/?04/?2011 was
unexpected.

Error - 21/04/2011 3:06:39 a.m. | Computer Name = RaeJae-PC | Source = Service Control Manager | ID = 7000
Description = The aswFsBlk service failed to start due to the following error: %%2

Error - 21/04/2011 3:06:44 a.m. | Computer Name = RaeJae-PC | Source = Service Control Manager | ID = 7001
Description = The SBSD Security Center Service service depends on the Security Center
service which failed to start because of the following error: %%1058

Error - 21/04/2011 3:06:49 a.m. | Computer Name = RaeJae-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
aswRdr AvgLdx86 AvgMfx86 AvgTdiX

Error - 21/04/2011 3:07:27 a.m. | Computer Name = RaeJae-PC | Source = bowser | ID = 8003
Description =

Error - 21/04/2011 3:15:13 a.m. | Computer Name = RaeJae-PC | Source = Service Control Manager | ID = 7001
Description = The SBSD Security Center Service service depends on the Security Center
service which failed to start because of the following error: %%1058

Error - 21/04/2011 3:15:14 a.m. | Computer Name = RaeJae-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 AvgTdiX

Error - 21/04/2011 3:18:04 a.m. | Computer Name = RaeJae-PC | Source = bowser | ID = 8003
Description =


< End of report >
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-677347413-2995805031-2245204369-1000\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2011/04/11 13:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/04/11 13:01:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/04/11 13:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/04/20 18:21:12 | 000,010,374 | -HS- | M] () -- C:\Users\RaeJae\AppData\Local\0v128yg110yy544h80wqr2
[2011/04/20 17:30:52 | 000,010,374 | -HS- | M] () -- C:\ProgramData\0v128yg110yy544h80wqr2
[2011/04/14 09:02:12 | 000,200,704 | RHS- | C] () -- C:\Windows\System32\LAPRXYQ.dll
[2011/02/03 14:34:01 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\AVG10
[2010/01/24 20:38:04 | 000,000,000 | ---D | M] -- C:\Users\RaeJae\AppData\Roaming\Uniblue
@Alternate Data Stream - 1238 bytes -> C:\Users\RaeJae\AppData\Local\3KDlJfWHhxqk8US:o0XruD21dPH8RG99Zx2A
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:D74B6CF5
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 1057 bytes -> C:\Users\RaeJae\AppData\Local\mhpZyXByCHO9WP:Fu8w9uaQQLrCJXEJHIpdfbnC
@Alternate Data Stream - 1033 bytes -> C:\Users\RaeJae\AppData\Local\Temp:SVSytjQYCf1FZESAvcJs0tQMN

:Files
C:\Program Files\AskBarDis

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
I am about to run the OTL Scan again but Avast has recommended that it be opened in a sandbox. Shall I do this?
 
Status
Not open for further replies.

Similar threads

losdavos
Malware removal help, please and thank you!
Replies
1
Views
791
losdavos
losdavos
samanur
MSCD001 Error when loading Windows Help Please
Replies
0
Views
633
samanur
samanur
M
Solved Virus in users folder hiding files
2
Replies
46
Views
9K
Broni
Broni

Latest posts

Back