Possible virus preventing correct internet operation

Solved
By shinychrome0
Oct 31, 2010
Topic Status:
Not open for further replies.
  1. i started trying to diagnose my internet problems here

    http://www.techspot.com/vb/topic155505.html

    and they think i have a virus causing issues on my system. I run AVG antivirus and it has not detected anything. So i also ran scans with Avast, Avira, and Kaspersky, and Kaspersy was the only one to detect anything. Here is the log from its scan.

    Detected (2)
    10/29/2010 8:50:52 PM Detected legal software that can be used by criminals for damaging your computer or personal data PDM.Invader (loader) C:\PROGRAM FILES (X86)\PRESONUS\STUDIO ONE\STUDIO ONE.EXE Low
    10/30/2010 12:33:32 AM Detected legal software that can be used by criminals for damaging your computer or personal data PDM.Invader (loader)

    C:\USERS\BRIAN CARRIGG\APPDATA\LOCAL\TEMP\IS-VIU15.TMP\SETUP_BUGBOPPER.TMP Low
    Not found (1)
    10/29/2010 9:23:46 PM Not found Trojan program Trojan-Dropper.Win32.VB.aopu C:\Documents and Settings\Brian Carrigg\Documents\Downloads\Programs\audio-converter-pack.exe//data0038 High



    I'm not really sure why it picked up studio one as a virus.

    MBAM did not detect anything.

    And scratch that...AVG just found this but access was denied to remove it.

    "";"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\AVP";"Found Adware.Generic";"Potentially dangerous object"

    GMER log:

    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-10-31 15:11:16
    Windows 6.1.7600
    Running: pibmduhj.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000250
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000250@0017d54ae696 0xAE 0x95 0xA2 0xC9 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000250@002608d75365 0x66 0xEE 0x7F 0x50 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000250 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000250@0017d54ae696 0xAE 0x95 0xA2 0xC9 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000250@002608d75365 0x66 0xEE 0x7F 0x50 ...

    ---- EOF - GMER 1.0.15 ----




    DDS log



    DDS (Ver_10-10-31.01) - NTFS_AMD64
    Run by Brian Carrigg at 15:12:42.20 on Sun 10/31/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.7935.5109 [GMT -4:00]


    ============== Running Processes ===============

    C:\PROGRA~2\AVG\AVG10\avgchsva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\lxdxcoms.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
    C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe
    C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\Common Files\Nuance\NaturallySpeaking10\dgnuiasvr.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
    C:\Program Files (x86)\Common Files\Nuance\NaturallySpeaking10\dgnuiasvr_x64.exe
    C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtblfs.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\PROGRA~2\AVG\AVG10\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Brian Carrigg\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Bar = Preserve
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    uRun: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
    uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [BSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking10\Ereg.ini
    mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
    mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
    mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
    mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
    mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\BRIANC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DRAGON~1.LNK - C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe
    StartupFolder: C:\Users\BRIANC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    LSP: C:\Windows\system32\idmmbc.dll
    Trusted Zone: ccuniversity.edu\www.my
    Trusted Zone: line6.net
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll
    BHO-X64: IEVkbdBHO - No File
    BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll
    BHO-X64: link filter bho - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [lxdxmon.exe] "C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe"
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\BRIANC~1\AppData\Roaming\Mozilla\Firefox\Profiles\cawgg8ez.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?
    FF - prefs.js: network.proxy.type - 4
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
    FF - component: C:\Users\Brian Carrigg\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\Brian Carrigg\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
    R0 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2009-7-28 20392]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-9-7 381008]
    R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736]
    R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/13 00:16:59];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-3-13 146928]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/07/22 22:35:04];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2010-1-12 146928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-3 203264]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-10-11 6104656]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-9-10 265400]
    R2 lxdx_device;lxdx_device;C:\Windows\system32\lxdxcoms.exe -service --> C:\Windows\system32\lxdxcoms.exe -service [?]
    R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2010-8-12 14112]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-8-4 7451648]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-8-4 268288]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
    R3 cxpl_mhd;CX23885/7 PCI-E AvStream Video Capture (PalomarMHD);C:\Windows\System32\drivers\y_cx88x.sys [2009-6-22 714752]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
    R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\System32\drivers\RTL85n64.sys [2010-3-23 2061856]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
    S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-7-1 352976]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-3 136176]
    S3 L6PODLV;PODxt Live Service;C:\Windows\System32\drivers\L6PODLV64.sys [2010-9-7 770816]
    S3 L6PODX3;L6 POD X3 Service;C:\Windows\System32\drivers\L6PODX364.sys [2010-3-9 894336]
    S3 MADFUFTU8R;Service for M-Audio FastTrackUltra8R DFU;C:\Windows\System32\drivers\MAudioFastTrackUltra8R_DFU.sys [2009-10-6 45832]
    S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;C:\Windows\System32\drivers\MAudioFastTrack.sys [2009-10-2 187912]
    S3 MAUSBFASTTRACKULTRA8R;Service for M-Audio Fast Track Ultra 8R;C:\Windows\System32\drivers\MAudioFastTrackUltra8R.sys [2009-10-6 195592]
    S3 netr7364;Netopia RT73 Wireless Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-6 1255736]

    =============== Created Last 30 ================

    2010-10-31 18:16:27 -------- d-----w- C:\Users\BRIANC~1\AppData\Roaming\Malwarebytes
    2010-10-31 18:16:18 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-10-31 18:16:17 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-10-31 18:16:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-10-31 18:16:17 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-10-30 16:15:54 150200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
    2010-10-29 21:15:53 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
    2010-10-29 21:15:53 -------- d-----w- C:\PROGRA~3\Kaspersky Lab
    2010-10-29 21:14:50 -------- d-----w- C:\PROGRA~3\Alwil Software
    2010-10-29 21:13:06 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files
    2010-10-26 19:34:45 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2010-10-26 19:34:45 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2010-10-26 19:34:45 552960 ----a-w- C:\Windows\System32\msdri.dll
    2010-10-26 19:34:45 288256 ----a-w- C:\Windows\System32\MSNP.ax
    2010-10-26 19:34:45 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
    2010-10-26 19:34:45 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
    2010-10-26 19:34:45 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2010-10-26 19:34:40 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2010-10-26 02:22:15 -------- d-----w- C:\Users\BRIANC~1\AppData\Roaming\OpenDNS Updater
    2010-10-25 01:32:30 -------- d-----w- C:\Program Files (x86)\Auto Clicker
    2010-10-25 01:26:57 -------- d-----w- C:\Users\BRIANC~1\AppData\Roaming\GetRightToGo
    2010-10-25 00:04:57 679936 ----a-w- C:\Windows\SysWow64\D3DX81ab.dll
    2010-10-25 00:04:57 1970176 ----a-w- C:\Windows\SysWow64\d3dx9.dll
    2010-10-25 00:04:57 -------- d-----w- C:\Program Files (x86)\Cheat Engine
    2010-10-22 09:00:31 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{2BE0D37A-5F07-4ADF-802B-5778F4AE2DCF}\mpengine.dll
    2010-10-15 20:07:55 -------- d-----w- C:\Users\BRIANC~1\AppData\Roaming\ChaosPro 4.0
    2010-10-14 17:10:13 148992 ----a-w- C:\Windows\System32\t2embed.dll
    2010-10-14 17:09:43 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
    2010-10-14 17:09:43 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    2010-10-14 17:09:42 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-10-14 17:09:42 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-10-14 17:09:40 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-10-14 17:09:40 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-10-14 17:09:40 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-10-14 17:09:40 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-10-14 17:09:40 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2010-10-14 17:09:38 3123712 ----a-w- C:\Windows\System32\win32k.sys
    2010-10-14 16:57:24 -------- d-----w- C:\PROGRA~3\Comodo
    2010-10-14 16:39:26 -------- d-----w- C:\PROGRA~3\BugBopper
    2010-10-14 04:41:09 -------- d-----w- C:\audio-power-settings
    2010-10-13 12:42:57 -------- d-----w- C:\Program Files\PreSonus
    2010-10-13 02:35:21 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
    2010-10-13 01:24:00 -------- d-----w- C:\Users\BRIANC~1\AppData\Roaming\MakeMusic
    2010-10-13 01:22:54 -------- d-----w- C:\Program Files (x86)\Finale NotePad 2011
    2010-10-13 01:22:54 -------- d-----w- C:\PROGRA~3\MakeMusic
    2010-10-13 00:53:42 -------- d-----w- C:\Users\BRIANC~1\AppData\Roaming\AVG10
    2010-10-13 00:49:49 -------- d--h--w- C:\PROGRA~3\Common Files
    2010-10-13 00:48:42 -------- d-----w- C:\Windows\System32\drivers\AVG
    2010-10-13 00:48:42 -------- d-----w- C:\PROGRA~3\AVG10
    2010-10-13 00:38:27 -------- d-----w- C:\PROGRA~3\MFAData
    2010-10-13 00:35:53 -------- d-----w- C:\Program Files\iPod
    2010-10-13 00:35:52 -------- d-----w- C:\Program Files\iTunes
    2010-10-13 00:35:52 -------- d-----w- C:\Program Files (x86)\iTunes
    2010-10-13 00:33:49 -------- d-----w- C:\Program Files\Bonjour
    2010-10-13 00:33:49 -------- d-----w- C:\Program Files (x86)\Bonjour

    ==================== Find3M ====================

    2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-10-13 18:58:06 1139200 ----a-w- C:\Windows\bsdsetup.dll
    2010-09-29 18:31:28 210272 ----a-w- C:\Windows\SysWow64\idmmbc.dll
    2010-09-13 20:28:00 27216 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys
    2010-09-13 02:38:03 737280 ----a-w- C:\Windows\iun6002.exe
    2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2010-09-08 15:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-09-08 15:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-09-07 22:45:04 770816 ----a-w- C:\Windows\System32\drivers\L6PODLV64.sys
    2010-09-07 22:45:02 218112 ----a-w- C:\Windows\System32\l6podlv_x64.dll
    2010-09-07 22:45:02 180224 ----a-w- C:\Windows\SysWow64\l6podlv.dll
    2010-09-07 07:48:58 381008 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2010-09-07 07:48:56 41040 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2010-09-07 07:48:52 305232 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
    2010-09-07 07:48:50 30288 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
    2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
    2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
    2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
    2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
    2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
    2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
    2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
    2010-08-20 01:42:38 35920 ----a-w- C:\Windows\System32\drivers\AVGIDSFilter.sys
    2010-08-20 01:42:38 157264 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
    2010-08-13 04:15:23 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2010-08-13 04:15:23 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
    2010-08-13 03:17:16 2828 --sha-w- C:\PROGRA~3\KGyGaAvL.sys
    2010-08-13 03:17:00 88 --sh--r- C:\PROGRA~3\CA9AFEA1AF.sys
    2010-08-11 15:17:57 368640 ----a-w- C:\Windows\SysWow64\ReWire.dll
    2010-08-11 15:17:57 233472 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
    2010-08-04 06:22:38 7451648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2010-08-04 06:07:14 20817408 ----a-w- C:\Windows\System32\atio6axx.dll
    2010-08-04 05:55:02 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
    2010-08-04 05:54:52 519680 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2010-08-04 05:54:02 598528 ----a-w- C:\Windows\System32\aticfx64.dll
    2010-08-04 05:52:06 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2010-08-04 05:51:56 461824 ----a-w- C:\Windows\System32\atieclxx.exe
    2010-08-04 05:51:22 203264 ----a-w- C:\Windows\System32\atiesrxx.exe
    2010-08-04 05:50:16 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2010-08-04 05:49:58 421376 ----a-w- C:\Windows\System32\atipdl64.dll
    2010-08-04 05:49:52 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2010-08-04 05:49:50 15845888 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2010-08-04 05:49:42 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2010-08-04 05:49:38 12288 ----a-w- C:\Windows\System32\atimuixx.dll
    2010-08-04 05:49:34 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2010-08-04 05:49:28 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2010-08-04 05:46:34 3899392 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2010-08-04 05:37:48 4554240 ----a-w- C:\Windows\System32\atidxx64.dll
    2010-08-04 05:28:32 3077120 ----a-w- C:\Windows\System32\atiumd6a.dll
    2010-08-04 05:28:28 4021760 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2010-08-04 05:26:04 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2010-08-04 05:26:02 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2010-08-04 05:25:56 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2010-08-04 05:25:52 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2010-08-04 05:25:44 5394432 ----a-w- C:\Windows\System32\aticaldd64.dll
    2010-08-04 05:24:36 4341248 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2010-08-04 05:23:46 56832 ----a-w- C:\Windows\System32\coinst.dll
    2010-08-04 05:22:36 5167104 ----a-w- C:\Windows\System32\atiumd64.dll
    2010-08-04 05:21:40 3324416 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2010-08-04 05:16:16 337920 ----a-w- C:\Windows\System32\atiadlxx.dll
    2010-08-04 05:16:08 241664 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2010-08-04 05:16:00 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
    2010-08-04 05:15:56 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2010-08-04 05:15:56 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
    2010-08-04 05:15:54 18432 ----a-w- C:\Windows\System32\atig6txx.dll
    2010-08-04 05:15:50 16896 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2010-08-04 05:15:46 268288 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2010-08-04 05:15:10 39424 ----a-w- C:\Windows\System32\atiuxp64.dll
    2010-08-04 05:15:04 30208 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2010-08-04 05:14:58 36864 ----a-w- C:\Windows\System32\atiu9p64.dll
    2010-08-04 05:14:50 27648 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2010-08-04 05:14:14 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2010-08-04 05:09:30 54784 ----a-w- C:\Windows\System32\atimpc64.dll
    2010-08-04 05:09:30 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
    2010-08-04 05:09:24 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2010-08-04 05:09:24 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2010-08-04 05:04:04 1071104 ----a-w- C:\Windows\System32\L6DriverControlPanel.cpl

    ============= FINISH: 15:13:12.64 ===============
  2. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    For starters, you're running two AV programs, AVG and Kaspersky.
    One of them has to go.
    If AVG (preferably), make sure to use AVG Remover: http://www.avg.com/us-en/download-tools

    Report on progress.
    Also, check, if same issue exist in Safe Mode with Networking (after uninstalling one of your AV programs).
  3. shinychrome0

    shinychrome0 Newcomer, in training Topic Starter Posts: 21

    I uninstalled Kaspersky since it was only a trial and i can't afford to buy it. I only had several in order to do a scan with each and see if they would find anything different.

    And there is no change when I try to access the site in safe mode with networking.
  4. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  5. shinychrome0

    shinychrome0 Newcomer, in training Topic Starter Posts: 21

    I tried running it several times, but each time it froze when it got to "scanning firefox settings."
  6. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Disable AVG and try again.
    If still no go, try safe mode.
  7. shinychrome0

    shinychrome0 Newcomer, in training Topic Starter Posts: 21

    OTL logfile created on: 11/2/2010 8:07:24 PM - Run 1
    OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Brian Carrigg\Desktop
    64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 78.00% Memory free
    15.00 Gb Paging File | 14.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 916.86 Gb Total Space | 786.07 Gb Free Space | 85.74% Space Free | Partition Type: NTFS
    Drive L: | 1.86 Gb Total Space | 1.75 Gb Free Space | 93.60% Space Free | Partition Type: FAT

    Computer Name: BRIANCARRIGG-PC | User Name: Brian Carrigg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/02 19:08:25 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Brian Carrigg\Desktop\OTL.exe
    PRC - [2010/10/29 15:47:10 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2010/10/29 15:47:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    PRC - [2010/10/13 14:57:46 | 001,660,232 | ---- | M] (Bootstrap Software Development) -- C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
    PRC - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2010/10/11 12:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2010/09/29 14:32:24 | 003,245,408 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    PRC - [2010/08/20 15:45:26 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/05/19 18:01:26 | 000,462,848 | ---- | M] (Stardock Corporation) -- C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
    PRC - [2010/05/05 22:31:54 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/02/03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    PRC - [2009/07/20 17:07:10 | 000,124,416 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
    PRC - [2009/07/16 20:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    PRC - [2009/03/16 23:06:10 | 000,091,496 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\NaturallySpeaking10\dgnuiasvr.exe
    PRC - [2009/03/16 23:03:08 | 002,835,816 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe
    PRC - [2008/06/13 12:04:01 | 000,668,328 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
    PRC - [2005/02/16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/02 19:08:25 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Brian Carrigg\Desktop\OTL.exe
    MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/08/04 01:51:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2008/02/27 20:53:31 | 001,044,648 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdxcoms.exe -- (lxdx_device)
    SRV - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/02/27 20:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdxcoms.exe -- (lxdx_device)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pfc.sys -- (pfc)
    DRV:64bit: - [2010/09/13 16:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
    DRV:64bit: - [2010/09/07 18:45:04 | 000,770,816 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6PODLV64.sys -- (L6PODLV)
    DRV:64bit: - [2010/09/07 03:48:58 | 000,381,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2010/09/07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2010/09/07 03:48:52 | 000,305,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2010/09/07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2010/08/19 21:42:38 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV:64bit: - [2010/08/19 21:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV:64bit: - [2010/08/04 02:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2010/08/04 02:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/08/04 01:15:46 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/03/23 02:17:06 | 002,061,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
    DRV:64bit: - [2010/03/09 18:40:40 | 000,894,336 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6PODX364.sys -- (L6PODX3)
    DRV:64bit: - [2010/01/28 10:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/12/15 14:41:32 | 000,346,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SRS_SSCFilter_amd64.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
    DRV:64bit: - [2009/10/06 09:29:56 | 000,045,832 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackUltra8R_DFU.sys -- (MADFUFTU8R)
    DRV:64bit: - [2009/10/06 09:29:52 | 000,195,592 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackUltra8R.sys -- (MAUSBFASTTRACKULTRA8R)
    DRV:64bit: - [2009/10/02 12:53:48 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
    DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/07/28 01:59:32 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
    DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/22 14:08:30 | 000,714,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\y_cx88x.sys -- (cxpl_mhd) CX23885/7 PCI-E AvStream Video Capture (PalomarMHD)
    DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 16:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/03/19 16:34:18 | 000,029,544 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2007/04/17 11:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
    DRV - [2010/03/13 12:58:52 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/08/13 00:16:59] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
    DRV - [2010/01/12 23:08:30 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/07/22 22:35:04] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
    DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 BD B9 85 F2 72 CB 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php?"
    FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.1.6
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
    FF - prefs.js..network.proxy.autoconfig_url: "http://cincybible.priv/"
    FF - prefs.js..network.proxy.type: 4

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/11/02 19:55:11 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/29 15:47:11 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/29 15:47:11 | 000,000,000 | ---D | M]

    [2010/11/02 19:35:46 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Mozilla\Extensions
    [2010/11/02 19:35:46 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
    [2010/11/02 20:06:13 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Mozilla\Firefox\Profiles\cawgg8ez.default\extensions
    [2010/10/21 21:28:40 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Brian Carrigg\AppData\Roaming\Mozilla\Firefox\Profiles\cawgg8ez.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2010/08/17 18:42:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Brian Carrigg\AppData\Roaming\Mozilla\Firefox\Profiles\cawgg8ez.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/10/31 16:17:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/04/29 19:14:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/16 08:24:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [lxdxmon.exe] C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe ()
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe (Bootstrap Software Development)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
    O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
    O4 - HKCU..\Run: [SRS Audio Sandbox] C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe (SRS Labs, Inc.)
    O4 - Startup: C:\Users\Brian Carrigg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk = C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe (Nuance Communications, Inc.)
    O4 - Startup: C:\Users\Brian Carrigg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
    O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
    O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
    O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\idmmbc.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\idmmbc.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\idmmbc.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\idmmbc.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\idmmbc.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\idmmbc.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\idmmbc.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\idmmbc.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\idmmbc.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\idmmbc.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysNative\idmmbc.dll File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: ccuniversity.edu ([www.my] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
    O16 - DPF: {3B89785B-4E94-400A-8705-5841B14063A7} http://www.arcsoft.com/data/SimHDAss.CAB (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.20.125 10.10.20.6
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/02 20:03:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
    [2010/11/02 19:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
    [2010/11/02 19:55:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
    [2010/11/02 19:35:45 | 000,000,000 | ---D | C] -- C:\Users\Brian Carrigg\AppData\Roaming\Flickr
    [2010/11/02 19:35:45 | 000,000,000 | ---D | C] -- C:\Users\Brian Carrigg\AppData\Local\Flickr
    [2010/11/02 19:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flickr Uploadr
    [2010/11/02 19:08:24 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Brian Carrigg\Desktop\OTL.exe
    [2010/10/31 14:16:27 | 000,000,000 | ---D | C] -- C:\Users\Brian Carrigg\AppData\Roaming\Malwarebytes
    [2010/10/31 14:16:17 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/10/31 14:16:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/10/31 14:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/10/29 17:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2010/10/29 17:14:50 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/10/25 22:22:15 | 000,000,000 | ---D | C] -- C:\Users\Brian Carrigg\AppData\Roaming\OpenDNS Updater
    [2010/10/24 21:40:26 | 000,061,440 | ---- | C] (Gary's Hood) -- C:\Users\Brian Carrigg\Desktop\rsclient.exe
    [2010/10/24 21:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auto Clicker
    [2010/10/24 21:26:57 | 000,000,000 | ---D | C] -- C:\Users\Brian Carrigg\AppData\Roaming\GetRightToGo
    [2010/10/24 20:04:57 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\Windows\SysWow64\D3DX81ab.dll
    [2010/10/24 20:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine
    [2010/10/24 16:56:21 | 000,000,000 | ---D | C] -- C:\Users\Brian Carrigg\Documents\ExpressPCB
    [2010/10/15 16:07:55 | 000,000,000 | ---D | C] -- C:\Users\Brian Carrigg\AppData\Roaming\ChaosPro 4.0
    [2010/10/14 12:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
    [2010/10/14 12:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\BugBopper
    [2010/10/14 00:41:09 | 000,000,000 | ---D | C] -- C:\audio-power-settings
    [2010/10/13 08:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\PreSonus
    [2010/10/12 23:02:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2010/10/12 23:00:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2010/10/12 22:35:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
    [2010/10/12 21:24:00 | 000,000,000 | ---D | C] -- C:\Users\Brian Carrigg\AppData\Roaming\MakeMusic
    [2010/10/12 21:24:00 | 000,000,000 | ---D | C] -- C:\Users\Brian Carrigg\Documents\Finale Files
    [2010/10/12 21:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MakeMusic
    [2010/10/12 21:22:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Finale NotePad 2011
    [2010/10/12 20:53:42 | 000,000,000 | ---D | C] -- C:\Users\Brian Carrigg\AppData\Roaming\AVG10
    [2010/10/12 20:49:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2010/10/12 20:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2010/10/12 20:35:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/10/12 20:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/10/12 20:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2010/10/12 20:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2010/10/12 20:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/10/12 20:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2010/10/12 20:27:56 | 000,000,000 | ---D | C] -- C:\Users\Brian Carrigg\Documents\Irela
    [2010/04/05 09:06:29 | 001,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxserv.dll
    [2010/04/05 09:06:29 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomc.dll
    [2010/04/05 09:06:29 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxusb1.dll
    [2010/04/05 09:06:29 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxhbn3.dll
    [2010/04/05 09:06:29 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxpmui.dll
    [2010/04/05 09:06:29 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxlmpm.dll
    [2010/04/05 09:06:29 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomm.dll
    [2010/04/05 09:06:29 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxinpa.dll
    [2010/04/05 09:06:29 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxiesc.dll
    [2010/04/05 09:06:29 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxprox.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/11/02 20:06:45 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/02 20:06:45 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/02 20:04:56 | 098,265,965 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2010/11/02 20:04:46 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/11/02 20:04:46 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/11/02 20:04:46 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/11/02 20:03:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
    [2010/11/02 20:03:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
    [2010/11/02 19:59:44 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/02 19:59:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/02 19:59:34 | 1945,509,887 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/02 19:44:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/02 19:08:25 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Brian Carrigg\Desktop\OTL.exe
    [2010/11/02 07:56:22 | 000,000,000 | ---- | M] () -- C:\Users\Brian Carrigg\AppData\Local\prvlcl.dat
    [2010/10/31 03:00:14 | 000,000,542 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job
    [2010/10/30 14:54:17 | 000,096,385 | ---- | M] () -- C:\Users\Brian Carrigg\Desktop\Pushups.xlsx
    [2010/10/29 17:15:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2010/10/29 01:02:30 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Data Collection.job
    [2010/10/27 17:38:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\tracert
    [2010/10/27 12:39:44 | 000,438,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/10/25 02:00:09 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job
    [2010/10/24 21:40:27 | 000,061,440 | ---- | M] (Gary's Hood) -- C:\Users\Brian Carrigg\Desktop\rsclient.exe
    [2010/10/24 19:00:17 | 000,003,752 | ---- | M] () -- C:\Users\Brian Carrigg\Documents\close shave.pcb
    [2010/10/24 17:06:47 | 000,123,182 | ---- | M] () -- C:\Users\Brian Carrigg\Documents\close shave.bmp
    [2010/10/22 16:44:21 | 000,002,133 | ---- | M] () -- C:\Users\Brian Carrigg\.recently-used.xbel
    [2010/10/16 17:27:57 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2010/10/15 12:43:39 | 000,007,605 | ---- | M] () -- C:\Users\Brian Carrigg\AppData\Local\Resmon.ResmonCfg
    [2010/10/14 00:40:53 | 000,003,735 | ---- | M] () -- C:\audio-power-settings.zip
    [2010/10/13 14:58:06 | 001,139,200 | ---- | M] (Bootstrap Development, LLC.) -- C:\Windows\bsdsetup.dll
    [2010/10/12 21:51:24 | 000,001,915 | ---- | M] () -- C:\Users\Brian Carrigg\AppData\Roaming\SAS7_000.DAT
    [2010/10/12 21:23:11 | 000,001,140 | ---- | M] () -- C:\Users\Brian Carrigg\Application Data\Microsoft\Internet Explorer\Quick Launch\Finale NotePad 2011.lnk

    ========== Files Created - No Company Name ==========

    [2010/11/02 20:04:56 | 098,265,965 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2010/11/02 20:03:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
    [2010/11/02 20:03:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
    [2010/10/29 17:15:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2010/10/27 17:38:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\tracert
    [2010/10/24 20:04:57 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
    [2010/10/24 17:14:13 | 000,003,752 | ---- | C] () -- C:\Users\Brian Carrigg\Documents\close shave.pcb
    [2010/10/24 17:06:47 | 000,123,182 | ---- | C] () -- C:\Users\Brian Carrigg\Documents\close shave.bmp
    [2010/10/22 16:44:21 | 000,002,133 | ---- | C] () -- C:\Users\Brian Carrigg\.recently-used.xbel
    [2010/10/14 13:02:30 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2010/10/14 00:40:53 | 000,003,735 | ---- | C] () -- C:\audio-power-settings.zip
    [2010/10/12 21:23:11 | 000,001,140 | ---- | C] () -- C:\Users\Brian Carrigg\Application Data\Microsoft\Internet Explorer\Quick Launch\Finale NotePad 2011.lnk
    [2010/08/20 17:20:28 | 000,000,000 | ---- | C] () -- C:\Users\Brian Carrigg\AppData\Local\prvlcl.dat
    [2010/08/13 00:18:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\CLDShowX.ini
    [2010/08/12 22:33:11 | 000,000,088 | RHS- | C] () -- C:\ProgramData\CA9AFEA1AF.sys
    [2010/08/12 22:33:10 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2010/05/18 20:28:24 | 000,002,022 | ---- | C] () -- C:\Windows\tabled32.ini
    [2010/05/17 09:35:19 | 000,210,032 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL
    [2010/05/11 23:40:20 | 000,003,781 | ---- | C] () -- C:\Windows\scad3.INI
    [2010/05/06 22:18:58 | 000,007,605 | ---- | C] () -- C:\Users\Brian Carrigg\AppData\Local\Resmon.ResmonCfg
    [2010/04/28 16:05:23 | 000,003,584 | ---- | C] () -- C:\Users\Brian Carrigg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/04/26 12:36:18 | 000,000,032 | ---- | C] () -- C:\Windows\GearBox.ini
    [2010/04/20 10:40:04 | 000,001,915 | ---- | C] () -- C:\Users\Brian Carrigg\AppData\Roaming\SAS7_000.DAT
    [2010/04/05 09:06:38 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
    [2010/04/05 09:06:29 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDXinst.dll
    [2010/04/05 09:06:29 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdxcomx.dll
    [2010/04/05 08:57:45 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdxdrs.dll
    [2010/04/05 08:57:45 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdxcaps.dll
    [2010/04/05 08:57:45 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdxcnv4.dll
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/13 09:12:56 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
    [2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
    [2006/03/28 13:40:12 | 000,115,712 | ---- | C] () -- C:\Windows\SysWow64\libsndfile.dll
    [2006/01/01 06:00:26 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\vorbisfile.dll
    [2005/12/31 10:19:08 | 001,097,728 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
    [2005/12/31 10:13:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll

    ========== LOP Check ==========

    [2010/10/28 23:07:29 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Audacity
    [2010/10/12 20:53:42 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\AVG10
    [2010/04/05 17:09:06 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\BSD
    [2010/08/12 21:50:18 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\BSplayer
    [2010/08/12 21:39:06 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\BSplayer Pro
    [2010/10/15 18:52:14 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\ChaosPro 4.0
    [2010/04/05 10:29:01 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\DeviceDoctorSoftware
    [2010/10/27 12:43:19 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\DMCache
    [2010/05/23 22:26:10 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Facebook
    [2010/11/02 19:35:45 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Flickr
    [2010/07/19 20:56:14 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\FontCreator
    [2010/04/25 03:07:18 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\FreeFLVConverter
    [2010/10/24 21:28:31 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\GetRightToGo
    [2010/10/22 16:38:38 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\gtk-2.0
    [2010/10/27 12:43:09 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\IDM
    [2010/10/13 09:19:55 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Line 6
    [2010/10/12 21:24:00 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\MakeMusic
    [2010/08/13 23:08:11 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\NCH Swift Sound
    [2010/04/15 14:29:22 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Nuance
    [2010/10/25 22:22:15 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\OpenDNS Updater
    [2010/05/18 20:47:41 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\PDF Writer
    [2010/06/01 18:12:56 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\PGP
    [2010/10/16 16:09:16 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\PreSonus
    [2010/08/11 11:18:13 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Propellerhead Software
    [2010/05/02 03:57:41 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Publish Providers
    [2010/05/17 09:35:03 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Softouch
    [2010/05/02 03:57:35 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Sony
    [2010/05/15 00:03:31 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Stardock
    [2010/08/29 18:40:38 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Waves Audio
    [2010/08/29 18:38:55 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Waves Preferences
    [2010/04/05 10:31:12 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\WinBatch
    [2010/10/25 02:00:09 | 000,000,518 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
    [2010/10/29 01:02:30 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Data Collection.job
    [2010/10/31 03:00:14 | 000,000,542 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job
    [2010/08/05 14:23:47 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/10/14 00:40:53 | 000,003,735 | ---- | M] () -- C:\audio-power-settings.zip
    [2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/04/05 12:29:03 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2010/11/02 19:59:34 | 1945,509,887 | -HS- | M] () -- C:\hiberfil.sys
    [2005/09/23 03:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2010/11/02 19:59:34 | 4025,671,679 | -HS- | M] () -- C:\pagefile.sys
    [2010/03/20 21:15:54 | 000,002,531 | ---- | M] () -- C:\RHDSetup.log
    [2010/08/12 22:30:31 | 000,489,314 | ---- | M] () -- C:\vcredist_x86.log

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/04/05 08:51:40 | 000,000,221 | -HS- | M] () -- C:\Users\Brian Carrigg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
  8. shinychrome0

    shinychrome0 Newcomer, in training Topic Starter Posts: 21

    OTL logfile created on: 11/2/2010 8:07:24 PM - Run 1
    OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Brian Carrigg\Desktop
    64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 78.00% Memory free
    15.00 Gb Paging File | 14.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 916.86 Gb Total Space | 786.07 Gb Free Space | 85.74% Space Free | Partition Type: NTFS
    Drive L: | 1.86 Gb Total Space | 1.75 Gb Free Space | 93.60% Space Free | Partition Type: FAT

    Computer Name: BRIANCARRIGG-PC | User Name: Brian Carrigg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/02 19:08:25 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Brian Carrigg\Desktop\OTL.exe
    PRC - [2010/10/29 15:47:10 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2010/10/29 15:47:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    PRC - [2010/10/13 14:57:46 | 001,660,232 | ---- | M] (Bootstrap Software Development) -- C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
    PRC - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2010/10/11 12:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2010/09/29 14:32:24 | 003,245,408 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    PRC - [2010/08/20 15:45:26 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/05/19 18:01:26 | 000,462,848 | ---- | M] (Stardock Corporation) -- C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
    PRC - [2010/05/05 22:31:54 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/02/03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    PRC - [2009/07/20 17:07:10 | 000,124,416 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
    PRC - [2009/07/16 20:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    PRC - [2009/03/16 23:06:10 | 000,091,496 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\NaturallySpeaking10\dgnuiasvr.exe
    PRC - [2009/03/16 23:03:08 | 002,835,816 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe
    PRC - [2008/06/13 12:04:01 | 000,668,328 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
    PRC - [2005/02/16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/02 19:08:25 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Brian Carrigg\Desktop\OTL.exe
    MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/08/04 01:51:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2008/02/27 20:53:31 | 001,044,648 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdxcoms.exe -- (lxdx_device)
    SRV - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/02/27 20:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdxcoms.exe -- (lxdx_device)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pfc.sys -- (pfc)
    DRV:64bit: - [2010/09/13 16:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
    DRV:64bit: - [2010/09/07 18:45:04 | 000,770,816 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6PODLV64.sys -- (L6PODLV)
    DRV:64bit: - [2010/09/07 03:48:58 | 000,381,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2010/09/07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2010/09/07 03:48:52 | 000,305,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2010/09/07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2010/08/19 21:42:38 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV:64bit: - [2010/08/19 21:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV:64bit: - [2010/08/04 02:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2010/08/04 02:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/08/04 01:15:46 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/03/23 02:17:06 | 002,061,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
    DRV:64bit: - [2010/03/09 18:40:40 | 000,894,336 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6PODX364.sys -- (L6PODX3)
    DRV:64bit: - [2010/01/28 10:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/12/15 14:41:32 | 000,346,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SRS_SSCFilter_amd64.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
    DRV:64bit: - [2009/10/06 09:29:56 | 000,045,832 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackUltra8R_DFU.sys -- (MADFUFTU8R)
    DRV:64bit: - [2009/10/06 09:29:52 | 000,195,592 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackUltra8R.sys -- (MAUSBFASTTRACKULTRA8R)
    DRV:64bit: - [2009/10/02 12:53:48 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
    DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/07/28 01:59:32 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
    DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/22 14:08:30 | 000,714,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\y_cx88x.sys -- (cxpl_mhd) CX23885/7 PCI-E AvStream Video Capture (PalomarMHD)
    DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 16:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/03/19 16:34:18 | 000,029,544 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2007/04/17 11:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
    DRV - [2010/03/13 12:58:52 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/08/13 00:16:59] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
    DRV - [2010/01/12 23:08:30 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/07/22 22:35:04] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
    DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 BD B9 85 F2 72 CB 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php?"
    FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.1.6
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
    FF - prefs.js..network.proxy.autoconfig_url: "http://cincybible.priv/"
    FF - prefs.js..network.proxy.type: 4

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/11/02 19:55:11 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/29 15:47:11 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/29 15:47:11 | 000,000,000 | ---D | M]

    [2010/11/02 19:35:46 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Mozilla\Extensions
    [2010/11/02 19:35:46 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
    [2010/11/02 20:06:13 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Mozilla\Firefox\Profiles\cawgg8ez.default\extensions
    [2010/10/21 21:28:40 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Brian Carrigg\AppData\Roaming\Mozilla\Firefox\Profiles\cawgg8ez.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2010/08/17 18:42:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Brian Carrigg\AppData\Roaming\Mozilla\Firefox\Profiles\cawgg8ez.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/10/31 16:17:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/04/29 19:14:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/16 08:24:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [lxdxmon.exe] C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe ()
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe (Bootstrap Software Development)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
    O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
    O4 - HKCU..\Run: [SRS Audio Sandbox] C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe (SRS Labs, Inc.)
    O4 - Startup: C:\Users\Brian Carrigg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk = C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe (Nuance Communications, Inc.)
    O4 - Startup: C:\Users\Brian Carrigg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
    O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
    O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
    O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\idmmbc.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\idmmbc.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\idmmbc.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\idmmbc.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\idmmbc.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\idmmbc.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\idmmbc.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\idmmbc.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\idmmbc.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\idmmbc.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysNative\idmmbc.dll File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: ccuniversity.edu ([www.my] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
    O16 - DPF: {3B89785B-4E94-400A-8705-5841B14063A7} http://www.arcsoft.com/data/SimHDAss.CAB (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.20.125 10.10.20.6
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/02 20:03:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
    [2010/11/02 19:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
    [2010/11/02 19:55:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
    [2010/11/02 19:35:45 | 000,000,000 | ---D | C] -- C:\Users\Brian Carrigg\AppData\Roaming\Flickr
    [2010/11/02 19:35:45 | 000,000,000 | ---D | C] -- C:\Users\Brian Carrigg\AppData\Local\Flickr
    [2010/11/02 19:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flickr Uploadr
    [2010/11/02 19:08:24 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Brian Carrigg\Desktop\OTL.exe
    [2010/10/31 14:16:27 | 000,000,000 | ---D | C] -- C:\Users\Brian Carrigg\AppData\Roaming\Malwarebytes
    [2010/10/31 14:16:17 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/10/31 14:16:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/10/31 14:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/10/29 17:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2010/10/29 17:14:50 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/10/25 22:22:15 | 000,000,000 | ---D | C] -- C:\Users\Brian Carrigg\AppData\Roaming\OpenDNS Updater
    [2010/10/24 21:40:26 | 000,061,440 | ---- | C] (Gary's Hood) -- C:\Users\Brian Carrigg\Desktop\rsclient.exe
    [2010/10/24 21:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auto Clicker
    [2010/10/24 21:26:57 | 000,000,000 | ---D | C] -- C:\Users\Brian Carrigg\AppData\Roaming\GetRightToGo
    [2010/10/24 20:04:57 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\Windows\SysWow64\D3DX81ab.dll
    [2010/10/24 20:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine
    [2010/10/24 16:56:21 | 000,000,000 | ---D | C] -- C:\Users\Brian Carrigg\Documents\ExpressPCB
    [2010/10/15 16:07:55 | 000,000,000 | ---D | C] -- C:\Users\Brian Carrigg\AppData\Roaming\ChaosPro 4.0
    [2010/10/14 12:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
    [2010/10/14 12:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\BugBopper
    [2010/10/14 00:41:09 | 000,000,000 | ---D | C] -- C:\audio-power-settings
    [2010/10/13 08:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\PreSonus
    [2010/10/12 23:02:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2010/10/12 23:00:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2010/10/12 22:35:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
    [2010/10/12 21:24:00 | 000,000,000 | ---D | C] -- C:\Users\Brian Carrigg\AppData\Roaming\MakeMusic
    [2010/10/12 21:24:00 | 000,000,000 | ---D | C] -- C:\Users\Brian Carrigg\Documents\Finale Files
    [2010/10/12 21:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MakeMusic
    [2010/10/12 21:22:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Finale NotePad 2011
    [2010/10/12 20:53:42 | 000,000,000 | ---D | C] -- C:\Users\Brian Carrigg\AppData\Roaming\AVG10
    [2010/10/12 20:49:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2010/10/12 20:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2010/10/12 20:35:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/10/12 20:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/10/12 20:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2010/10/12 20:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2010/10/12 20:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/10/12 20:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2010/10/12 20:27:56 | 000,000,000 | ---D | C] -- C:\Users\Brian Carrigg\Documents\Irela
    [2010/04/05 09:06:29 | 001,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxserv.dll
    [2010/04/05 09:06:29 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomc.dll
    [2010/04/05 09:06:29 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxusb1.dll
    [2010/04/05 09:06:29 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxhbn3.dll
    [2010/04/05 09:06:29 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxpmui.dll
    [2010/04/05 09:06:29 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxlmpm.dll
    [2010/04/05 09:06:29 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomm.dll
    [2010/04/05 09:06:29 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxinpa.dll
    [2010/04/05 09:06:29 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxiesc.dll
    [2010/04/05 09:06:29 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxprox.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/11/02 20:06:45 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/02 20:06:45 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/02 20:04:56 | 098,265,965 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2010/11/02 20:04:46 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/11/02 20:04:46 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/11/02 20:04:46 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/11/02 20:03:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
    [2010/11/02 20:03:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
    [2010/11/02 19:59:44 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/02 19:59:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/02 19:59:34 | 1945,509,887 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/02 19:44:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/02 19:08:25 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Brian Carrigg\Desktop\OTL.exe
    [2010/11/02 07:56:22 | 000,000,000 | ---- | M] () -- C:\Users\Brian Carrigg\AppData\Local\prvlcl.dat
    [2010/10/31 03:00:14 | 000,000,542 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job
    [2010/10/30 14:54:17 | 000,096,385 | ---- | M] () -- C:\Users\Brian Carrigg\Desktop\Pushups.xlsx
    [2010/10/29 17:15:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2010/10/29 01:02:30 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Data Collection.job
    [2010/10/27 17:38:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\tracert
    [2010/10/27 12:39:44 | 000,438,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/10/25 02:00:09 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job
    [2010/10/24 21:40:27 | 000,061,440 | ---- | M] (Gary's Hood) -- C:\Users\Brian Carrigg\Desktop\rsclient.exe
    [2010/10/24 19:00:17 | 000,003,752 | ---- | M] () -- C:\Users\Brian Carrigg\Documents\close shave.pcb
    [2010/10/24 17:06:47 | 000,123,182 | ---- | M] () -- C:\Users\Brian Carrigg\Documents\close shave.bmp
    [2010/10/22 16:44:21 | 000,002,133 | ---- | M] () -- C:\Users\Brian Carrigg\.recently-used.xbel
    [2010/10/16 17:27:57 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2010/10/15 12:43:39 | 000,007,605 | ---- | M] () -- C:\Users\Brian Carrigg\AppData\Local\Resmon.ResmonCfg
    [2010/10/14 00:40:53 | 000,003,735 | ---- | M] () -- C:\audio-power-settings.zip
    [2010/10/13 14:58:06 | 001,139,200 | ---- | M] (Bootstrap Development, LLC.) -- C:\Windows\bsdsetup.dll
    [2010/10/12 21:51:24 | 000,001,915 | ---- | M] () -- C:\Users\Brian Carrigg\AppData\Roaming\SAS7_000.DAT
    [2010/10/12 21:23:11 | 000,001,140 | ---- | M] () -- C:\Users\Brian Carrigg\Application Data\Microsoft\Internet Explorer\Quick Launch\Finale NotePad 2011.lnk

    ========== Files Created - No Company Name ==========

    [2010/11/02 20:04:56 | 098,265,965 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2010/11/02 20:03:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
    [2010/11/02 20:03:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
    [2010/10/29 17:15:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2010/10/27 17:38:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\tracert
    [2010/10/24 20:04:57 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
    [2010/10/24 17:14:13 | 000,003,752 | ---- | C] () -- C:\Users\Brian Carrigg\Documents\close shave.pcb
    [2010/10/24 17:06:47 | 000,123,182 | ---- | C] () -- C:\Users\Brian Carrigg\Documents\close shave.bmp
    [2010/10/22 16:44:21 | 000,002,133 | ---- | C] () -- C:\Users\Brian Carrigg\.recently-used.xbel
    [2010/10/14 13:02:30 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2010/10/14 00:40:53 | 000,003,735 | ---- | C] () -- C:\audio-power-settings.zip
    [2010/10/12 21:23:11 | 000,001,140 | ---- | C] () -- C:\Users\Brian Carrigg\Application Data\Microsoft\Internet Explorer\Quick Launch\Finale NotePad 2011.lnk
    [2010/08/20 17:20:28 | 000,000,000 | ---- | C] () -- C:\Users\Brian Carrigg\AppData\Local\prvlcl.dat
    [2010/08/13 00:18:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\CLDShowX.ini
    [2010/08/12 22:33:11 | 000,000,088 | RHS- | C] () -- C:\ProgramData\CA9AFEA1AF.sys
    [2010/08/12 22:33:10 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2010/05/18 20:28:24 | 000,002,022 | ---- | C] () -- C:\Windows\tabled32.ini
    [2010/05/17 09:35:19 | 000,210,032 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL
    [2010/05/11 23:40:20 | 000,003,781 | ---- | C] () -- C:\Windows\scad3.INI
    [2010/05/06 22:18:58 | 000,007,605 | ---- | C] () -- C:\Users\Brian Carrigg\AppData\Local\Resmon.ResmonCfg
    [2010/04/28 16:05:23 | 000,003,584 | ---- | C] () -- C:\Users\Brian Carrigg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/04/26 12:36:18 | 000,000,032 | ---- | C] () -- C:\Windows\GearBox.ini
    [2010/04/20 10:40:04 | 000,001,915 | ---- | C] () -- C:\Users\Brian Carrigg\AppData\Roaming\SAS7_000.DAT
    [2010/04/05 09:06:38 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
    [2010/04/05 09:06:29 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDXinst.dll
    [2010/04/05 09:06:29 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdxcomx.dll
    [2010/04/05 08:57:45 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdxdrs.dll
    [2010/04/05 08:57:45 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdxcaps.dll
    [2010/04/05 08:57:45 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdxcnv4.dll
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/13 09:12:56 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
    [2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
    [2006/03/28 13:40:12 | 000,115,712 | ---- | C] () -- C:\Windows\SysWow64\libsndfile.dll
    [2006/01/01 06:00:26 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\vorbisfile.dll
    [2005/12/31 10:19:08 | 001,097,728 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
    [2005/12/31 10:13:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll

    ========== LOP Check ==========

    [2010/10/28 23:07:29 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Audacity
    [2010/10/12 20:53:42 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\AVG10
    [2010/04/05 17:09:06 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\BSD
    [2010/08/12 21:50:18 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\BSplayer
    [2010/08/12 21:39:06 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\BSplayer Pro
    [2010/10/15 18:52:14 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\ChaosPro 4.0
    [2010/04/05 10:29:01 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\DeviceDoctorSoftware
    [2010/10/27 12:43:19 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\DMCache
    [2010/05/23 22:26:10 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Facebook
    [2010/11/02 19:35:45 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Flickr
    [2010/07/19 20:56:14 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\FontCreator
    [2010/04/25 03:07:18 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\FreeFLVConverter
    [2010/10/24 21:28:31 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\GetRightToGo
    [2010/10/22 16:38:38 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\gtk-2.0
    [2010/10/27 12:43:09 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\IDM
    [2010/10/13 09:19:55 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Line 6
    [2010/10/12 21:24:00 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\MakeMusic
    [2010/08/13 23:08:11 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\NCH Swift Sound
    [2010/04/15 14:29:22 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Nuance
    [2010/10/25 22:22:15 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\OpenDNS Updater
    [2010/05/18 20:47:41 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\PDF Writer
    [2010/06/01 18:12:56 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\PGP
    [2010/10/16 16:09:16 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\PreSonus
    [2010/08/11 11:18:13 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Propellerhead Software
    [2010/05/02 03:57:41 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Publish Providers
    [2010/05/17 09:35:03 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Softouch
    [2010/05/02 03:57:35 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Sony
    [2010/05/15 00:03:31 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Stardock
    [2010/08/29 18:40:38 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Waves Audio
    [2010/08/29 18:38:55 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\Waves Preferences
    [2010/04/05 10:31:12 | 000,000,000 | ---D | M] -- C:\Users\Brian Carrigg\AppData\Roaming\WinBatch
    [2010/10/25 02:00:09 | 000,000,518 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
    [2010/10/29 01:02:30 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Data Collection.job
    [2010/10/31 03:00:14 | 000,000,542 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job
    [2010/08/05 14:23:47 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/10/14 00:40:53 | 000,003,735 | ---- | M] () -- C:\audio-power-settings.zip
    [2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/04/05 12:29:03 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2010/11/02 19:59:34 | 1945,509,887 | -HS- | M] () -- C:\hiberfil.sys
    [2005/09/23 03:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2010/11/02 19:59:34 | 4025,671,679 | -HS- | M] () -- C:\pagefile.sys
    [2010/03/20 21:15:54 | 000,002,531 | ---- | M] () -- C:\RHDSetup.log
    [2010/08/12 22:30:31 | 000,489,314 | ---- | M] () -- C:\vcredist_x86.log

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/04/05 08:51:40 | 000,000,221 | -HS- | M] () -- C:\Users\Brian Carrigg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
  9. shinychrome0

    shinychrome0 Newcomer, in training Topic Starter Posts: 21

    Here is the second half of that same log.



    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/02 19:08:25 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Brian Carrigg\Desktop\OTL.exe
    [2010/10/24 21:40:27 | 000,061,440 | ---- | M] (Gary's Hood) -- C:\Users\Brian Carrigg\Desktop\rsclient.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/05/02 01:02:50 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2010/05/02 01:02:50 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2010/05/02 01:02:50 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2010/05/02 01:02:50 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2010/05/02 01:02:50 | 000,786,432 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
    [2010/05/02 01:02:50 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/03 16:00:56 | 000,000,402 | -HS- | M] () -- C:\Users\Brian Carrigg\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/08/12 23:17:00 | 000,000,088 | RHS- | M] () -- C:\ProgramData\CA9AFEA1AF.sys
    [2010/08/13 00:18:04 | 000,000,000 | ---- | M] () -- C:\ProgramData\CLDShowX.ini
    [2010/04/05 09:06:38 | 000,000,252 | ---- | M] () -- C:\ProgramData\FastPics.log
    [2010/08/12 23:17:16 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 2560 bytes -> C:\ProgramData\CLDShowX.ini:Update.CL
    @Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:F35A93AD
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:07BF512B

    < End of report >
  10. shinychrome0

    shinychrome0 Newcomer, in training Topic Starter Posts: 21

    OTL Extras logfile created on: 11/2/2010 8:07:24 PM - Run 1
    OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Brian Carrigg\Desktop
    64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 78.00% Memory free
    15.00 Gb Paging File | 14.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 916.86 Gb Total Space | 786.07 Gb Free Space | 85.74% Space Free | Partition Type: NTFS
    Drive L: | 1.86 Gb Total Space | 1.75 Gb Free Space | 93.60% Space Free | Partition Type: FAT

    Computer Name: BRIANCARRIGG-PC | User Name: Brian Carrigg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
    "{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
    "{23F108F0-BD12-A639-8C6E-BB1F7AF736C1}" = ccc-utility64
    "{319B58E8-4C80-4912-8EA7-24A9658120C6}" = AVG 2011
    "{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
    "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
    "{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{542C6F13-6861-4010-9EBC-6F068D397AD8}" = SRS Audio Sandbox
    "{5BF8A577-B334-49BE-A7B2-349C1F1B0C58}" = AVG 2011
    "{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager
    "{89264031-7A83-4DB5-AECB-22BC115BB886}" = GEAR driver installer for x64 WinXP
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{B80954EE-5CA9-4202-BB8C-0DC3E332F47F}" = Native Instruments Kontakt 3
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{faf25835-fc55-4ddd-b1f5-c39ff62f5166}" = Steven Slate Steven Slate Drums EX
    "7F4303078887B33BF9E472598BB463CBE007C68E" = Windows Driver Package - YUAN TV DRIVER (cxpl_mhd) Media (06/22/2009 6.0.64.0059)
    "AVG" = AVG 2011
    "Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1186
    "Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0166E190-92D7-482A-A220-DE8B7354383A}" = Demigod
    "{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
    "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
    "{19B72AA9-985A-11D4-9C8A-00D0B75D1498}" = Colin McRae Rally 2
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{33286B63-B749-4D54-AA04-5631319B168D}" = GEAR driver installer for x86 Win2K
    "{36D8A747-3FC1-121F-6C92-2F79A9B3172D}" = Catalyst Control Center Graphics Full New
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{54EE76C9-BBF2-44BA-935C-3E37638EDF6C}" = Visual Analyser 2010 NE-XT v2.4
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
    "{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
    "{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.20
    "{89D16846-7491-A3C3-89D9-006906602FA2}" = Catalyst Control Center Graphics Previews Common
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8CDCDD72-388E-0A2A-4847-873C448033EA}" = Catalyst Control Center Graphics Previews Vista
    "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
    "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{CF58B132-4C67-4E0A-BE3D-8DADB1E32258}" = Vegas Movie Studio 9.0
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation
    "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
    "{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static
    "{E288FAEB-D102-0ACA-DF6A-9BD3C90FA08B}" = Catalyst Control Center HydraVision Full
    "{E4D35928-2C24-A87E-8240-CC7E25548F52}" = Catalyst Control Center Graphics Full Existing
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E76CDA48-6FB1-49C5-0769-7B9444664056}" = Catalyst Control Center Graphics Light
    "{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
    "{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
    "{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F5E0B89C-AABA-639D-B6F5-C3FB085FB120}" = CCC Help English
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "Acoustica Effects Pack" = Acoustica Effects Pack
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "ASIO4ALL" = ASIO4ALL
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
    "Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
    "Demigod" = Demigod
    "Diablo II" = Diablo II
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DivX Setup.divx.com" = DivX Setup
    "Drumagog 4 Platinum4.11" = Drumagog 4
    "EA Download Manager" = EA Download Manager
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Finale NotePad 2011" = Finale NotePad 2011
    "Flickr Uploadr" = Flickr Uploadr 3.2.1
    "Free RAR Extract Frog" = Free RAR Extract Frog
    "Gateway Photo Frame" = Gateway Photo Frame 4.2.3.10
    "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
    "Impulse" = Impulse
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "Internet Download Manager" = Internet Download Manager
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "Line 6 Uninstaller" = Line 6 Uninstaller
    "LTspice IV" = LTspice IV
    "Marvell Miniport Driver" = Marvell Miniport Driver
    "MediaWidget - Easy iPod Transfer_is1" = MediaWidget 6.0
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "Native Instruments Kontakt 3" = Native Instruments Kontakt 3
    "Native Instruments Service Center" = Native Instruments Service Center
    "PreSonus Studio One" = PreSonus Studio One
    "RealPlayer 12.0" = RealPlayer
    "Starfleet Command - Gold Edition" = Starfleet Command - Gold Edition
    "Steven Slate Steven Slate Drums EX" = Steven Slate Steven Slate Drums EX
    "WinGimp-2.0_is1" = GIMP 2.6.10

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/31/2010 2:10:13 PM | Computer Name = BrianCarrigg-PC | Source = Bonjour Service | ID = 100
    Description = 640: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 10/31/2010 2:10:13 PM | Computer Name = BrianCarrigg-PC | Source = Bonjour Service | ID = 100
    Description = 624: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 10/31/2010 2:10:13 PM | Computer Name = BrianCarrigg-PC | Source = Bonjour Service | ID = 100
    Description = 556: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 10/31/2010 2:10:13 PM | Computer Name = BrianCarrigg-PC | Source = Bonjour Service | ID = 100
    Description = 620: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 10/31/2010 2:10:13 PM | Computer Name = BrianCarrigg-PC | Source = Bonjour Service | ID = 100
    Description = 552: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 11/1/2010 9:55:59 AM | Computer Name = BrianCarrigg-PC | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "c:\Windows\winsxs\amd64_microsoft-windows-m..corruptedfilerepair_31bf3856ad364e35_6.1.7600.16385_none_5cd4e58f34e57306\MsiCofire.dll".Error
    in manifest or policy file "c:\Windows\winsxs\amd64_microsoft-windows-m..corruptedfilerepair_31bf3856ad364e35_6.1.7600.16385_none_5cd4e58f34e57306\MsiCofire.dll"
    on line 2. Invalid Xml syntax.

    Error - 11/2/2010 8:19:01 AM | Computer Name = BrianCarrigg-PC | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "c:\Windows\winsxs\amd64_microsoft-windows-m..corruptedfilerepair_31bf3856ad364e35_6.1.7600.16385_none_5cd4e58f34e57306\MsiCofire.dll".Error
    in manifest or policy file "c:\Windows\winsxs\amd64_microsoft-windows-m..corruptedfilerepair_31bf3856ad364e35_6.1.7600.16385_none_5cd4e58f34e57306\MsiCofire.dll"
    on line 2. Invalid Xml syntax.

    Error - 11/2/2010 7:12:54 PM | Computer Name = BrianCarrigg-PC | Source = Application Hang | ID = 1002
    Description = The program OTL.exe version 3.2.17.2 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: 1454 Start Time:
    01cb7ae2fdabacfd Termination Time: 0 Application Path: C:\Users\Brian Carrigg\Desktop\OTL.exe

    Report
    Id: b6a65fd5-e6d6-11df-87fd-0022686644bb

    Error - 11/2/2010 7:19:45 PM | Computer Name = BrianCarrigg-PC | Source = Application Hang | ID = 1002
    Description = The program OTL.exe version 3.2.17.2 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: 141c Start Time:
    01cb7ae37c01d58d Termination Time: 0 Application Path: C:\Users\Brian Carrigg\Desktop\OTL.exe

    Report
    Id: abd1e18a-e6d7-11df-87fd-0022686644bb

    Error - 11/2/2010 7:58:15 PM | Computer Name = BrianCarrigg-PC | Source = Application Hang | ID = 1002
    Description = The program OTL.exe version 3.2.17.2 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: d6c Start Time:
    01cb7ae8906c7cae Termination Time: 0 Application Path: C:\Users\Brian Carrigg\Desktop\OTL.exe

    Report
    Id: 0d0c6e46-e6dd-11df-b1aa-001f81000250

    [ Media Center Events ]
    Error - 10/12/2010 3:44:35 AM | Computer Name = BrianCarrigg-PC | Source = MCUpdate | ID = 0
    Description = 3:44:35 AM - Error connecting to the internet. 3:44:35 AM - Unable
    to contact server..

    Error - 10/12/2010 3:44:48 AM | Computer Name = BrianCarrigg-PC | Source = MCUpdate | ID = 0
    Description = 3:44:40 AM - Error connecting to the internet. 3:44:40 AM - Unable
    to contact server..

    Error - 10/12/2010 4:44:53 AM | Computer Name = BrianCarrigg-PC | Source = MCUpdate | ID = 0
    Description = 4:44:53 AM - Error connecting to the internet. 4:44:53 AM - Unable
    to contact server..

    Error - 10/12/2010 4:45:05 AM | Computer Name = BrianCarrigg-PC | Source = MCUpdate | ID = 0
    Description = 4:44:58 AM - Error connecting to the internet. 4:44:58 AM - Unable
    to contact server..

    Error - 10/12/2010 5:45:10 AM | Computer Name = BrianCarrigg-PC | Source = MCUpdate | ID = 0
    Description = 5:45:10 AM - Error connecting to the internet. 5:45:10 AM - Unable
    to contact server..

    Error - 10/12/2010 5:45:22 AM | Computer Name = BrianCarrigg-PC | Source = MCUpdate | ID = 0
    Description = 5:45:15 AM - Error connecting to the internet. 5:45:15 AM - Unable
    to contact server..

    Error - 10/12/2010 6:45:27 AM | Computer Name = BrianCarrigg-PC | Source = MCUpdate | ID = 0
    Description = 6:45:27 AM - Error connecting to the internet. 6:45:27 AM - Unable
    to contact server..

    Error - 10/12/2010 6:45:39 AM | Computer Name = BrianCarrigg-PC | Source = MCUpdate | ID = 0
    Description = 6:45:32 AM - Error connecting to the internet. 6:45:32 AM - Unable
    to contact server..

    Error - 10/12/2010 3:48:39 PM | Computer Name = BrianCarrigg-PC | Source = MCUpdate | ID = 0
    Description = 3:48:39 PM - Error connecting to the internet. 3:48:39 PM - Unable
    to contact server..

    Error - 10/12/2010 3:48:58 PM | Computer Name = BrianCarrigg-PC | Source = MCUpdate | ID = 0
    Description = 3:48:44 PM - Error connecting to the internet. 3:48:44 PM - Unable
    to contact server..

    [ System Events ]
    Error - 8/30/2010 4:40:48 AM | Computer Name = BrianCarrigg-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 8/30/2010 9:37:29 AM | Computer Name = BrianCarrigg-PC | Source = BROWSER | ID = 8032
    Description =

    Error - 8/31/2010 5:29:46 AM | Computer Name = BrianCarrigg-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 8/31/2010 3:12:05 PM | Computer Name = BrianCarrigg-PC | Source = BTHUSB | ID = 327685
    Description = The Bluetooth driver expected an HCI event with a certain size but
    did not receive it.

    Error - 8/31/2010 3:12:10 PM | Computer Name = BrianCarrigg-PC | Source = BTHUSB | ID = 327685
    Description = The Bluetooth driver expected an HCI event with a certain size but
    did not receive it.

    Error - 8/31/2010 3:28:50 PM | Computer Name = BrianCarrigg-PC | Source = BROWSER | ID = 8032
    Description =

    Error - 9/1/2010 12:15:25 AM | Computer Name = BrianCarrigg-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 9/1/2010 5:10:05 AM | Computer Name = BrianCarrigg-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 9/1/2010 9:25:35 PM | Computer Name = BrianCarrigg-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 9/2/2010 6:29:18 AM | Computer Name = BrianCarrigg-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.


    < End of report >
  11. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    I assume, neither browser can connect to http://my.ccuniversity.edu/ics/?
    See, if you can connect to http://66.161.195.206

    =========================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\idmmbc.dll File not found
      O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\idmmbc.dll File not found
      O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\idmmbc.dll File not found
      O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\idmmbc.dll File not found
      O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\idmmbc.dll File not found
      O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\idmmbc.dll File not found
      O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\idmmbc.dll File not found
      O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\idmmbc.dll File not found
      O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\idmmbc.dll File not found
      O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\idmmbc.dll File not found
      O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysNative\idmmbc.dll File not found
      O16 - DPF: {3B89785B-4E94-400A-8705-5841B14063A7} http://www.arcsoft.com/data/SimHDAss.CAB (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
      O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      [2010/08/12 22:33:11 | 000,000,088 | RHS- | C] () -- C:\ProgramData\CA9AFEA1AF.sys
      @Alternate Data Stream - 2560 bytes -> C:\ProgramData\CLDShowX.ini:Update.CL
      @Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:F35A93AD
      @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:07BF512B
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  12. shinychrome0

    shinychrome0 Newcomer, in training Topic Starter Posts: 21

    Ok i did all of that, updated flash, removed old versions, etc. ESET online scanner found nothing, so here are the logs from the other two.

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021\ deleted successfully.
    Starting removal of ActiveX control {3B89785B-4E94-400A-8705-5841B14063A7}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3B89785B-4E94-400A-8705-5841B14063A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B89785B-4E94-400A-8705-5841B14063A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3B89785B-4E94-400A-8705-5841B14063A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B89785B-4E94-400A-8705-5841B14063A7}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\ not found.
    File {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
    File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    C:\ProgramData\CA9AFEA1AF.sys moved successfully.
    ADS C:\ProgramData\CLDShowX.ini:Update.CL deleted successfully.
    ADS C:\ProgramData\TEMP:F35A93AD deleted successfully.
    ADS C:\ProgramData\TEMP:07BF512B deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Brian Carrigg
    ->Temp folder emptied: 25551972 bytes
    ->Temporary Internet Files folder emptied: 930373 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 97085724 bytes
    ->Flash cache emptied: 14109 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 49632 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 304145226 bytes

    Total Files Cleaned = 408.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Brian Carrigg
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.

    OTL by OldTimer - Version 3.2.17.2 log created on 11052010_092640

    Files\Folders moved on Reboot...
    C:\Users\Brian Carrigg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...









    Results of screen317's Security Check version 0.99.5
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.85.3
    Adobe Reader 9.4.0
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVG avgwdsvc.exe
    AVG avgtray.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

    ``````````End of Log````````````
  13. shinychrome0

    shinychrome0 Newcomer, in training Topic Starter Posts: 21

    And i can now access the site! I'm assuming one of these registry changes is probably the reason?
  14. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Excellent!

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
  15. shinychrome0

    shinychrome0 Newcomer, in training Topic Starter Posts: 21

    So was this actually a virus or just something corrupted in the Registry?
  16. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    It's hard to say.
    I didn't see much of an infection on your computer.
    Possibly, those two AV programs, you had on your computer were stepping on each other....
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.