Unkown virus/malware uninstalling programs

Solved
By monkeychef23
Jan 19, 2011
Topic Status:
Not open for further replies.
  1. Sorry for being on so late buuuut.....

    I just realized that many of my programs are being uninstalled. It's really odd and extremely annoying. I am running spybot, malwarebytes, and antivir as we speak. If anyone wants the logs, I need them to tell me how to find them. If anyone has a quick solution that will not affect my computer configuration, please post it with instructions.

    If someone does one of these things, I will reward them with one chocolate chip cookie and a glass of milk.

    Thanks.
  2. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Explain, please....
  3. monkeychef23

    monkeychef23 TechSpot Member Topic Starter Posts: 88

    Alright,

    so last night I was just playing some video games and looking at engadget (normal stuff), when I realized that the shortcut for Utorrent on my desktop was broken . I wasn't really sure what happened, so I looked through the entire computer to find it had been uninstalled. I started to research what it could have been, and within the course of an hour, three other programs had been uninstalled. Their folder is not present in any program files, and a search for the programs only comes up with their installers in My Downloads.

    Today I booted the computer, couldn't open chrome, thunderbird, antivir, nothing. Everything came up with errors and crashes.

    Anyway, I'm following the eight steps. I am currently running GMER in safe mode because I am not able to open any programs in normal mode. I will post my log later when it is done.
  4. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  5. monkeychef23

    monkeychef23 TechSpot Member Topic Starter Posts: 88

    I'm currently having a problem with gmer. After the scan finishes, the program stops responding. Other then that, malware bytes hasn't reported anything so far.

    More importantly, is there a way to fix this non-responding issue?
  6. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Skip GMER for now, proceed with other steps.
  7. monkeychef23

    monkeychef23 TechSpot Member Topic Starter Posts: 88

    Malware Bytes


    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5289

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    12/10/2010 2:49:23 PM
    mbam-log-2010-12-10 (14-49-23).txt

    Scan type: Quick scan
    Objects scanned: 198672
    Time elapsed: 8 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Attach



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/17/2009 3:31:50 PM
    System Uptime: 1/20/2011 7:41:49 PM (0 hours ago)

    Motherboard: Gigabyte Technology Co., Ltd. | | EP43T-USB3
    Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | Socket 775 | 2333/333mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 466 GiB total, 155.828 GiB free.
    D: is CDROM (CDFS)
    E: is FIXED (NTFS) - 550 GiB total, 0.017 GiB free.
    G: is FIXED (NTFS) - 46 GiB total, 40.588 GiB free.
    H: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description: Motorola Surfboard 5120 USB Cable Modem
    Device ID: USB\VID_07B2&PID_5120\00137140FC31
    Manufacturer:
    Name: Motorola Surfboard 5120 USB Cable Modem
    PNP Device ID: USB\VID_07B2&PID_5120\00137140FC31
    Service:

    ==== System Restore Points ===================

    RP479: 1/16/2011 5:00:22 PM - Windows Backup
    RP480: 1/17/2011 5:00:20 PM - Windows Backup
    RP481: 1/17/2011 11:51:53 PM - Installed Microsoft Mathematics (64-bit)
    RP482: 1/17/2011 11:52:21 PM - Installed DirectX
    RP483: 1/18/2011 3:32:31 PM - Installed XSplit
    RP484: 1/18/2011 5:00:14 PM - Windows Backup
    RP485: 1/19/2011 5:00:27 PM - Windows Backup
    RP486: 1/19/2011 9:05:43 PM - Installed XSplit
    RP487: 1/20/2011 5:00:22 PM - Windows Backup

    ==== Installed Programs ======================

    µTorrent
    7-Zip 4.65
    Acrobat.com
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe After Effects CS4
    Adobe After Effects CS4 Presets
    Adobe After Effects CS4 Third Party Content
    Adobe Anchor Service CS4
    Adobe Asset Services CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles AE CS4
    Adobe Color Video Profiles CS CS4
    Adobe Contribute CS4
    Adobe Creative Suite 4 Master Collection
    Adobe CS4 American English Speech Analysis Models
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe Drive CS4
    Adobe Dynamiclink Support
    Adobe Encore CS4
    Adobe Encore CS4 Codecs
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 STI-en
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Illustrator CS4
    Adobe InDesign CS4
    Adobe InDesign CS4 Application Feature Set Files (Roman)
    Adobe InDesign CS4 Common Base Files
    Adobe InDesign CS4 Icon Handler
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Encoder CS4 Dolby
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe MotionPicture Color Files CS4
    Adobe OnLocation CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Premiere Pro CS4
    Adobe Premiere Pro CS4 Functional Content
    Adobe Premiere Pro CS4 Third Party Content
    Adobe Reader 9.4.1
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe SGM CS4
    Adobe SING CS4
    Adobe Soundbooth CS4
    Adobe Soundbooth CS4 Codecs
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe Version Cue CS4 Server
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Android Manager WiFi
    Android Screencast
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    Bandisoft MPEG-1 Decoder
    Battlefield: Bad Company 2
    Browser Configuration Utility
    Call of Duty: World at War
    Connect
    CopyTrans Suite Remove Only
    Counter-Strike: Source
    Counter-Strike: Source Beta
    D3DX10
    Download Updater (AOL LLC)
    Dropbox
    Dyyno Broadcaster
    Energy Saver Advance B9.0730.1
    EVGA Precision 1.8.0
    Fences
    FLAC 1.2.1b (remove only)
    FoxyTunes for Firefox
    Freemake Video Converter version 1.3.0
    Freemake Video Downloader version 2.0.1
    Futuremark SystemInfo
    Game Booster
    Garry's Mod
    GCalc 3
    Gigabyte Raid Configurer
    Glary Utilities 2.17.0.776
    Google Chrome
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hacker Evolution
    Half-Life Dedicated Server Update Tool
    ImgBurn
    Internet TV for Windows Media Center
    IZArc 4.1
    Java Auto Updater
    Java(TM) 6 Update 23
    Junk Mail filter update
    K-Lite Codec Pack 6.1.0 (Basic)
    kuler
    League of Legends
    League of Legends - ACE Client by Matricus
    Left 4 Dead 2
    Malwarebytes' Anti-Malware
    Microsoft Corporation
    Microsoft Money 2003
    Microsoft Money 2003 System Pack
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    mIRC
    Mozilla Firefox (3.6.11)
    Mozilla Firefox (4.0b1)
    Mozilla Thunderbird (3.1.7)
    Mp3tag v2.47b
    MSVCRT
    MSVCRT_amd64
    Mumble and Murmur
    NEC Electronics USB 3.0 Host Controller Driver
    NVIDIA PhysX
    OCCT Perestroika 3.1.0
    OpenAL
    Pando Media Booster
    PDF Settings CS4
    Photoshop Camera Raw
    Pixel Bender Toolkit
    Poker Night at the Inventory
    PunkBuster Services
    QMC
    Quicken 2009
    QuickTime
    Rainmeter (remove only)
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    RollerCoaster Tycoon Deluxe
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Shipping Assistant 3.6
    Skype™ 4.1
    Songbird 1.7.3 (Build 1700)
    SpeedFan (remove only)
    Spybot - Search & Destroy
    StarCraft II
    Steam
    STORM
    SugarSync Manager
    Suite Shared Configuration CS4
    Supreme Commander 2
    System Protocol One
    System Requirements Lab
    Team Fortress 2
    Team Fortress 2 Beta
    TeamSpeak 3 Client
    TeamViewer 6
    TI Connect 1.6
    Tom Clancy's H.A.W.X. 2
    Ubisoft Game Launcher
    Ubuntu
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2483110)
    Uplink
    Ventrilo Server
    Winamp
    Winamp 5 Media Liabrary Import/Export (remove only)
    Winamp Detector Plug-in
    Winamp Remote
    Windows Installer Clean Up
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Center Add-in for Flash
    Xfire (remove only)
    XSplit

    ==== Event Viewer Messages From Past Week ========

    1/20/2011 4:31:33 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    1/20/2011 12:35:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    1/20/2011 12:35:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    1/20/2011 12:18:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/20/2011 12:18:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/20/2011 12:18:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    1/20/2011 12:18:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/20/2011 12:18:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/20/2011 12:18:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/20/2011 12:14:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx VBoxDrv VBoxUSBMon Wanarpv6 WfpLwf
    1/20/2011 12:14:14 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/20/2011 12:14:14 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/20/2011 12:14:14 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    1/20/2011 12:14:14 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/20/2011 12:14:14 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/20/2011 12:14:14 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    1/20/2011 12:14:14 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/20/2011 12:14:14 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/20/2011 12:14:14 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/20/2011 12:14:14 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/20/2011 12:12:00 PM, Error: Service Control Manager [7000] - The TeamViewer 6 service failed to start due to the following error: The pipe has been ended.
    1/20/2011 12:10:59 PM, Error: Service Control Manager [7031] - The TeamViewer 6 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/20/2011 12:09:53 PM, Error: Service Control Manager [7034] - The Avira AntiVir Scheduler service terminated unexpectedly. It has done this 3 time(s).
    1/20/2011 12:09:53 PM, Error: Service Control Manager [7031] - The TeamViewer 6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/20/2011 12:09:53 PM, Error: Service Control Manager [7031] - The Avira AntiVir Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/20/2011 12:09:53 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\System Volume Information\Syscache.hve' was corrupted and it has been recovered. Some data might have been lost.
    1/20/2011 12:09:51 PM, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
    1/20/2011 12:09:51 PM, Error: Service Control Manager [7034] - The GEST Service for program management. service terminated unexpectedly. It has done this 1 time(s).
    1/20/2011 12:09:51 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    1/20/2011 12:09:51 PM, Error: Service Control Manager [7031] - The Avira AntiVir Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/20/2011 12:09:51 PM, Error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/20/2011 12:09:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SeaPort service to connect.
    1/20/2011 12:09:30 PM, Error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/19/2011 3:31:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80003307165, 0xfffff880065a4c60, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011911-22698-01.
    1/19/2011 3:31:21 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
    1/15/2011 12:08:51 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
    1/15/2011 12:06:50 PM, Error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    1/15/2011 12:06:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
    1/15/2011 12:06:49 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/14/2011 3:34:33 PM, Error: NetBT [4300] - The driver could not be created.
    1/13/2011 2:21:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8000335f165, 0xfffff88006371c60, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011311-21512-01.
    1/13/2011 2:20:04 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Josh\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.

    ==== End Of File ===========================


    DDS



    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Josh at 19:47:19.05 on Thu 01/20/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8190.6168 [GMT -5:00]

    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Users\Josh\Documents\Other and Programs\Dyyno Broadcaster\launcherd.exe
    C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
    C:\Program Files (x86)\Winamp Remote\bin\OrbMediaService.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\vVX3000.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Task Killer\TaskKiller.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Users\Josh\Documents\Other and Programs\Dyyno Broadcaster\dyyno_launcher.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Josh\Documents\Other and Programs\bin\TSVNCache.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Josh\Downloads\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>
    uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    mWinlogon: Userinit=userinit.exe
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - C:\Program Files (x86)\Microsoft Money\System\mnyside.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [Task Killer] C:\Program Files (x86)\Task Killer\TaskKiller.exe
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [sbitunesagent] C:\Users\Josh\Documents\Songbird\songbirditunesagent.exe
    uRun: [Google Update] "C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Dyyno Launcher] "C:\Users\Josh\Documents\Other and Programs\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104
    uRun: [C:!Users!Josh!AppData!Local!Google!Chrome!User Data_service_run] "C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    uExplorerRun: [Thunderbird Mail Client] C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    uExplorerRun: [chrome] C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    uExplorerRun: [mumble] C:\Users\Josh\Documents\Other and Programs\Mumble\mumble.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - C:\Program Files (x86)\Microsoft Money\System\mnyside.dll
    DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} - hxxp://68.39.100.29/DVROcxEx.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: {64F146E5-75E3-41E8-B13B-33D0BCC01771} = 167.206.245.12,167.206.245.11
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    IFEO: taskmgr.exe - C:\Program Files (x86)\Glary Utilities\procmgr.exe
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
    BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [VX3000] C:\Windows\vVX3000.exe
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    STS-X64: FencesShlExt Class: {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Users\Josh\Documents\Other and Programs\Stardock\Fences\FencesMenu64.dll
    IFEO-X64: taskmgr.exe - C:\Program Files (x86)\Glary Utilities\procmgr.exe

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.engadget.com/|http://gizmodo.com/
    FF - component: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
    FF - component: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
    FF - component: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
    FF - component: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
    FF - component: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}\components\MailUtil.dll
    FF - component: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.27\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\Josh\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Users\Josh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Josh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 1\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
    FF - Ext: GoogleTube: googletube@googletube.com - %profile%\extensions\googletube@googletube.com
    FF - Ext: meebo: firefox@meebo.com - %profile%\extensions\firefox@meebo.com
    FF - Ext: Office Black: Office2007Black@JBBS - %profile%\extensions\Office2007Black@JBBS
    FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
    FF - Ext: Chromifox Basic: chromifox@altmusictv.com - %profile%\extensions\chromifox@altmusictv.com
    FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
    FF - Ext: AOL Radio Toolbar: {6ad56361-628f-471b-8f9d-4c338973a87d} - %profile%\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}
    FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
    FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
    FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: FlipClock: {cdd09450-7280-11de-8a39-0800200c9a66} - %profile%\extensions\{cdd09450-7280-11de-8a39-0800200c9a66}
    FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
    FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============

    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-18 55024]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-28 135336]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-12-28 267944]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-12-28 83120]
    R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-11-17 219360]
    R2 Dyyno Launcher;Dyyno Service;C:\Users\Josh\Documents\Other and Programs\Dyyno Broadcaster\launcherd.exe [2010-12-12 415072]
    R2 GEST Service;GEST Service for program management.;C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2009-11-17 68136]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-12-20 1153368]
    R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-7 2228008]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-10-26 75264]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-10-26 176640]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-17 236544]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-25 135664]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-11-18 1038088]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-21 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
    S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2010-8-5 43728]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-15 1255736]

    =============== Created Last 30 ================

    2011-01-18 20:51:38 -------- d-----w- C:\Users\Josh\AppData\Local\PMB Files
    2011-01-18 20:51:37 -------- d-----w- C:\PROGRA~3\PMB Files
    2011-01-18 20:34:14 -------- d-----w- C:\PROGRA~3\SplitMediaLabs
    2011-01-18 12:34:58 -------- d-----w- C:\Program Files (x86)\Graboid
    2011-01-18 04:52:06 -------- d-----w- C:\Program Files\Microsoft Mathematics
    2011-01-12 16:54:00 -------- d-----w- C:\opt
    2011-01-11 19:41:42 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
    2011-01-09 00:55:32 -------- d-----w- C:\Users\Josh\AppData\Roaming\TS3Client
    2011-01-09 00:55:20 -------- d-----w- C:\Users\Josh\AppData\Local\TeamSpeak 3 Client
    2011-01-02 22:09:55 -------- d-----w- C:\Users\Josh\AppData\Local\TSVNCache
    2011-01-02 00:42:34 -------- d-----w- C:\Users\Josh\AppData\Roaming\TortoiseSVN
    2011-01-02 00:41:04 -------- d-----w- C:\Users\Josh\AppData\Roaming\Subversion
    2011-01-02 00:39:49 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays
    2010-12-28 16:34:56 -------- d-----w- C:\Users\Josh\AppData\Roaming\Avira
    2010-12-28 16:31:55 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2010-12-28 16:31:54 -------- d-----w- C:\Program Files (x86)\Avira
    2010-12-28 16:31:54 -------- d-----w- C:\PROGRA~3\Avira
    2010-12-28 16:07:54 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{957EF162-351F-493E-A609-2C17E2CF0BA7}\mpengine.dll

    ==================== Find3M ====================

    2011-01-21 00:42:23 25640 ----a-w- C:\Windows\gdrv.sys
    2011-01-19 18:51:50 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-01-19 18:51:50 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-01-19 18:50:27 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2011-01-14 07:33:52 735353 ----a-w- C:\Users\Josh\ace_uninstaller.exe
    2010-12-23 22:51:40 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2010-12-20 23:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-12-11 22:00:18 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2010-12-02 23:10:06 99384 ----a-w- C:\Users\Josh\AppData\Roaming\inst.exe
    2010-12-02 23:10:06 82816 ----a-w- C:\Users\Josh\AppData\Roaming\pcouffin.sys
    2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
    2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
    2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-11-02 05:21:51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2010-11-02 05:18:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2010-11-02 05:18:59 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
    2010-11-02 05:18:58 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
    2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
    2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
    2010-11-02 05:12:53 1133568 ----a-w- C:\Windows\System32\FntCache.dll
    2010-11-02 05:12:25 1540608 ----a-w- C:\Windows\System32\DWrite.dll
    2010-11-02 05:12:08 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
    2010-11-02 05:12:07 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2010-11-02 05:12:06 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2010-11-02 05:12:06 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
    2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
    2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
    2010-11-02 04:59:08 144384 ----a-w- C:\Windows\System32\cdd.dll
    2010-11-02 04:41:36 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2010-11-02 04:41:36 283648 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2010-11-02 04:41:36 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
    2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
    2010-11-02 04:35:51 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2010-11-02 04:35:35 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2010-11-02 04:35:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2010-11-02 04:35:34 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2010-11-02 04:35:34 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
    2010-11-02 02:50:58 258048 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

    ============= FINISH: 19:48:51.53 ===============
  8. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
  9. monkeychef23

    monkeychef23 TechSpot Member Topic Starter Posts: 88

    I am getting an error:

    Error loading driver, NTSTATUS code:0xC000036B
  10. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    When doing what?
  11. monkeychef23

    monkeychef23 TechSpot Member Topic Starter Posts: 88

    When starting the program. Sorry bout that.
  12. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  13. monkeychef23

    monkeychef23 TechSpot Member Topic Starter Posts: 88

    2011/01/20 20:13:24.0873 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
    2011/01/20 20:13:24.0873 ================================================================================
    2011/01/20 20:13:24.0873 SystemInfo:
    2011/01/20 20:13:24.0873
    2011/01/20 20:13:24.0873 OS Version: 6.1.7600 ServicePack: 0.0
    2011/01/20 20:13:24.0873 Product type: Workstation
    2011/01/20 20:13:24.0873 ComputerName: LEIBFAM
    2011/01/20 20:13:24.0873 UserName: Josh
    2011/01/20 20:13:24.0873 Windows directory: C:\Windows
    2011/01/20 20:13:24.0873 System windows directory: C:\Windows
    2011/01/20 20:13:24.0874 Running under WOW64
    2011/01/20 20:13:24.0874 Processor architecture: Intel x64
    2011/01/20 20:13:24.0874 Number of processors: 4
    2011/01/20 20:13:24.0874 Page size: 0x1000
    2011/01/20 20:13:24.0874 Boot type: Normal boot
    2011/01/20 20:13:24.0874 ================================================================================
    2011/01/20 20:13:24.0874 Utility is running under WOW64
    2011/01/20 20:13:30.0545 Initialize success
    2011/01/20 20:13:33.0204 ================================================================================
    2011/01/20 20:13:33.0204 Scan started
    2011/01/20 20:13:33.0204 Mode: Manual;
    2011/01/20 20:13:33.0204 ================================================================================
    2011/01/20 20:13:34.0300 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/01/20 20:13:34.0332 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/01/20 20:13:34.0360 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/01/20 20:13:34.0416 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
    2011/01/20 20:13:34.0473 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/01/20 20:13:34.0510 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/01/20 20:13:34.0540 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/01/20 20:13:34.0576 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    2011/01/20 20:13:34.0607 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    2011/01/20 20:13:34.0646 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    2011/01/20 20:13:34.0661 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    2011/01/20 20:13:34.0687 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/01/20 20:13:34.0715 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/01/20 20:13:34.0741 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/01/20 20:13:34.0766 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/01/20 20:13:34.0792 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/01/20 20:13:34.0847 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    2011/01/20 20:13:34.0888 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/01/20 20:13:34.0917 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/01/20 20:13:34.0961 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/01/20 20:13:34.0988 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    2011/01/20 20:13:35.0032 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
    2011/01/20 20:13:35.0067 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
    2011/01/20 20:13:35.0105 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/01/20 20:13:35.0148 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/01/20 20:13:35.0192 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/01/20 20:13:35.0242 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/01/20 20:13:35.0272 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2011/01/20 20:13:35.0293 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/01/20 20:13:35.0311 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/01/20 20:13:35.0342 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/01/20 20:13:35.0371 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/01/20 20:13:35.0393 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/01/20 20:13:35.0413 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/01/20 20:13:35.0436 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/01/20 20:13:35.0469 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/01/20 20:13:35.0502 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/01/20 20:13:35.0525 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/01/20 20:13:35.0558 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/01/20 20:13:35.0630 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/01/20 20:13:35.0762 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/01/20 20:13:35.0910 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    2011/01/20 20:13:35.0939 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/01/20 20:13:35.0963 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/01/20 20:13:35.0989 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/01/20 20:13:36.0037 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    2011/01/20 20:13:36.0063 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/01/20 20:13:36.0085 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/01/20 20:13:36.0143 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/01/20 20:13:36.0188 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/01/20 20:13:36.0283 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/01/20 20:13:36.0379 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/01/20 20:13:36.0405 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    2011/01/20 20:13:36.0444 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/01/20 20:13:36.0473 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/01/20 20:13:36.0499 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/01/20 20:13:36.0535 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/01/20 20:13:36.0555 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/01/20 20:13:36.0592 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/01/20 20:13:36.0618 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    2011/01/20 20:13:36.0637 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/01/20 20:13:36.0706 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
    2011/01/20 20:13:36.0734 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/01/20 20:13:36.0788 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/01/20 20:13:36.0832 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/01/20 20:13:36.0884 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
    2011/01/20 20:13:36.0943 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/01/20 20:13:37.0024 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
    2011/01/20 20:13:37.0044 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/01/20 20:13:37.0087 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    2011/01/20 20:13:37.0120 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/01/20 20:13:37.0141 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/01/20 20:13:37.0166 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/01/20 20:13:37.0192 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/01/20 20:13:37.0236 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/01/20 20:13:37.0286 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/01/20 20:13:37.0324 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    2011/01/20 20:13:37.0356 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    2011/01/20 20:13:37.0399 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/01/20 20:13:37.0432 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/01/20 20:13:37.0483 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/01/20 20:13:37.0562 IntcAzAudAddService (49a81307e807c0eaad6510589dd92a3d) C:\Windows\system32\drivers\RTKVHD64.sys
    2011/01/20 20:13:37.0603 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    2011/01/20 20:13:37.0623 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/01/20 20:13:37.0642 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/01/20 20:13:37.0673 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/01/20 20:13:37.0703 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/01/20 20:13:37.0733 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/01/20 20:13:37.0752 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/01/20 20:13:37.0773 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/01/20 20:13:37.0812 JRAID (db85fe8d6cbaa2047cb4da1b2c193d76) C:\Windows\system32\DRIVERS\jraid.sys
    2011/01/20 20:13:37.0846 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/01/20 20:13:37.0872 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/01/20 20:13:37.0898 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    2011/01/20 20:13:37.0947 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/01/20 20:13:37.0964 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/01/20 20:13:38.0009 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/01/20 20:13:38.0064 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/01/20 20:13:38.0089 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/01/20 20:13:38.0118 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/01/20 20:13:38.0143 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/01/20 20:13:38.0167 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/01/20 20:13:38.0196 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/01/20 20:13:38.0219 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/01/20 20:13:38.0261 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/01/20 20:13:38.0294 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/01/20 20:13:38.0314 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/01/20 20:13:38.0351 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/01/20 20:13:38.0373 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    2011/01/20 20:13:38.0402 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    2011/01/20 20:13:38.0432 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/01/20 20:13:38.0454 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    2011/01/20 20:13:38.0497 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/01/20 20:13:38.0520 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/01/20 20:13:38.0563 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/01/20 20:13:38.0589 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    2011/01/20 20:13:38.0621 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/01/20 20:13:38.0656 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/01/20 20:13:38.0679 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/01/20 20:13:38.0697 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/01/20 20:13:38.0732 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/01/20 20:13:38.0757 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/01/20 20:13:38.0780 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/01/20 20:13:38.0809 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    2011/01/20 20:13:38.0840 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/01/20 20:13:38.0858 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/01/20 20:13:38.0878 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/01/20 20:13:38.0916 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/01/20 20:13:38.0985 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/01/20 20:13:39.0033 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    2011/01/20 20:13:39.0068 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/01/20 20:13:39.0094 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/01/20 20:13:39.0121 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/01/20 20:13:39.0149 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/01/20 20:13:39.0169 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    2011/01/20 20:13:39.0188 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/01/20 20:13:39.0210 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    2011/01/20 20:13:39.0276 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/01/20 20:13:39.0327 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/01/20 20:13:39.0355 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/01/20 20:13:39.0406 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    2011/01/20 20:13:39.0471 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/01/20 20:13:39.0533 nusb3hub (f5bc2345e8c89d4e90fafd23a2239935) C:\Windows\system32\DRIVERS\nusb3hub.sys
    2011/01/20 20:13:39.0582 nusb3xhc (5d42578241bc2a9b4a64837077436d5f) C:\Windows\system32\DRIVERS\nusb3xhc.sys
    2011/01/20 20:13:39.0833 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/01/20 20:13:39.0921 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/01/20 20:13:39.0949 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/01/20 20:13:39.0987 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/01/20 20:13:40.0020 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/01/20 20:13:40.0107 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/01/20 20:13:40.0130 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    2011/01/20 20:13:40.0161 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    2011/01/20 20:13:40.0183 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    2011/01/20 20:13:40.0211 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/01/20 20:13:40.0272 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
    2011/01/20 20:13:40.0293 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/01/20 20:13:40.0328 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/01/20 20:13:40.0442 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/01/20 20:13:40.0478 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/01/20 20:13:40.0514 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    2011/01/20 20:13:40.0537 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
    2011/01/20 20:13:40.0584 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/01/20 20:13:40.0624 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/01/20 20:13:40.0657 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/01/20 20:13:40.0681 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/01/20 20:13:40.0694 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/01/20 20:13:40.0725 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/01/20 20:13:40.0761 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/01/20 20:13:40.0783 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/01/20 20:13:40.0812 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/01/20 20:13:40.0839 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/01/20 20:13:40.0863 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/01/20 20:13:40.0882 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/01/20 20:13:40.0942 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/01/20 20:13:40.0961 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    2011/01/20 20:13:40.0992 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    2011/01/20 20:13:41.0044 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/01/20 20:13:41.0080 RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\Windows\system32\DRIVERS\Rt64win7.sys
    2011/01/20 20:13:41.0113 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/01/20 20:13:41.0167 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/01/20 20:13:41.0213 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/01/20 20:13:41.0241 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/01/20 20:13:41.0271 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/01/20 20:13:41.0293 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/01/20 20:13:41.0354 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/01/20 20:13:41.0395 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/01/20 20:13:41.0436 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/01/20 20:13:41.0461 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/01/20 20:13:41.0502 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/01/20 20:13:41.0528 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/01/20 20:13:41.0556 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/01/20 20:13:41.0621 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/01/20 20:13:41.0686 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
    2011/01/20 20:13:41.0746 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
    2011/01/20 20:13:41.0803 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/01/20 20:13:41.0862 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/01/20 20:13:41.0892 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    2011/01/20 20:13:42.0019 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
    2011/01/20 20:13:42.0104 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/01/20 20:13:42.0148 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    2011/01/20 20:13:42.0171 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/01/20 20:13:42.0192 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/01/20 20:13:42.0220 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    2011/01/20 20:13:42.0262 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    2011/01/20 20:13:42.0344 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
    2011/01/20 20:13:42.0386 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/01/20 20:13:42.0425 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/01/20 20:13:42.0452 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/01/20 20:13:42.0481 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    2011/01/20 20:13:42.0529 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/01/20 20:13:42.0556 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    2011/01/20 20:13:42.0579 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/01/20 20:13:42.0644 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
    2011/01/20 20:13:42.0677 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
    2011/01/20 20:13:42.0727 usbbus (c73cb90e6a2ff90fd02451a8dfc6af8a) C:\Windows\system32\DRIVERS\lgx64bus.sys
    2011/01/20 20:13:42.0755 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/01/20 20:13:42.0798 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/01/20 20:13:42.0822 UsbDiag (856ce1f23785369bb5a2de0aedad0aa7) C:\Windows\system32\DRIVERS\lgx64diag.sys
    2011/01/20 20:13:42.0838 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/01/20 20:13:42.0868 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/01/20 20:13:42.0916 USBModem (f81055629778d33c9317b32e4d2b58db) C:\Windows\system32\DRIVERS\lgx64modem.sys
    2011/01/20 20:13:42.0942 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/01/20 20:13:42.0970 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/01/20 20:13:42.0991 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/01/20 20:13:43.0016 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/01/20 20:13:43.0093 VBoxDrv (4fe30ec910ba4d18d1b0e51c7780053c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
    2011/01/20 20:13:43.0130 VBoxNetAdp (47499fe912f0b4e7664f8498f2906f0e) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
    2011/01/20 20:13:43.0157 VBoxNetFlt (032d3d3f93eef92fda895e87f28a0a0b) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
    2011/01/20 20:13:43.0208 VBoxUSB (c328afba2bbaf5ab3dcd2170910648e7) C:\Windows\system32\Drivers\VBoxUSB.sys
    2011/01/20 20:13:43.0274 VBoxUSBMon (7a15bbaa003de45a8dba5e72fec0c704) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
    2011/01/20 20:13:43.0309 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/01/20 20:13:43.0345 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/01/20 20:13:43.0361 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/01/20 20:13:43.0390 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/01/20 20:13:43.0414 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    2011/01/20 20:13:43.0438 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/01/20 20:13:43.0479 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    2011/01/20 20:13:43.0509 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/01/20 20:13:43.0540 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/01/20 20:13:43.0567 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    2011/01/20 20:13:43.0653 VX3000 (e13b31e0ada64cf1513d993f436ca39d) C:\Windows\system32\DRIVERS\VX3000.sys
    2011/01/20 20:13:43.0737 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/01/20 20:13:43.0775 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/01/20 20:13:43.0791 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/01/20 20:13:43.0870 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/01/20 20:13:43.0907 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/01/20 20:13:43.0969 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/01/20 20:13:43.0992 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/01/20 20:13:44.0099 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/01/20 20:13:44.0137 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/01/20 20:13:44.0181 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/01/20 20:13:44.0224 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    2011/01/20 20:13:44.0275 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/01/20 20:13:44.0706 ================================================================================
    2011/01/20 20:13:44.0706 Scan finished
    2011/01/20 20:13:44.0706 ================================================================================
     
  14. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  15. monkeychef23

    monkeychef23 TechSpot Member Topic Starter Posts: 88

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Gigabyte Technology Co., Ltd.
    BIOS Manufacturer: Award Software International, Inc.
    System Manufacturer: Gigabyte Technology Co., Ltd.
    System Product Name: EP43T-USB3
    Logical Drives Mask: 0x000000dc

    Kernel Drivers (total 196):
    0x03250000 \SystemRoot\system32\ntoskrnl.exe
    0x03207000 \SystemRoot\system32\hal.dll
    0x00B9F000 \SystemRoot\system32\kdcom.dll
    0x00C3F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00C83000 \SystemRoot\system32\PSHED.dll
    0x00C97000 \SystemRoot\system32\CLFS.SYS
    0x00CF5000 \SystemRoot\system32\CI.dll
    0x00E80000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F24000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F33000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00F8A000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00F93000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00F9D000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00FD0000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00FDD000 \SystemRoot\System32\drivers\partmgr.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00E15000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00E71000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x00DB5000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00DC5000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00FF2000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x00C00000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x00DDF000 \SystemRoot\system32\DRIVERS\jraid.sys
    0x01036000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    0x01065000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x01070000 \SystemRoot\system32\drivers\fltmgr.sys
    0x010BC000 \SystemRoot\system32\drivers\fileinfo.sys
    0x010D0000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x01252000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x010DC000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x0113A000 \SystemRoot\System32\Drivers\cng.sys
    0x0121A000 \SystemRoot\System32\drivers\pcw.sys
    0x0122B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x0145E000 \SystemRoot\system32\drivers\ndis.sys
    0x01550000 \SystemRoot\system32\drivers\NETIO.SYS
    0x015B0000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01601000 \SystemRoot\System32\drivers\tcpip.sys
    0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x011AD000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x0144A000 \SystemRoot\System32\Drivers\spldr.sys
    0x01452000 \SystemRoot\SysWOW64\speedfan.sys
    0x0182C000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01866000 \SystemRoot\System32\Drivers\mup.sys
    0x01878000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01881000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x018BB000 \SystemRoot\system32\DRIVERS\disk.sys
    0x018D1000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01937000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x01961000 \SystemRoot\System32\Drivers\Null.SYS
    0x0196A000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01971000 \SystemRoot\System32\drivers\vga.sys
    0x0197F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x019A4000 \SystemRoot\System32\drivers\watchdog.sys
    0x019B4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x019BD000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x019C6000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x019CF000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x019DA000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x01800000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x0181E000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02C9F000 \SystemRoot\system32\drivers\afd.sys
    0x02D29000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02D6E000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02D77000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02D9D000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02DAC000 \SystemRoot\system32\DRIVERS\serial.sys
    0x02DC9000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02DE4000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
    0x02C00000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
    0x02C30000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x02C44000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x02DF0000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x019EB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x015DB000 \SystemRoot\System32\drivers\discache.sys
    0x01000000 \SystemRoot\System32\Drivers\dfsc.sys
    0x015EA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03AA0000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x03AC2000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x03AE8000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x0FE5E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x10AF0000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x10AF2000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x0FE00000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x0FE46000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x03AFE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x10BE6000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03B54000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03B78000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
    0x10BF7000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x03BA7000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x03BE5000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x03A00000 \SystemRoot\system32\DRIVERS\parport.sys
    0x03A1D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x03A2A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x03A3A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x03A50000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03A74000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x04072000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x040A1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x040BC000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x040DD000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x040F7000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
    0x04119000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x04128000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x04137000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
    0x0415E000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x04160000 \SystemRoot\system32\DRIVERS\ks.sys
    0x041A3000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x04000000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x0405A000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
    0x041B5000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x0520F000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x056EF000 \SystemRoot\system32\drivers\portcls.sys
    0x0572C000 \SystemRoot\system32\drivers\drmk.sys
    0x0574E000 \SystemRoot\system32\drivers\ksthunk.sys
    0x05754000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x05762000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x0577B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x05784000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x057A1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x00080000 \SystemRoot\System32\win32k.sys
    0x057BE000 \SystemRoot\System32\drivers\Dxapi.sys
    0x057CA000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x057D8000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x057E5000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x05600000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x0560E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x0561A000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x05623000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x05636000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00520000 \SystemRoot\System32\TSDDD.dll
    0x00790000 \SystemRoot\System32\cdd.dll
    0x00950000 \SystemRoot\System32\ATMFD.DLL
    0x05644000 \SystemRoot\system32\drivers\luafv.sys
    0x05667000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x05684000 \SystemRoot\system32\drivers\WudfPf.sys
    0x056A5000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x056BA000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x041CA000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x05E45000 \SystemRoot\system32\drivers\HTTP.sys
    0x05F0D000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x05F2B000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x05F43000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x05F70000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x05FBE000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x05FE1000 \SystemRoot\System32\Drivers\adfs.SYS
    0x0643C000 \SystemRoot\system32\drivers\peauth.sys
    0x064E2000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x064ED000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x0651A000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0652C000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x06CD9000 \SystemRoot\System32\DRIVERS\srv.sys
    0x06D6F000 \??\C:\Windows\gdrv.sys
    0x06D78000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x06C71000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x776D0000 \Windows\System32\ntdll.dll
    0x482A0000 \Windows\System32\smss.exe
    0xFF9F0000 \Windows\System32\apisetschema.dll
    0xFFC80000 \Windows\System32\autochk.exe
    0xFF780000 \Windows\System32\iertutil.dll
    0x778A0000 \Windows\System32\normaliz.dll
    0xFF700000 \Windows\System32\difxapi.dll
    0xFF5D0000 \Windows\System32\rpcrt4.dll
    0xFF4F0000 \Windows\System32\oleaut32.dll
    0xFE760000 \Windows\System32\shell32.dll
    0xFE550000 \Windows\System32\ole32.dll
    0xFE4B0000 \Windows\System32\clbcatq.dll
    0xFE3A0000 \Windows\System32\msctf.dll
    0xFE380000 \Windows\System32\imagehlp.dll
    0xFE2E0000 \Windows\System32\comdlg32.dll
    0x775D0000 \Windows\System32\user32.dll
    0xFE290000 \Windows\System32\Wldap32.dll
    0xFE260000 \Windows\System32\imm32.dll
    0x77890000 \Windows\System32\psapi.dll
    0xFE1F0000 \Windows\System32\gdi32.dll
    0xFE010000 \Windows\System32\setupapi.dll
    0xFDF90000 \Windows\System32\shlwapi.dll
    0xFDEF0000 \Windows\System32\msvcrt.dll
    0xFDEE0000 \Windows\System32\lpk.dll
    0xFDD60000 \Windows\System32\urlmon.dll
    0xFDD40000 \Windows\System32\sechost.dll
    0xFDC70000 \Windows\System32\usp10.dll
    0xFDB90000 \Windows\System32\advapi32.dll
    0xFDA60000 \Windows\System32\wininet.dll
    0xFDA10000 \Windows\System32\ws2_32.dll
    0x774B0000 \Windows\System32\kernel32.dll
    0xFDA00000 \Windows\System32\nsi.dll
    0xFD890000 \Windows\System32\crypt32.dll
    0xFD850000 \Windows\System32\wintrust.dll
    0xFD7E0000 \Windows\System32\KernelBase.dll
    0xFD7C0000 \Windows\System32\devobj.dll
    0xFD780000 \Windows\System32\cfgmgr32.dll
    0xFD6E0000 \Windows\System32\comctl32.dll
    0xFD6D0000 \Windows\System32\msasn1.dll
    0x77230000 \Windows\SysWOW64\normaliz.dll

    Processes (total 84):
    0 System Idle Process
    4 System
    276 C:\Windows\System32\smss.exe
    432 csrss.exe
    500 csrss.exe
    508 C:\Windows\System32\wininit.exe
    564 C:\Windows\System32\services.exe
    596 C:\Windows\System32\lsass.exe
    604 C:\Windows\System32\lsm.exe
    696 C:\Windows\System32\svchost.exe
    716 C:\Windows\System32\winlogon.exe
    824 C:\Windows\System32\nvvsvc.exe
    864 C:\Windows\System32\svchost.exe
    964 C:\Windows\System32\svchost.exe
    1000 C:\Windows\System32\svchost.exe
    128 C:\Windows\System32\svchost.exe
    1028 C:\Windows\System32\svchost.exe
    1088 C:\Windows\System32\nvvsvc.exe
    1176 C:\Windows\System32\svchost.exe
    1364 C:\Windows\System32\spoolsv.exe
    1404 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1424 C:\Windows\System32\svchost.exe
    1544 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1572 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1592 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    1624 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1716 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    1724 C:\Windows\System32\conhost.exe
    1736 C:\Users\Josh\Documents\Other and Programs\Dyyno Broadcaster\launcherd.exe
    1772 C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
    1796 C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    1816 C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
    1860 C:\Program Files (x86)\Winamp Remote\bin\OrbMediaService.exe
    2032 C:\Windows\SysWOW64\PnkBstrA.exe
    1108 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    296 C:\Windows\System32\svchost.exe
    1284 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    1856 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    1520 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2180 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    2712 WUDFHost.exe
    2868 C:\Windows\System32\svchost.exe
    2600 C:\Windows\System32\taskhost.exe
    2840 C:\Windows\System32\dwm.exe
    2104 C:\Windows\explorer.exe
    3100 C:\Windows\System32\svchost.exe
    3280 C:\Windows\vVX3000.exe
    3288 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    3336 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    3628 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    3656 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    3664 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    3684 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    3692 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    3700 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    3708 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    3860 C:\Program Files (x86)\Task Killer\TaskKiller.exe
    3984 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    3188 C:\Users\Josh\Documents\Other and Programs\Dyyno Broadcaster\dyyno_launcher.exe
    3204 C:\Windows\System32\SearchIndexer.exe
    3388 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    164 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    1124 C:\Users\Josh\Documents\Other and Programs\bin\TSVNCache.exe
    4064 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    2588 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    2740 C:\Program Files (x86)\Winamp\winampa.exe
    1148 C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    3192 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3792 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    3372 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4540 WmiPrvSE.exe
    4548 C:\Windows\System32\svchost.exe
    3800 dllhost.exe
    5048 C:\Windows\System32\svchost.exe
    4980 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    4512 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    4636 C:\Windows\SysWOW64\rundll32.exe
    1692 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    4248 C:\Windows\System32\audiodg.exe
    5092 C:\Windows\System32\SearchProtocolHost.exe
    4012 C:\Windows\System32\SearchFilterHost.exe
    4296 C:\Users\Josh\Downloads\MBRCheck.exe
    3076 C:\Windows\System32\conhost.exe
    3328 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
    \\.\G: --> \\.\PhysicalDrive1 at offset 0x00000070`80100000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD5001AALS-00L3B2, Rev: 01.03B01
    PhysicalDrive1 Model Number: WDCWD6400AAKS-07A7B2, Rev: 01.03B01

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    596 GB \\.\PhysicalDrive1 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
  16. monkeychef23

    monkeychef23 TechSpot Member Topic Starter Posts: 88

    Also, do I run rKill only if I can't get combofix to run?
  17. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Yes.......
  18. monkeychef23

    monkeychef23 TechSpot Member Topic Starter Posts: 88

    ComboFix 11-01-20.01 - Josh 01/20/2011 20:39:19.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8190.6523 [GMT -5:00]
    Running from: c:\users\Josh\Downloads\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\install.exe
    c:\users\Josh\ace_uninstaller.exe
    c:\users\Josh\AppData\Roaming\Dyyno
    c:\users\Josh\AppData\Roaming\Dyyno\dgcsrv.xml
    c:\users\Josh\AppData\Roaming\Dyyno\dyyno.xml
    c:\users\Josh\AppData\Roaming\inst.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-21 to 2011-01-21 )))))))))))))))))))))))))))))))
    .

    2011-01-21 01:44 . 2011-01-21 01:44 -------- d-----w- c:\users\Vikki\AppData\Local\temp
    2011-01-21 01:01 . 2011-01-21 01:01 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
    2011-01-18 20:51 . 2011-01-19 17:17 -------- d-----w- c:\users\Josh\AppData\Local\PMB Files
    2011-01-18 20:51 . 2011-01-18 20:51 -------- d-----w- c:\programdata\PMB Files
    2011-01-18 20:34 . 2011-01-18 20:34 -------- d-----w- c:\programdata\SplitMediaLabs
    2011-01-18 12:34 . 2011-01-18 12:35 -------- d-----w- c:\program files (x86)\Graboid
    2011-01-18 04:52 . 2011-01-18 04:52 -------- d-----w- c:\program files\Microsoft Mathematics
    2011-01-14 21:51 . 2011-01-14 21:51 -------- d-----w- c:\users\Vikki\AppData\Roaming\Winamp
    2011-01-12 16:54 . 2011-01-12 16:54 -------- d-----w- C:\opt
    2011-01-11 19:41 . 2011-01-11 19:41 -------- d-----w- c:\programdata\NVIDIA Corporation
    2011-01-09 00:55 . 2011-01-18 21:14 -------- d-----w- c:\users\Josh\AppData\Roaming\TS3Client
    2011-01-09 00:55 . 2011-01-09 00:55 -------- d-----w- c:\users\Josh\AppData\Local\TeamSpeak 3 Client
    2011-01-03 23:05 . 2011-01-03 23:05 -------- d-----w- c:\users\Andi\AppData\Roaming\Subversion
    2011-01-03 20:55 . 2011-01-19 20:24 -------- d-----w- c:\users\Andi\AppData\Local\TSVNCache
    2011-01-02 22:09 . 2011-01-21 00:43 -------- d-----w- c:\users\Josh\AppData\Local\TSVNCache
    2011-01-02 00:42 . 2011-01-02 00:42 -------- d-----w- c:\users\Josh\AppData\Roaming\TortoiseSVN
    2011-01-02 00:41 . 2011-01-02 00:41 -------- d-----w- c:\users\Josh\AppData\Roaming\Subversion
    2011-01-02 00:39 . 2011-01-02 00:39 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
    2010-12-28 16:34 . 2010-12-28 16:34 -------- d-----w- c:\users\Josh\AppData\Roaming\Avira
    2010-12-28 16:31 . 2010-12-13 13:40 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-12-28 16:31 . 2010-12-13 13:40 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-12-28 16:31 . 2010-12-28 16:31 -------- d-----w- c:\programdata\Avira
    2010-12-28 16:31 . 2010-12-28 16:31 -------- d-----w- c:\program files (x86)\Avira
    2010-12-28 16:07 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{957EF162-351F-493E-A609-2C17E2CF0BA7}\mpengine.dll
    2010-12-23 22:52 . 2010-12-23 22:52 -------- d-----w- c:\program files (x86)\Common Files\Java
    2010-12-23 22:51 . 2010-12-23 22:51 -------- d-----w- c:\program files (x86)\Java

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-21 00:42 . 2010-12-01 01:26 25640 ----a-w- c:\windows\gdrv.sys
    2011-01-19 18:51 . 2010-06-17 01:42 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-01-19 18:51 . 2010-06-17 01:41 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-01-19 18:50 . 2010-06-17 01:41 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2010-12-23 22:51 . 2010-06-17 23:59 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2010-12-20 23:09 . 2010-12-10 19:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2010-12-10 19:39 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-11 22:00 . 2010-06-17 01:41 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2010-12-02 23:10 . 2010-09-10 01:42 82816 ----a-w- c:\users\Josh\AppData\Roaming\pcouffin.sys
    2010-11-04 06:35 . 2010-12-16 04:48 1194496 ----a-w- c:\windows\system32\wininet.dll
    2010-11-04 06:31 . 2010-12-16 04:48 57856 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-04 05:52 . 2010-12-16 04:48 978944 ----a-w- c:\windows\SysWow64\wininet.dll
    2010-11-04 05:48 . 2010-12-16 04:48 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2010-11-04 05:16 . 2010-12-16 04:48 482816 ----a-w- c:\windows\system32\html.iec
    2010-11-04 04:41 . 2010-12-16 04:48 386048 ----a-w- c:\windows\SysWow64\html.iec
    2010-11-04 04:35 . 2010-12-16 04:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-11-04 04:08 . 2010-12-16 04:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2010-11-02 05:18 . 2010-12-16 04:48 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-02 05:17 . 2010-12-16 04:48 473600 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-02 05:17 . 2010-12-16 04:48 1169408 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-02 05:16 . 2010-12-16 04:48 1114624 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-02 05:10 . 2010-12-16 04:48 464384 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 05:10 . 2010-12-16 04:48 285696 ----a-w- c:\windows\system32\schtasks.exe
    2010-11-02 04:40 . 2010-12-16 04:48 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
    2010-11-02 04:40 . 2010-12-16 04:48 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
    2010-11-02 04:34 . 2010-12-16 04:48 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
    2010-11-02 04:34 . 2010-12-16 04:48 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
    2010-10-27 05:06 . 2010-12-16 04:48 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-10-27 04:32 . 2010-12-16 04:48 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Task Killer"="c:\program files (x86)\Task Killer\TaskKiller.exe" [2007-11-04 221696]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "sbitunesagent"="c:\users\Josh\Documents\Songbird\songbirditunesagent.exe" [2010-06-09 266240]
    "Google Update"="c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-09-03 136176]
    "Dyyno Launcher"="c:\users\Josh\Documents\Other and Programs\Dyyno Broadcaster\dyyno_launcher.exe" [2010-12-12 2151776]
    "C:!Users!Josh!AppData!Local!Google!Chrome!User Data_service_run"="c:\users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-01-10 1003576]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-18 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-07 74752]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

    c:\users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Josh\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

    c:\users\Vikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "amd_dc_opt"=c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe"

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25 135664]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-11-18 1038088]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
    R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-08-05 43728]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1255736]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-04-28 55024]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-08-05 202960]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-08-05 53968]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
    S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
    S2 Dyyno Launcher;Dyyno Service;c:\users\Josh\Documents\Other and Programs\Dyyno Broadcaster\launcherd.exe [2010-12-12 415072]
    S2 GEST Service;GEST Service for program management.;c:\program files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2009-07-30 68136]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-26 75264]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-26 176640]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-08-05 144720]
    S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-08-05 164240]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - KLMD25
    *Deregistered* - klmd25
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-21 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files (x86)\Glary Utilities\initialize.exe [2009-11-21 15:21]

    2011-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25 16:44]

    2011-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25 16:44]

    2011-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1633182106-547672266-1594137005-1000Core.job
    - c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-03 18:45]

    2011-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1633182106-547672266-1594137005-1000UA.job
    - c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-03 18:45]
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 97792 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 97792 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 97792 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2010-10-14 23:04 142336 ----a-w- c:\users\Josh\Documents\Other and Programs\SugarSync\SugarSyncShellExt_x64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2010-10-14 23:04 142336 ----a-w- c:\users\Josh\Documents\Other and Programs\SugarSync\SugarSyncShellExt_x64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2010-10-14 23:04 142336 ----a-w- c:\users\Josh\Documents\Other and Programs\SugarSync\SugarSyncShellExt_x64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2010-10-14 23:04 142336 ----a-w- c:\users\Josh\Documents\Other and Programs\SugarSync\SugarSyncShellExt_x64.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VX3000"="c:\windows\vVX3000.exe" [2009-07-01 762224]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-03 8317472]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\users\Josh\Documents\Other and Programs\Stardock\Fences\FencesMenu64.dll" [2009-10-02 134656]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: {64F146E5-75E3-41E8-B13B-33D0BCC01771} = 167.206.245.12,167.206.245.11
    DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} - hxxp://68.39.100.29/DVROcxEx.cab
    FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.engadget.com/|http://gizmodo.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox 4.0 Beta 1\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
    FF - Ext: GoogleTube: googletube@googletube.com - %profile%\extensions\googletube@googletube.com
    FF - Ext: meebo: firefox@meebo.com - %profile%\extensions\firefox@meebo.com
    FF - Ext: Office Black: Office2007Black@JBBS - %profile%\extensions\Office2007Black@JBBS
    FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
    FF - Ext: Chromifox Basic: chromifox@altmusictv.com - %profile%\extensions\chromifox@altmusictv.com
    FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
    FF - Ext: AOL Radio Toolbar: {6ad56361-628f-471b-8f9d-4c338973a87d} - %profile%\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}
    FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
    FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
    FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: FlipClock: {cdd09450-7280-11de-8a39-0800200c9a66} - %profile%\extensions\{cdd09450-7280-11de-8a39-0800200c9a66}
    FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
    FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-Half-Life Dedicated Server Update Tool - c:\users\Josh\DOCUME~1\OTHERA~1\UNWISE.EXE
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    AddRemove-Wubi - h:\ubuntu\uninstall-wubi.exe
    AddRemove-Android Screencast - c:\windows\system32\javaws.exe
    AddRemove-GCalc 3 - c:\windows\system32\javaws.exe
    AddRemove-SugarSync - c:\program files (x86)\SugarSync\uninstall.exe



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
    "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker2"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-01-20 20:46:59
    ComboFix-quarantined-files.txt 2011-01-21 01:46

    Pre-Run: 166,914,670,592 bytes free
    Post-Run: 167,625,723,904 bytes free

    - - End Of File - - 06016A1399505BBBE9AC4A1FE149BB55
  19. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Looks good now....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  20. monkeychef23

    monkeychef23 TechSpot Member Topic Starter Posts: 88

    OTL

    OTL logfile created on: 1/20/2011 9:20:31 PM - Run 1
    OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Josh\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 69.00% Memory free
    18.00 Gb Paging File | 15.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): c:\pagefile.sys 10000 100000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 157.98 Gb Free Space | 33.93% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    Drive E: | 550.00 Gb Total Space | 0.02 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
    Drive G: | 46.17 Gb Total Space | 40.59 Gb Free Space | 87.91% Space Free | Partition Type: NTFS
    Drive H: | 3.76 Gb Total Space | 3.76 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

    Computer Name: LEIBFAM | User Name: Josh | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/20 21:19:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
    PRC - [2011/01/11 14:20:19 | 000,407,336 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2011/01/10 11:04:03 | 001,003,576 | ---- | M] (Google Inc.) -- C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
    PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/12/12 18:44:26 | 002,151,776 | ---- | M] () -- C:\Users\Josh\My Documents\Other and Programs\Dyyno Broadcaster\dyyno_launcher.exe
    PRC - [2010/12/12 18:44:18 | 000,415,072 | ---- | M] () -- C:\Users\Josh\My Documents\Other and Programs\Dyyno Broadcaster\launcherd.exe
    PRC - [2010/12/11 17:00:18 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2010/12/07 17:23:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
    PRC - [2010/12/07 05:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    PRC - [2010/11/30 17:54:43 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/02/09 11:38:56 | 003,465,384 | ---- | M] (Thorvald Natvig) -- C:\Users\Josh\My Documents\Other and Programs\Mumble\mumble.exe
    PRC - [2009/11/18 10:37:26 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2009/10/20 23:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    PRC - [2009/08/04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    PRC - [2009/07/30 17:51:02 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    PRC - [2008/01/29 21:19:34 | 000,041,472 | ---- | M] (Orb Networks) -- C:\Program Files (x86)\Winamp Remote\bin\OrbMediaService.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/20 21:19:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
    MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2009/11/18 09:24:46 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2009/07/24 15:04:54 | 000,199,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/01/11 14:20:19 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/12/12 18:44:18 | 000,415,072 | ---- | M] () [Auto | Running] -- C:\Users\Josh\My Documents\Other and Programs\Dyyno Broadcaster\launcherd.exe -- (Dyyno Launcher)
    SRV - [2010/12/11 17:00:18 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2010/12/07 05:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
    SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/11/18 09:23:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
    SRV - [2009/07/30 17:51:02 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
    SRV - [2008/01/29 21:19:34 | 000,041,472 | ---- | M] (Orb Networks) [Auto | Running] -- C:\Program Files (x86)\Winamp Remote\bin\OrbMediaService.exe -- (OrbMediaService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010/12/13 08:40:21 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2010/12/13 08:40:21 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/09/09 20:42:57 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
    DRV:64bit: - [2010/08/05 13:02:56 | 000,144,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
    DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/02/03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2010/01/21 01:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
    DRV:64bit: - [2010/01/21 01:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
    DRV:64bit: - [2010/01/21 01:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
    DRV:64bit: - [2009/10/26 10:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2009/10/26 10:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2009/09/03 15:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
    DRV:64bit: - [2009/07/30 06:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/30 21:24:50 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
    DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/28 15:20:06 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2008/11/04 13:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
    DRV - [2011/01/20 19:42:23 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
    DRV - [2010/06/08 19:30:22 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
    DRV - [2007/02/07 13:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0B DA 7C 63 DE A6 CB 01 [binary data]
    IE - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
    IE - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;127.0.0.1;<local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.engadget.com/|http://gizmodo.com/"
    FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
    FF - prefs.js..extensions.enabledItems: {6ad56361-628f-471b-8f9d-4c338973a87d}:5.27.1.6046
    FF - prefs.js..extensions.enabledItems: googletube@googletube.com:2.0.2
    FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.0.0.0
    FF - prefs.js..extensions.enabledItems: firefox@meebo.com:1.1
    FF - prefs.js..extensions.enabledItems: {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
    FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.7.2.0
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
    FF - prefs.js..extensions.enabledItems: {cdd09450-7280-11de-8a39-0800200c9a66}:0.82
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.4.4
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.8.7
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
    FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100827
    FF - prefs.js..extensions.enabledItems: Office2007Black@JBBS:1.5.5


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/24 20:56:40 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/30 17:56:23 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 1\components [2010/07/06 17:25:45 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 1\plugins
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/12/13 22:18:29 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

    [2010/07/21 14:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions
    [2010/02/21 13:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2010/07/21 14:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
    [2010/10/10 12:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions
    [2010/09/21 22:08:38 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
    [2010/08/18 14:00:16 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
    [2010/02/03 19:23:15 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
    [2010/09/21 22:08:38 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
    [2010/09/01 21:30:18 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
    [2010/08/18 14:00:16 | 000,000,000 | ---D | M] (AOL Radio Toolbar) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}
    [2010/09/21 22:08:37 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2010/09/21 22:08:37 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
    [2010/09/21 22:08:38 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2010/07/26 19:35:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2010/06/14 16:31:29 | 000,000,000 | ---D | M] (FlipClock) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{cdd09450-7280-11de-8a39-0800200c9a66}
    [2010/08/18 14:00:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/06/15 19:10:21 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\chromifox@altmusictv.com
    [2010/06/15 19:10:28 | 000,000,000 | ---D | M] (شريط أدوات Ùيس بوك) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\firefox@facebook.com
    [2009/12/06 19:12:43 | 000,000,000 | ---D | M] (meebo) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\firefox@meebo.com
    [2010/09/22 20:06:07 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\foxmarks@kei.com
    [2010/06/15 19:10:28 | 000,000,000 | ---D | M] (GoogleTube) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\googletube@googletube.com
    [2010/09/21 22:08:37 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\nasanightlaunch@example.com
    [2010/09/21 22:08:32 | 000,000,000 | ---D | M] (Office Black) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\Office2007Black@JBBS
    [2009/12/07 21:01:09 | 000,000,000 | ---D | M] (RedShift V3) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\redshift_V2@shift-themes.com
    [2010/08/10 12:45:56 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\YoutubeDownloader@PeterOlayev.com
    [2009/12/28 17:40:04 | 000,002,283 | ---- | M] () -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\searchplugins\aol-search.xml
    [2010/12/23 17:51:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/06/17 18:59:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/07/29 15:43:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/12/23 17:51:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2010/12/23 17:51:40 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/12/07 17:25:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
    O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files (x86)\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O3 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
    O4 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000..\Run: [C:!Users!Josh!AppData!Local!Google!Chrome!User Data_service_run] C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
    O4 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000..\Run: [Dyyno Launcher] C:\Users\Josh\Documents\Other and Programs\Dyyno Broadcaster\dyyno_launcher.exe ()
    O4 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000..\Run: [sbitunesagent] C:\Users\Josh\My Documents\Songbird\songbirditunesagent.exe ()
    O4 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000..\Run: [Task Killer] C:\Program Files (x86)\Task Killer\TaskKiller.exe ()
    O4 - Startup: C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Josh\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
    O7 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-Disabled: New Application = C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    O7 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-Disabled: steam = C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files (x86)\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} http://68.39.100.29/DVROcxEx.cab (DVROcxEx Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Users\Josh\My Documents\Other and Programs\Stardock\Fences\FencesMenu64.dll (Stardock)
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
    O37 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
    Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()
    Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/20 21:19:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
    [2011/01/20 20:36:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/01/20 20:36:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/01/20 20:36:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/01/20 20:36:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/01/20 20:36:27 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/20 20:36:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/01/19 21:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
    [2011/01/19 13:00:19 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ACE
    [2011/01/18 15:51:38 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\PMB Files
    [2011/01/18 15:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
    [2011/01/18 15:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs
    [2011/01/18 07:34:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Graboid
    [2011/01/17 23:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mathematics (64-bit)
    [2011/01/17 23:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mathematics
    [2011/01/16 14:52:47 | 000,000,000 | ---D | C] -- C:\Users\Josh\Documents\Chrome Themes
    [2011/01/16 14:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
    [2011/01/12 11:54:00 | 000,000,000 | ---D | C] -- C:\opt
    [2011/01/11 14:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
    [2011/01/08 19:55:32 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\TS3Client
    [2011/01/08 19:55:21 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
    [2011/01/08 19:55:20 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\TeamSpeak 3 Client
    [2011/01/02 17:09:55 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\TSVNCache
    [2011/01/01 19:42:34 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\TortoiseSVN
    [2011/01/01 19:41:04 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Subversion
    [2011/01/01 19:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
    [2011/01/01 19:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
    [2011/01/01 14:39:46 | 000,000,000 | ---D | C] -- C:\Users\Josh\Documents\My Games
    [2010/12/28 11:34:56 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Avira
    [2010/12/28 11:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2010/12/28 11:31:55 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
    [2010/12/28 11:31:55 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
    [2010/12/28 11:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2010/12/28 11:31:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
    [2010/12/24 14:33:07 | 000,000,000 | ---D | C] -- C:\Users\Josh\Documents\Dyyno
    [2010/12/23 17:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2010/12/23 17:51:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2010/12/23 17:21:10 | 000,000,000 | ---D | C] -- C:\Users\Josh\Documents\Alpha Server Config
    [2010/09/09 20:42:57 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Josh\AppData\Roaming\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2011/01/20 21:19:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
    [2011/01/20 21:13:32 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/01/20 21:13:32 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/01/20 21:11:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/20 20:57:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1633182106-547672266-1594137005-1000UA.job
    [2011/01/20 20:57:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1633182106-547672266-1594137005-1000Core.job
    [2011/01/20 20:01:34 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
    [2011/01/20 19:43:20 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/20 19:43:20 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
    [2011/01/20 19:42:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/01/20 19:42:00 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/19 15:31:28 | 458,483,725 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/01/19 13:51:50 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2011/01/19 13:51:50 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011/01/19 13:50:27 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
    [2011/01/19 13:00:19 | 000,001,838 | ---- | M] () -- C:\Users\Josh\Desktop\ACE LoL Client.lnk
    [2011/01/19 11:49:56 | 000,001,190 | ---- | M] () -- C:\Users\Josh\Desktop\lol.launcher - Shortcut.lnk
    [2011/01/18 17:19:01 | 000,784,344 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/01/18 17:19:01 | 000,663,722 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/01/18 17:19:01 | 000,122,452 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/01/18 15:33:01 | 000,001,252 | ---- | M] () -- C:\Users\Josh\Desktop\XSplit Broadcaster.lnk
    [2011/01/17 23:57:11 | 000,000,173 | ---- | M] () -- C:\Users\Josh\AppData\Local\msmathematics.qat.Josh
    [2011/01/17 15:27:40 | 000,013,659 | ---- | M] () -- C:\Users\Josh\Desktop\Roaming - Shortcut.lnk
    [2011/01/17 12:04:01 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/16 14:29:12 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
    [2011/01/12 11:41:11 | 000,001,095 | ---- | M] () -- C:\Users\Josh\Desktop\eclipse - Shortcut.lnk
    [2011/01/12 10:58:38 | 000,002,391 | ---- | M] () -- C:\Users\Josh\Desktop\Google Chrome.lnk
    [2011/01/11 15:07:10 | 000,000,890 | ---- | M] () -- C:\Users\Josh\Desktop\League of Legends - Shortcut.lnk
    [2011/01/08 19:55:21 | 000,001,203 | ---- | M] () -- C:\Users\Josh\Desktop\TeamSpeak 3 Client.lnk
    [2011/01/08 08:02:34 | 003,034,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/12/28 11:32:06 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2010/12/24 16:02:04 | 000,000,032 | ---- | M] () -- C:\Users\Josh\Documents\mineserver_201024.7z
    [2010/12/24 14:30:20 | 000,001,119 | ---- | M] () -- C:\Users\Josh\Desktop\Dyyno Broadcaster.lnk

    ========== Files Created - No Company Name ==========

    [2011/01/20 20:36:49 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/01/20 20:36:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/01/20 20:36:49 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/01/20 20:36:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/01/20 20:36:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/01/20 20:01:29 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
    [2011/01/19 11:49:56 | 000,001,190 | ---- | C] () -- C:\Users\Josh\Desktop\lol.launcher - Shortcut.lnk
    [2011/01/19 11:47:47 | 000,001,838 | ---- | C] () -- C:\Users\Josh\Desktop\ACE LoL Client.lnk
    [2011/01/18 15:33:01 | 000,001,252 | ---- | C] () -- C:\Users\Josh\Desktop\XSplit Broadcaster.lnk
    [2011/01/17 23:57:11 | 000,000,173 | ---- | C] () -- C:\Users\Josh\AppData\Local\msmathematics.qat.Josh
    [2011/01/17 15:27:40 | 000,013,659 | ---- | C] () -- C:\Users\Josh\Desktop\Roaming - Shortcut.lnk
    [2011/01/16 14:29:12 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
    [2011/01/12 11:41:11 | 000,001,095 | ---- | C] () -- C:\Users\Josh\Desktop\eclipse - Shortcut.lnk
    [2011/01/11 15:07:10 | 000,000,890 | ---- | C] () -- C:\Users\Josh\Desktop\League of Legends - Shortcut.lnk
    [2011/01/08 19:55:21 | 000,001,203 | ---- | C] () -- C:\Users\Josh\Desktop\TeamSpeak 3 Client.lnk
    [2010/12/28 11:32:06 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2010/12/24 16:01:54 | 000,000,032 | ---- | C] () -- C:\Users\Josh\Documents\mineserver_201024.7z
    [2010/10/07 21:07:06 | 000,778,156 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/09/09 20:43:32 | 000,000,033 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\pcouffin.log
    [2010/09/09 20:42:57 | 000,007,859 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\pcouffin.cat
    [2010/09/09 20:42:57 | 000,001,167 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\pcouffin.inf
    [2010/08/11 20:37:22 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
    [2010/07/13 17:01:21 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2010/07/09 14:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
    [2010/03/08 15:13:58 | 000,000,139 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2010/01/28 20:31:26 | 000,000,279 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2009/12/18 22:36:21 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2009/12/18 22:36:21 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2009/12/10 17:26:04 | 000,003,584 | ---- | C] () -- C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/11/28 10:46:42 | 000,007,597 | ---- | C] () -- C:\Users\Josh\AppData\Local\resmon.resmoncfg
    [2009/11/24 17:29:17 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
    [2009/11/22 12:22:33 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
    [2009/11/19 21:50:32 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/11/17 15:35:05 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
    [2009/08/28 13:13:46 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\PlayerDll.dll
    [2009/08/28 13:13:42 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\DVRConfig.dll
    [2009/08/28 13:13:38 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ResourceDll.dll
    [2009/08/20 09:36:54 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\DVRTH264.dll
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
    [2009/06/26 17:24:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini

    ========== LOP Check ==========
  21. monkeychef23

    monkeychef23 TechSpot Member Topic Starter Posts: 88

    continued:


    [2011/01/20 12:11:41 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Dropbox
    [2010/10/21 18:05:58 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Stardock
    [2011/01/03 18:05:00 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Subversion
    [2011/01/17 15:29:02 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\.minecraft
    [2010/07/29 09:39:51 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Atari
    [2010/01/12 22:07:58 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\CocoonSoftware
    [2010/07/29 09:39:26 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\DAEMON Tools Net
    [2010/02/14 19:45:35 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Deusty
    [2010/02/21 13:24:33 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Doomi.809F847005C7832B69625A614BB25CA209244440.1
    [2010/11/02 23:42:24 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Dropbox
    [2009/11/24 17:29:17 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\FirstClass
    [2010/07/30 16:22:54 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\GlarySoft
    [2010/12/02 18:08:44 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\HLSW
    [2010/09/11 19:32:27 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\ImgBurn
    [2010/10/12 20:41:44 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\IObit
    [2010/07/29 09:53:55 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Leadertech
    [2010/10/09 16:10:53 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\leafChat
    [2010/06/22 19:02:15 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\LolClient
    [2010/10/22 13:50:06 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Mobile Action
    [2010/09/10 14:21:02 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\MoveFab
    [2010/07/26 09:25:27 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Mp3tag
    [2011/01/20 12:10:04 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Mumble
    [2010/06/14 14:16:24 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\oovooinstaller
    [2010/03/11 17:27:05 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Opera
    [2010/10/22 15:56:21 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Rainmeter
    [2010/10/06 13:48:53 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Softpark
    [2010/08/14 21:53:00 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Songbird2
    [2010/06/14 12:30:34 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Stardock
    [2011/01/01 19:41:04 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Subversion
    [2010/01/24 20:39:28 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\SystemRequirementsLab
    [2010/12/14 17:33:59 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\TeamViewer
    [2010/09/11 19:46:24 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\TeraCopy
    [2010/02/21 13:29:37 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Thunderbird
    [2011/01/18 16:14:41 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\TS3Client
    [2011/01/20 19:45:24 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\uTorrent
    [2010/12/02 18:10:06 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Vso
    [2010/07/29 18:09:11 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\WindSolutions
    [2010/02/22 15:10:31 | 000,000,000 | ---D | M] -- C:\Users\Louis\AppData\Roaming\Thunderbird
    [2011/01/20 19:43:20 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
    [2011/01/03 15:54:26 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/01/20 20:46:59 | 000,027,807 | ---- | M] () -- C:\ComboFix.txt
    [2009/11/17 15:41:38 | 000,000,197 | ---- | M] () -- C:\csb.log
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2011/01/20 19:42:00 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
    [2009/12/19 19:40:04 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2009/11/17 15:40:37 | 000,000,190 | ---- | M] () -- C:\Install.log
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2011/01/20 19:42:10 | 1895,825,406 | -HS- | M] () -- C:\pagefile.sys
    [2009/11/17 15:38:33 | 000,001,944 | ---- | M] () -- C:\RHDSetup.log
    [2011/01/20 21:23:42 | 000,054,040 | ---- | M] () -- C:\service.log
    [2011/01/20 20:14:13 | 000,062,196 | ---- | M] () -- C:\TDSSKiller.2.4.14.0_20.01.2011_20.13.24_log.txt
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/22 23:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/11/17 15:33:34 | 000,000,221 | -HS- | M] () -- C:\Users\Josh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/07/21 16:02:56 | 000,812,544 | ---- | M] (Big Bang enterprises) -- C:\Users\Josh\Desktop\DoubleKiller.exe
    [2009/12/19 15:42:30 | 002,170,856 | ---- | M] (CPUID) -- C:\Users\Josh\Desktop\Hardware Namer.exe
    [2010/10/13 14:28:50 | 000,525,824 | ---- | M] () -- C:\Users\Josh\Desktop\MCLawl.exe
    [2010/10/10 13:04:00 | 000,232,501 | ---- | M] () -- C:\Users\Josh\Desktop\Minecraft.exe
    [2011/01/20 21:19:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
    [2010/06/14 19:15:39 | 000,791,256 | ---- | M] () -- C:\Users\Josh\Desktop\Universal-USB-Installer-v1.6.4.exe
    [2010/08/30 16:41:56 | 000,077,824 | ---- | M] (Lexar Media) -- C:\Users\Josh\Desktop\USB fixer.exe
    [2010/07/13 17:24:56 | 002,668,544 | ---- | M] () -- C:\Users\Josh\Desktop\VirtualDub.exe
    [2010/06/14 19:22:51 | 001,469,477 | ---- | M] () -- C:\Users\Josh\Desktop\wubi.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >
    [2009/06/26 17:24:18 | 000,013,023 | ---- | M] () -- C:\Windows\VX3000.src

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/02/21 13:08:20 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2010/02/21 13:08:20 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2010/02/21 13:08:20 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2010/02/21 13:08:20 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2010/02/21 13:08:20 | 000,786,432 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
    [2010/02/21 13:08:20 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/03 09:10:44 | 000,000,402 | -HS- | M] () -- C:\Users\Josh\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/03/08 15:13:58 | 000,000,139 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B174FAE

    < End of report >
  22. monkeychef23

    monkeychef23 TechSpot Member Topic Starter Posts: 88

    Extras


    OTL Extras logfile created on: 1/20/2011 9:20:31 PM - Run 1
    OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Josh\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 69.00% Memory free
    18.00 Gb Paging File | 15.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): c:\pagefile.sys 10000 100000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 157.98 Gb Free Space | 33.93% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    Drive E: | 550.00 Gb Total Space | 0.02 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
    Drive G: | 46.17 Gb Total Space | 40.59 Gb Free Space | 87.91% Space Free | Partition Type: NTFS
    Drive H: | 3.76 Gb Total Space | 3.76 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

    Computer Name: LEIBFAM | User Name: Josh | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1633182106-547672266-1594137005-1000\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- Reg Error: Key error. File not found
    .cmd [@ = cmdfile] -- Reg Error: Key error. File not found
    .com [@ = ComFile] -- Reg Error: Key error. File not found
    .exe [@ = exefile] -- Reg Error: Key error. File not found
    .html [@ = ChromeHTML] -- C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
    .pif [@ = piffile] -- Reg Error: Key error. File not found
    .vbs [@ = VBSFile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
    "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
    "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
    "{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
    "{390239C9-8AB0-4E81-9E74-2020988D5582}" = MySQL Server 5.1
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{3E061CBA-1DBB-45DD-8873-D100072ADCAD}" = Microsoft LifeCam
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
    "{818AA386-29D5-4DFF-BBB5-3F16133F1409}" = TortoiseSVN 1.6.12.20536 (64 bit)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
    "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
    "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
    "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
    "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
    "{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
    "{CC95E3FF-822B-47CD-9B4D-C89536615461}" = Oracle VM VirtualBox 3.2.8
    "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
    "{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
    "CCleaner" = CCleaner
    "EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{019210C1-32C8-423C-BEFD-763C8E7A188F}" = Microsoft Money 2003
    "{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}" = Microsoft Money 2003 System Pack
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
    "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
    "{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
    "{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
    "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
    "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
    "{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
    "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
    "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{37C5A56A-00EA-347B-B7A1-5628BED56702}" = Google Talk Plugin
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
    "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
    "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
    "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
    "{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
    "{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
    "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
    "{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B9.0730.1
    "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A824A87-5353-4964-8935-AF3CB72D9DEC}" = XSplit
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{924EAD66-F854-4605-8493-696DD59A113B}" = RollerCoaster Tycoon Deluxe
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
    "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
    "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
    "{C3234E43-10BF-470E-BD2B-2E36EA29D11C}" = League of Legends
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
    "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
    "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
    "{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
    "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
    "{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
    "{EDE1736D-94BA-0200-0000-000000000000}" = Android Manager WiFi
    "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
    "{F744201B-8229-4FBF-AF10-13BAFD02AF7C}" = STORM
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 4.65
    "ACE LoL Client" = League of Legends - ACE Client by Matricus
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Dyyno Broadcaster" = Dyyno Broadcaster
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Fences" = Fences
    "FLAC" = FLAC 1.2.1b (remove only)
    "FoxyTunesForFirefox" = FoxyTunes for Firefox
    "Freemake Video Converter_is1" = Freemake Video Converter version 1.3.0
    "Freemake Video Downloader_is1" = Freemake Video Downloader version 2.0.1
    "Game Booster_is1" = Game Booster
    "Glary Utilities_is1" = Glary Utilities 2.17.0.776
    "Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
    "ImgBurn" = ImgBurn
    "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Basic)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "mIRC" = mIRC
    "Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
    "Mozilla Firefox (4.0b1)" = Mozilla Firefox (4.0b1)
    "Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
    "Mp3tag" = Mp3tag v2.47b
    "Mumble" = Mumble and Murmur
    "OCCT_is1" = OCCT Perestroika 3.1.0
    "OpenAL" = OpenAL
    "Orb" = Winamp Remote
    "Precision" = EVGA Precision 1.8.0
    "PunkBusterSvc" = PunkBuster Services
    "Rainmeter" = Rainmeter (remove only)
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "Songbird-release-1700" = Songbird 1.7.3 (Build 1700)
    "SpeedFan" = SpeedFan (remove only)
    "StarCraft II" = StarCraft II
    "Steam App 10090" = Call of Duty: World at War
    "Steam App 1510" = Uplink
    "Steam App 240" = Counter-Strike: Source
    "Steam App 24960" = Battlefield: Bad Company 2
    "Steam App 260" = Counter-Strike: Source Beta
    "Steam App 31280" = Poker Night at the Inventory
    "Steam App 4000" = Garry's Mod
    "Steam App 40100" = Supreme Commander 2
    "Steam App 440" = Team Fortress 2
    "Steam App 48160" = Tom Clancy's H.A.W.X. 2
    "Steam App 520" = Team Fortress 2 Beta
    "Steam App 550" = Left 4 Dead 2
    "Steam App 58300" = System Protocol One
    "Steam App 70100" = Hacker Evolution
    "SystemRequirementsLab" = System Requirements Lab
    "TeamViewer 6" = TeamViewer 6
    "uTorrent" = µTorrent
    "Winamp" = Winamp
    "Winamp5MLImpex" = Winamp 5 Media Liabrary Import/Export (remove only)
    "WinLiveSuite" = Windows Live Essentials
    "Wubi" = Ubuntu
    "Xfire" = Xfire (remove only)

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1633182106-547672266-1594137005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "CopyTrans Suite" = CopyTrans Suite Remove Only
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "QUICKMEDIACONVERTER" = QMC
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
  23. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;127.0.0.1;<local>
      O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
      O3 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [2009/11/19 21:50:32 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
      @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B174FAE
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  24. monkeychef23

    monkeychef23 TechSpot Member Topic Starter Posts: 88

    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-1633182106-547672266-1594137005-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1633182106-547672266-1594137005-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    C:\ProgramData\ezsidmv.dat moved successfully.
    ADS C:\ProgramData\TEMP:0B174FAE deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Andi
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: AppData
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Josh
    ->Temp folder emptied: 26093624 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 52858768 bytes
    ->Flash cache emptied: 2897 bytes

    User: Louis
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Vikki
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 9199738 bytes

    Total Files Cleaned = 84.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Andi
    ->Flash cache emptied: 0 bytes

    User: AppData

    User: Default

    User: Default User

    User: Josh
    ->Flash cache emptied: 0 bytes

    User: Louis
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Vikki
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.3 log created on 01202011_215759

    Files\Folders moved on Reboot...
    File move failed. C:\Users\Josh\AppData\Local\Temp\BITCB7D.tmp scheduled to be moved on reboot.
    C:\Users\Josh\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
  25. monkeychef23

    monkeychef23 TechSpot Member Topic Starter Posts: 88

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 23
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 9.4.1
    Out of date Adobe Reader installed!
    Mozilla Firefox (4.0b1.) Firefox Out of Date!
    Mozilla Thunderbird (3.1.7)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    Josh Documents School Virus Info\SecurityCheck.exe
    ``````````End of Log````````````
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.