TechSpot

Windows 7 explorer crashing/restarting

Solved
By tovette
Oct 20, 2010
  1. I've recently run into an issue where upon start up I get a windows explorer error saying that the Explorer has stopped working, then refreshes and 10 seconds later does it all over again into an endless loop. In some cases the explorer crashes altogether, system tray and all.

    I've run malwarebytes, super antispyware as well as AVG scans and I've come up with issues to delete but after restarting the explorer issue is still present.

    I restarted in safemode and the explorer worked fine. I also went into my configsys and removed all startup applications and that didn't work either.

    My event viewer has labeled the error as this:

    Log Name: Application
    Source: Application Error
    Date: 10/20/2010 12:34:50 AM
    Event ID: 1000
    Task Category: (100)
    Level: Error
    Keywords: Classic
    User: N/A
    Computer: Nate-PC
    Description:
    Faulting application name: Explorer.EXE, version: 6.1.7600.16450, time stamp: 0x4aebab8d
    Faulting module name: Explorer.EXE, version: 6.1.7600.16450, time stamp: 0x4aebab8d
    Exception code: 0xc000041d
    Fault offset: 0x000000000002cc2b
    Faulting process id: 0x1500
    Faulting application start time: 0x01cb70293e35daf0
    Faulting application path: C:\Windows\Explorer.EXE
    Faulting module path: C:\Windows\Explorer.EXE
    Report Id: 84ec9b50-dc1c-11df-82f4-001ec94ec4ca
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-10-20T07:34:50.000000000Z" />
    <EventRecordID>6879</EventRecordID>
    <Channel>Application</Channel>
    <Computer>Nate-PC</Computer>
    <Security />
    </System>
    <EventData>
    <Data>Explorer.EXE</Data>
    <Data>6.1.7600.16450</Data>
    <Data>4aebab8d</Data>
    <Data>Explorer.EXE</Data>
    <Data>6.1.7600.16450</Data>
    <Data>4aebab8d</Data>
    <Data>c000041d</Data>
    <Data>000000000002cc2b</Data>
    <Data>1500</Data>
    <Data>01cb70293e35daf0</Data>
    <Data>C:\Windows\Explorer.EXE</Data>
    <Data>C:\Windows\Explorer.EXE</Data>
    <Data>84ec9b50-dc1c-11df-82f4-001ec94ec4ca</Data>
    </EventData>
    </Event>

    Anyone have any suggestions?? I've exhausted everything I know so I'm stumped... :\
     
  2. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  3. tovette

    tovette TS Rookie Topic Starter Posts: 22

    Here is my log results from the 8 step...
    --------
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4897

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    10/20/2010 8:06:50 PM
    mbam-log-2010-10-20 (20-06-50).txt

    Scan type: Quick scan
    Objects scanned: 137659
    Time elapsed: 3 minute(s), 10 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ------------------


    DDS (Ver_10-10-10.03) - NTFS_AMD64
    Run by Nate at 20:11:41.07 on Wed 10/20/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6141.4076 [GMT -7:00]

    SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    E:\Program Files\MozyHome\mozybackup.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\SysWOW64\PnkBstrB.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\Pen_Tablet.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    E:\Program Files\MozyHome\mozybackup.exe
    C:\Windows\system32\WTablet\Pen_TabletUser.exe
    C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    C:\Program Files (x86)\AVG\AVG9\avgam.exe
    C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\Pen_Tablet.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\explorer.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\Explorer.EXE
    C:\Users\Nate\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:5577
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    LSP: C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
    mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
    AppInit_DLLs-X64: avgrssta.dll

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\16ulwfx2.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VUZTDF&PC=VUZE&q=
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\Nate\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSErHrw7a;AVG9IDSErHr;C:\Windows\System32\drivers\AVGIDSwa.sys [2010-4-30 27216]
    R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\drivers\avgrkx64.sys [2010-4-30 56008]
    R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-4-30 29976]
    R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-4-30 269904]
    R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-4-30 35536]
    R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-4-30 317520]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
    R2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-5-1 921952]
    R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-5-1 308136]
    R2 avgfws9;AVG Firewall;C:\Program Files (x86)\AVG\AVG9\avgfws9.exe [2010-5-1 2331544]
    R2 AVGIDSAgent;AVG9IDSAgent;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-5-1 5897808]
    R2 cpuz133;cpuz133;C:\Windows\System32\drivers\cpuz133_x64.sys [2010-6-30 20968]
    R2 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2010-4-30 4510504]
    R3 AVGIDSDriverw7a;AVG9IDSDriver;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2010-4-30 132688]
    R3 AVGIDSFilterw7a;AVG9IDSFilter;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2010-4-30 35920]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-7-14 22408]
    R3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\System32\drivers\LGPBTDD.sys [2009-7-1 30728]
    R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-11 50208]
    R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
    R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-1-24 18216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-6-26 430152]
    S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2007-5-11 1361952]
    S3 LVUVC64;QuickCam Orbit/Sphere MP(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2007-5-11 3612704]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-1 1255736]

    =============== Created Last 30 ================

    2010-10-20 06:56:51 6637392 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2010-10-20 06:56:49 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{985C89A0-68EC-45CC-9063-36851EC7EC35}\mpengine.dll
    2010-10-20 06:42:34 -------- d-----w- C:\Windows\pss
    2010-10-20 05:52:05 -------- d-----w- C:\Users\Nate\AppData\Roaming\SUPERAntiSpyware.com
    2010-10-20 05:52:05 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
    2010-10-20 05:52:00 -------- d-----w- C:\PROGRA~3\!SASCORE
    2010-10-20 05:51:58 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2010-10-20 03:28:32 -------- d-----w- C:\PROGRA~3\F-Secure
    2010-10-13 07:36:12 -------- d-----w- C:\Program Files (x86)\SmartFTP Client 4.0 (x64) Setup Files
    2010-09-29 10:00:29 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2010-09-29 06:27:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-09-29 06:27:36 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-09-29 06:27:31 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
    2010-09-29 06:27:31 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
    2010-09-25 17:16:06 -------- d-----w- C:\Program Files\iTunes
    2010-09-25 17:16:06 -------- d-----w- C:\Program Files\iPod
    2010-09-25 17:14:51 -------- d-----w- C:\Program Files\Bonjour

    ==================== Find3M ====================

    2010-09-08 18:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-09-08 18:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
    2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
    2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
    2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
    2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
    2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
    2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
    2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
    2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
    2010-08-05 03:13:49 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2010-08-05 03:13:49 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
    2010-07-28 01:55:50 95520 ----a-w- C:\Windows\System32\dnssd.dll
    2010-07-28 01:55:50 119584 ----a-w- C:\Windows\System32\dns-sd.exe
    2010-07-28 01:44:10 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2010-07-28 01:44:10 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe

    ============= FINISH: 20:12:06.27 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-10.03)

    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/30/2010 5:30:26 AM
    System Uptime: 10/20/2010 8:00:35 PM (0 hours ago)

    Motherboard: Dell Inc | | 0PP150
    Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz | Socket 775 | 3006/1333mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 596 GiB total, 435.982 GiB free.
    D: is FIXED (NTFS) - 932 GiB total, 475.716 GiB free.
    E: is FIXED (NTFS) - 466 GiB total, 253.401 GiB free.
    F: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    K: is FIXED (NTFS) - 932 GiB total, 155.319 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP83: 10/19/2010 1:44:06 AM - Scheduled Checkpoint
    RP84: 10/19/2010 11:56:34 PM - Windows Update

    ==== Installed Programs ======================

    Acrobat.com
    Adobe After Effects CS3
    Adobe After Effects CS3 Presets
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 9.3.4
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Video Profiles
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AhaView
    Alien Swarm
    Any Video Converter 3.0.7
    Apple Application Support
    Apple Software Update
    AVG 9.0
    Camtasia Studio 7
    Crysis Warhead
    DiRT 2
    DVDSmith Movie Backup 1.0.5
    EVE Online (remove only)
    F.E.A.R. 2: Project Origin
    Facebook Plug-In
    Flotilla
    FontCreator 5.6
    Handbrake 0.9.4
    HMA! Pro VPN 2.4.1
    Impulse
    Java(TM) 6 Update 17
    Java(TM) 6 Update 7
    JDownloader
    Karen's Replicator
    Left 4 Dead 2
    Macromedia Dreamweaver 8
    Macromedia Extension Manager
    Malwarebytes' Anti-Malware
    Microsoft Choice Guard
    Microsoft Silverlight
    Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Mozilla Firefox (3.6.11)
    MSVCRT
    NVIDIA PhysX
    Octoshape add-in for Adobe Flash Player
    OpenOffice.org 3.0
    PDF Settings
    Pen Tablet
    PunkBuster Services
    QuickTime
    RealPlayer
    RealUpgrade 1.0
    Resident Evil 5
    Revo Uninstaller 1.89
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Sins of a Solar Empire
    SmartFTP Client Setup Files 3.0 (x64) (remove only)
    SmartFTP Client Setup Files 4.0 (x64) (remove only)
    Sony Media Manager 2.2
    Sony Vegas 7.0
    Star Trek Online
    StarCraft II
    Steam
    The Chronicles of Riddick: Assault on Dark Athena
    Torchlight
    Vector Magic
    Visual C++ 8.0 Runtime Setup Package (x64)
    VLC media player 0.9.9
    Vuze
    Vuze Remote Toolbar
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    Windows Movie Maker 2.6
    WinRAR archiver
    World of Warcraft

    ==== Event Viewer Messages From Past Week ========

    10/20/2010 7:58:36 PM, Error: Service Control Manager [7034] - The AVG9IDSAgent service terminated unexpectedly. It has done this 1 time(s).
    10/20/2010 7:43:51 PM, Error: Microsoft-Windows-HttpEvent [15011] - Unable to create the error log file. Make sure that the error logging directory is correct.
    10/20/2010 2:34:44 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer TEMPLEMINI that believes that it is the master browser for the domain on transport NetBT_Tcpip_{712CAB92-F5A4-4346-B36C-FF1BC022A2D3}. The master browser is stopping or an election is being forced.
    10/20/2010 12:31:07 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7.
    10/19/2010 8:32:29 PM, Error: Application Popup [1060] - \??\C:\Users\Nate\AppData\Local\Temp\OnlineScanner\Anti-Virus\f has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    10/19/2010 10:33:52 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    10/19/2010 10:33:51 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    10/19/2010 10:33:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/19/2010 10:33:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/19/2010 10:33:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/19/2010 10:33:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/19/2010 10:33:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx64 AvgMfx64 discache mozyFilter spldr Wanarpv6
    10/18/2010 3:24:26 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    10/15/2010 3:08:44 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer PC110204927262 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{712CAB92-F5A4-4346-B36C-FF1BC022A2D3}. The master browser is stopping or an election is being forced.
    10/13/2010 3:48:44 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    So far I don't see anything suspicious, but let's keep checking...

    Download Dr.Web CureIt to the desktop:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
    Alternative download: http://majorgeeks.com/Dr.Web_CureIT_d4783.html

    • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
    • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, select Complete scan.
    • Click the green arrow [​IMG] at the right, and the scan will start.
    • Click Yes to all if it asks if you want to cure/move the file.
    • When the scan has finished, in the menu, click File and choose Save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • [color=5]Important![/color] Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

    NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

    =======================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  5. tovette

    tovette TS Rookie Topic Starter Posts: 22

    I did the DrWeb scan but the complete scan took 16 hours (4Tb hdd) and the log file I got is 370Mb, so I don't know how I'm supposed to post that...

    Here is the MBRCheck log though...
    -----

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Professional
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Dell Inc
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc
    System Product Name: XPS 630i
    Logical Drives Mask: 0x000007fc

    Kernel Drivers (total 214):
    0x02E49000 \SystemRoot\system32\ntoskrnl.exe
    0x02E00000 \SystemRoot\system32\hal.dll
    0x00BA9000 \SystemRoot\system32\kdcom.dll
    0x00C72000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00CB6000 \SystemRoot\system32\PSHED.dll
    0x00CCA000 \SystemRoot\system32\CLFS.SYS
    0x00D28000 \SystemRoot\system32\CI.dll
    0x00E5F000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F03000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F12000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00F69000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00F72000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00F7C000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00FAF000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00FBC000 \SystemRoot\System32\drivers\partmgr.sys
    0x00FD1000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00FE6000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x00FED000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00C00000 \SystemRoot\system32\DRIVERS\nvraid.sys
    0x00C29000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01082000 \SystemRoot\System32\drivers\mountmgr.sys
    0x0109C000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x010A5000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x010CF000 \SystemRoot\system32\DRIVERS\nvstor.sys
    0x010FA000 \SystemRoot\system32\DRIVERS\storport.sys
    0x0115C000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x01167000 \SystemRoot\system32\drivers\fltmgr.sys
    0x011B3000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01232000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
    0x013D5000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x0143D000 \SystemRoot\System32\Drivers\cng.sys
    0x014B0000 \SystemRoot\System32\drivers\pcw.sys
    0x014C1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x014CB000 \SystemRoot\system32\drivers\ndis.sys
    0x01631000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01691000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01802000 \SystemRoot\System32\drivers\tcpip.sys
    0x016BC000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01706000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x01716000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01762000 \SystemRoot\System32\Drivers\spldr.sys
    0x0176A000 \SystemRoot\System32\drivers\rdyboost.sys
    0x017A4000 \SystemRoot\System32\Drivers\mup.sys
    0x017B6000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x017BF000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01600000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01616000 \SystemRoot\System32\Drivers\avgrkx64.sys
    0x01623000 \SystemRoot\System32\Drivers\AVGIDSwa.sys
    0x01413000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x01200000 \SystemRoot\system32\DRIVERS\mozy.sys
    0x01216000 \SystemRoot\System32\Drivers\Null.SYS
    0x017F9000 \SystemRoot\System32\Drivers\Beep.SYS
    0x0121F000 \SystemRoot\System32\drivers\vga.sys
    0x011C7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x013EF000 \SystemRoot\System32\drivers\watchdog.sys
    0x011EC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x011F5000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x0105E000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x01067000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x00C59000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x01072000 \SystemRoot\system32\DRIVERS\avgfwd6a.sys
    0x03C83000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x03CA1000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x03CAE000 \SystemRoot\System32\Drivers\avgtdia.sys
    0x03CFF000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x03D44000 \SystemRoot\system32\drivers\afd.sys
    0x03DCE000 \SystemRoot\system32\drivers\ws2ifsl.sys
    0x03DD9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x03C00000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x03C26000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x03C35000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x03C50000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03C64000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x03C6E000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x03E0D000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03E5E000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03E6A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03E75000 \SystemRoot\System32\drivers\discache.sys
    0x03E84000 \SystemRoot\system32\drivers\csc.sys
    0x03F07000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03F25000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03F36000 \SystemRoot\System32\Drivers\avgmfx64.sys
    0x03F3E000 \SystemRoot\System32\Drivers\avgldx64.sys
    0x03F85000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x03FAB000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x0FEED000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x10B7F000
    -----
     
  6. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    That would be tough to even upload somewhere.
    Did it find anything?

    MBRCheck log is incomplete. Please redo.
     
  7. tovette

    tovette TS Rookie Topic Starter Posts: 22

    I'm not sure what to look for in the DrWeb log file..

    Here is the MBRCheck log...

    -----
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Professional
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Dell Inc
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc
    System Product Name: XPS 630i
    Logical Drives Mask: 0x000007fc

    Kernel Drivers (total 216):
    0x02E5D000 \SystemRoot\system32\ntoskrnl.exe
    0x02E14000 \SystemRoot\system32\hal.dll
    0x00BB5000 \SystemRoot\system32\kdcom.dll
    0x00C3C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00C80000 \SystemRoot\system32\PSHED.dll
    0x00C94000 \SystemRoot\system32\CLFS.SYS
    0x00CF2000 \SystemRoot\system32\CI.dll
    0x00EF2000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F96000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00FA5000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00E09000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00E13000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00E46000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00E53000 \SystemRoot\System32\drivers\partmgr.sys
    0x00E68000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00E7D000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00ED9000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x00EE0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00DB2000 \SystemRoot\system32\DRIVERS\nvraid.sys
    0x00C00000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x00DDB000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00DF5000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x010A7000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x010D1000 \SystemRoot\system32\DRIVERS\nvstor.sys
    0x010FC000 \SystemRoot\system32\DRIVERS\storport.sys
    0x0115E000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x01169000 \SystemRoot\system32\drivers\fltmgr.sys
    0x011B5000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01231000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
    0x013D4000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x014C8000 \SystemRoot\System32\Drivers\cng.sys
    0x0153B000 \SystemRoot\System32\drivers\pcw.sys
    0x0154C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x016C5000 \SystemRoot\system32\drivers\ndis.sys
    0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01800000 \SystemRoot\System32\drivers\tcpip.sys
    0x01556000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x0168B000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x015A0000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x0169B000 \SystemRoot\System32\Drivers\spldr.sys
    0x017B7000 \SystemRoot\System32\drivers\rdyboost.sys
    0x016A3000 \SystemRoot\System32\Drivers\mup.sys
    0x016B5000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01400000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x0143A000 \SystemRoot\system32\DRIVERS\disk.sys
    0x017F1000 \SystemRoot\System32\Drivers\avgrkx64.sys
    0x01450000 \SystemRoot\System32\Drivers\AVGIDSwa.sys
    0x01200000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x014B0000 \SystemRoot\system32\DRIVERS\mozy.sys
    0x015EC000 \SystemRoot\System32\Drivers\Null.SYS
    0x016BE000 \SystemRoot\System32\Drivers\Beep.SYS
    0x013EE000 \SystemRoot\System32\drivers\vga.sys
    0x0105E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x01083000 \SystemRoot\System32\drivers\watchdog.sys
    0x015F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x01093000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x0109C000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x011C9000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x011D4000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x011E5000 \SystemRoot\system32\DRIVERS\avgfwd6a.sys
    0x03C2C000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x03C4A000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x03C57000 \SystemRoot\System32\Drivers\avgtdia.sys
    0x03CA8000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x03CED000 \SystemRoot\system32\drivers\afd.sys
    0x03D77000 \SystemRoot\system32\drivers\ws2ifsl.sys
    0x03D82000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x03D8B000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x03DB1000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x03DC0000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x03DDB000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03DEF000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x03C00000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x03E2D000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03E7E000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03E8A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03E95000 \SystemRoot\System32\drivers\discache.sys
    0x03EA4000 \SystemRoot\system32\drivers\csc.sys
    0x03F27000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03F45000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03F56000 \SystemRoot\System32\Drivers\avgmfx64.sys
    0x03F5E000 \SystemRoot\System32\Drivers\avgldx64.sys
    0x03FA5000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x03FCB000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x0481B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x053EC000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x0424C000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04340000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04386000 \SystemRoot\system32\DRIVERS\fdc.sys
    0x04393000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x0439E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x04200000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x04211000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x044DE000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x0451C000 \SystemRoot\system32\DRIVERS\RT2500.sys
    0x04557000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x0457B000 \SystemRoot\system32\DRIVERS\nvm62x64.sys
    0x045DF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x045EF000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
    0x04400000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x04419000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x04422000 \SystemRoot\system32\DRIVERS\WacomVKHid.sys
    0x04424000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x0443A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x0445E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x0446A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x04499000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x044B4000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x0421E000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x045F2000 \SystemRoot\system32\DRIVERS\tap0901.sys
    0x04238000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x053EE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x04800000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x044D5000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x05835000 \SystemRoot\system32\DRIVERS\ks.sys
    0x05878000 \SystemRoot\system32\drivers\LGBusEnum.sys
    0x0587C000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x0588E000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x058E8000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x058F5000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
    0x058FD000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x0590B000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x0592D000 \SystemRoot\system32\drivers\HdAudio.sys
    0x05989000 \SystemRoot\system32\drivers\portcls.sys
    0x059C6000 \SystemRoot\system32\drivers\drmk.sys
    0x059E8000 \SystemRoot\system32\drivers\ksthunk.sys
    0x00070000 \SystemRoot\System32\win32k.sys
    0x059EE000 \SystemRoot\System32\drivers\Dxapi.sys
    0x05800000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x005F0000 \SystemRoot\System32\TSDDD.dll
    0x0145A000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x00760000 \SystemRoot\System32\ATMFD.DLL
    0x008D0000 \SystemRoot\System32\cdd.dll
    0x0580E000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x0581C000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x03E00000 \SystemRoot\System32\Drivers\dump_nvstor.sys
    0x03FE1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x05826000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x05920000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x06080000 \SystemRoot\system32\drivers\luafv.sys
    0x060A3000 \SystemRoot\system32\drivers\WudfPf.sys
    0x060C4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x060E1000 \SystemRoot\system32\drivers\LVUSBS64.sys
    0x060EC000 \SystemRoot\system32\drivers\usbaudio.sys
    0x06107000 \SystemRoot\System32\Drivers\usbaapl64.sys
    0x06118000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x06133000 \SystemRoot\system32\DRIVERS\wacmoumonitor.sys
    0x0613C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x0616D000 \SystemRoot\System32\Drivers\LGPBTDD.sys
    0x06178000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x06189000 \SystemRoot\system32\DRIVERS\WinUsb.sys
    0x0619A000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x06000000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x06053000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x06066000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x061AF000 \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys
    0x061BB000 \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys
    0x06CF8000 \SystemRoot\system32\drivers\HTTP.sys
    0x06DC0000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x06DDE000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x06C00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x06C2D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x06C7B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x06C9E000 \??\C:\Windows\system32\drivers\cpuz133_x64.sys
    0x074C6000 \SystemRoot\system32\drivers\peauth.sys
    0x0756C000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x07577000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x075A4000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x07400000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x07AB2000 \SystemRoot\System32\DRIVERS\srv.sys
    0x07B48000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x07B7E000 \SystemRoot\system32\drivers\spsys.sys
    0x07BEF000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x778F0000 \Windows\System32\ntdll.dll
    0x47960000 \Windows\System32\smss.exe
    0xFFC10000 \Windows\System32\apisetschema.dll
    0xFF740000 \Windows\System32\autochk.exe
    0xFFAD0000 \Windows\System32\wininet.dll
    0xFF8C0000 \Windows\System32\ole32.dll
    0xFF660000 \Windows\System32\iertutil.dll
    0xFF5F0000 \Windows\System32\gdi32.dll
    0xFF5D0000 \Windows\System32\imagehlp.dll
    0xFF5C0000 \Windows\System32\nsi.dll
    0xFF540000 \Windows\System32\shlwapi.dll
    0x77AC0000 \Windows\System32\psapi.dll
    0xFF3C0000 \Windows\System32\urlmon.dll
    0x77AB0000 \Windows\System32\normaliz.dll
    0xFF1E0000 \Windows\System32\setupapi.dll
    0xFF190000 \Windows\System32\ws2_32.dll
    0xFF160000 \Windows\System32\imm32.dll
    0x777D0000 \Windows\System32\kernel32.dll
    0xFF150000 \Windows\System32\lpk.dll
    0xFF130000 \Windows\System32\sechost.dll
    0xFF0E0000 \Windows\System32\Wldap32.dll
    0xFF040000 \Windows\System32\msvcrt.dll
    0x776D0000 \Windows\System32\user32.dll
    0xFEF70000 \Windows\System32\usp10.dll
    0xFEE60000 \Windows\System32\msctf.dll
    0xFED80000 \Windows\System32\advapi32.dll
    0xFECA0000 \Windows\System32\oleaut32.dll
    0xFEB70000 \Windows\System32\rpcrt4.dll
    0xFEAD0000 \Windows\System32\comdlg32.dll
    0xFEA30000 \Windows\System32\clbcatq.dll
    0xFDCA0000 \Windows\System32\shell32.dll
    0xFDC20000 \Windows\System32\difxapi.dll
    0xFDAB0000 \Windows\System32\crypt32.dll
    0xFDA70000 \Windows\System32\wintrust.dll
    0xFDA50000 \Windows\System32\devobj.dll
    0xFDA10000 \Windows\System32\cfgmgr32.dll
    0xFD9A0000 \Windows\System32\KernelBase.dll
    0xFD900000 \Windows\System32\comctl32.dll
    0xFD8F0000 \Windows\System32\msasn1.dll
    0x77AA0000 \Windows\SysWOW64\normaliz.dll

    Processes (total 112):
    0 System Idle Process
    4 System
    280 C:\Windows\System32\smss.exe
    364 csrss.exe
    432 C:\Windows\System32\wininit.exe
    448 csrss.exe
    456 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    464 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    544 C:\Windows\System32\services.exe
    556 C:\Windows\System32\lsass.exe
    564 C:\Windows\System32\lsm.exe
    616 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    816 C:\Windows\System32\winlogon.exe
    968 C:\Windows\System32\svchost.exe
    240 C:\Windows\System32\nvvsvc.exe
    376 C:\Windows\System32\svchost.exe
    804 C:\Windows\System32\svchost.exe
    1052 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\svchost.exe
    1180 C:\Windows\System32\audiodg.exe
    1248 C:\Windows\System32\svchost.exe
    1532 C:\Windows\System32\nvvsvc.exe
    1540 C:\Windows\System32\wisptis.exe
    1628 WUDFHost.exe
    1676 WUDFHost.exe
    1724 WUDFHost.exe
    1764 C:\Windows\System32\svchost.exe
    1920 C:\Windows\System32\spoolsv.exe
    1952 C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    1344 C:\Windows\System32\svchost.exe
    1564 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    2008 C:\Users\Nate\AppData\Local\Temp\AMPing.exe
    2088 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2112 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    2168 C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
    2196 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2256 E:\Program Files\MozyHome\mozybackup.exe
    2324 C:\Windows\SysWOW64\PnkBstrA.exe
    2344 C:\Windows\SysWOW64\PnkBstrB.exe
    2376 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2456 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2480 E:\Program Files\MozyHome\mozybackup.exe
    2664 C:\Windows\System32\svchost.exe
    2688 C:\Windows\System32\Pen_Tablet.exe
    2744 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    3032 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    3092 C:\Program Files (x86)\AVG\AVG9\avgam.exe
    3112 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    3308 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    3536 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3824 C:\Windows\System32\SearchIndexer.exe
    3936 C:\Windows\System32\taskhost.exe
    4020 E:\Program Files\MozyHome\mozybackup.exe
    3632 WUDFHost.exe
    3640 C:\Windows\System32\wisptis.exe
    3744 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
    3768 C:\Windows\System32\svchost.exe
    4100 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
    4116 C:\Windows\System32\taskeng.exe
    4148 C:\Windows\System32\dwm.exe
    4312 C:\Windows\System32\rundll32.exe
    4560 C:\Windows\System32\WTablet\Pen_TabletUser.exe
    4688 C:\Windows\System32\Pen_Tablet.exe
    4304 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    4912 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    4920 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    4928 C:\Program Files\Windows Sidebar\sidebar.exe
    5080 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    5104 E:\Program Files\MozyHome\mozystat.exe
    4132 C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe
    4628 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    4636 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    4660 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
    4764 C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
    4888 C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
    3060 C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
    2012 C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
    1380 C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
    1460 C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
    1048 C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe
    1100 C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
    5232 C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    4712 C:\Windows\System32\conhost.exe
    5740 C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
    5996 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    1488 C:\Program Files\iPod\bin\iPodService.exe
    5392 C:\Windows\System32\svchost.exe
    5676 C:\Program Files (x86)\iTunes\iTunes.exe
    5796 C:\Program Files\Windows Media Player\wmpnetwk.exe
    6204 C:\Windows\System32\svchost.exe
    6352 taskhost.exe
    6848 WmiPrvSE.exe
    6444 C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
    1716 dllhost.exe
    5692 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    6976 C:\Windows\System32\conhost.exe
    4512 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    2728 C:\Windows\System32\conhost.exe
    6988 C:\Windows\servicing\TrustedInstaller.exe
    5616 C:\Windows\System32\sppsvc.exe
    4268 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
    6944 C:\Windows\System32\svchost.exe
    5804 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    1124 C:\Windows\System32\wbem\WMIADAP.exe
    5472 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    196 C:\Users\Nate\Desktop\MBRCheck.exe
    3244 C:\Windows\System32\conhost.exe
    3252 C:\Windows\System32\SearchProtocolHost.exe
    7036 C:\Windows\System32\SearchFilterHost.exe
    4288 C:\Windows\explorer.exe
    4208 C:\Windows\System32\dllhost.exe
    2816 C:\Windows\System32\SearchProtocolHost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000 (NTFS)
    \\.\K: --> \\.\PhysicalDrive7 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: WDC WD6400AAKS-75A7B, Rev: 01.0
    PhysicalDrive1 Model Number: WDC WD10EACS-00D6B0, Rev: 01.0
    PhysicalDrive2 Model Number: WDC WD5000AACS-00ZUB, Rev: 01.0
    PhysicalDrive7 Model Number: WDC WD10EACS-00D6B0, Rev:

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 RE: Unknown MBR code
    SHA1: D4B3B62F609601336788D00CE203BC3CFEAFD2B6
    931 GB \\.\PhysicalDrive1 RE: Unknown MBR code
    SHA1: D4B3B62F609601336788D00CE203BC3CFEAFD2B6
    465 GB \\.\PhysicalDrive2 RE: Unknown MBR code
    SHA1: D4B3B62F609601336788D00CE203BC3CFEAFD2B6
    931 GB \\.\PhysicalDrive7 RE: Unknown MBR code
    SHA1: D4B3B62F609601336788D00CE203BC3CFEAFD2B6


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  8. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    You may try to upload DrWeb file to one of these places:
    http://www.filesavr.com/
    http://www.filedropper.com/
    It'll take a while, so leave it overnight.
    Post download link for me.

    Your MBR seems to be infected.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
  9. tovette

    tovette TS Rookie Topic Starter Posts: 22

    Will a blank DVD work instead a CD?
     
  10. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    I'm not sure.
    All you can do is to try.
     
  11. tovette

    tovette TS Rookie Topic Starter Posts: 22

    Still working on the DrWeb log upload.
    Here's the new MBRCheck log
    ---

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Professional
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Dell Inc
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc
    System Product Name: XPS 630i
    Logical Drives Mask: 0x000003fc

    Kernel Drivers (total 214):
    0x03009000 \SystemRoot\system32\ntoskrnl.exe
    0x035E5000 \SystemRoot\system32\hal.dll
    0x00BC5000 \SystemRoot\system32\kdcom.dll
    0x00C0A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00C4E000 \SystemRoot\system32\PSHED.dll
    0x00C62000 \SystemRoot\system32\CLFS.SYS
    0x00CC0000 \SystemRoot\system32\CI.dll
    0x00E1D000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00EC1000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00ED0000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00F27000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00F30000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00F3A000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00F6D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F7A000 \SystemRoot\System32\drivers\partmgr.sys
    0x00F8F000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00FA4000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x00E07000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00D80000 \SystemRoot\system32\DRIVERS\nvraid.sys
    0x00DA9000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x00DD9000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00DF3000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x01033000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x0105D000 \SystemRoot\system32\DRIVERS\nvstor.sys
    0x01088000 \SystemRoot\system32\DRIVERS\storport.sys
    0x010EA000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x010F5000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01141000 \SystemRoot\system32\drivers\fileinfo.sys
    0x0125C000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01155000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01485000 \SystemRoot\System32\Drivers\cng.sys
    0x014F8000 \SystemRoot\System32\drivers\pcw.sys
    0x01509000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x0168D000 \SystemRoot\system32\drivers\ndis.sys
    0x0177F000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01801000 \SystemRoot\System32\drivers\tcpip.sys
    0x0162B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01675000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x01513000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01685000 \SystemRoot\System32\Drivers\spldr.sys
    0x0155F000 \SystemRoot\System32\drivers\rdyboost.sys
    0x017DF000 \SystemRoot\System32\Drivers\mup.sys
    0x017F1000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01599000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x015D3000 \SystemRoot\system32\DRIVERS\disk.sys
    0x015E9000 \SystemRoot\System32\Drivers\avgrkx64.sys
    0x015F6000 \SystemRoot\System32\Drivers\AVGIDSwa.sys
    0x01456000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x0121A000 \SystemRoot\system32\DRIVERS\mozy.sys
    0x01230000 \SystemRoot\System32\Drivers\Null.SYS
    0x01239000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01240000 \SystemRoot\System32\drivers\vga.sys
    0x011B3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x011D8000 \SystemRoot\System32\drivers\watchdog.sys
    0x0124E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x011E8000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x011F1000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x01000000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x0100B000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x0101C000 \SystemRoot\system32\DRIVERS\avgfwd6a.sys
    0x03C3E000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x03C5C000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x03C69000 \SystemRoot\System32\Drivers\avgtdia.sys
    0x03CBA000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x03CFF000 \SystemRoot\system32\drivers\afd.sys
    0x03D89000 \SystemRoot\system32\drivers\ws2ifsl.sys
    0x03D94000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x03D9D000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x03DC3000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x03DD2000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x03C00000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03C14000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x03C1E000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x03E6D000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03EBE000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03ECA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03ED5000 \SystemRoot\System32\drivers\discache.sys
    0x03EE4000 \SystemRoot\system32\drivers\csc.sys
    0x03F67000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03F85000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03F96000 \SystemRoot\System32\Drivers\avgmfx64.sys
    0x03F9E000 \SystemRoot\System32\Drivers\avgldx64.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x03E26000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x0482E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x04800000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x0406C000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04160000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x041A6000 \SystemRoot\system32\DRIVERS\fdc.sys
    0x041B3000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x04000000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x04056000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x041BE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x0423F000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x0427D000 \SystemRoot\system32\DRIVERS\RT2500.sys
    0x042B8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x042DC000 \SystemRoot\system32\DRIVERS\nvm62x64.sys
    0x04340000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x04350000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
    0x04353000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x0436C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x04375000 \SystemRoot\system32\DRIVERS\WacomVKHid.sys
    0x04377000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x0438D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x043B1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x043BD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x04200000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x0421B000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x041CB000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x043EC000 \SystemRoot\system32\DRIVERS\tap0901.sys
    0x041E5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x041F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x04802000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x043F9000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x056B9000 \SystemRoot\system32\DRIVERS\ks.sys
    0x056FC000 \SystemRoot\system32\drivers\LGBusEnum.sys
    0x05700000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x05712000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x0576C000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x05779000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
    0x05781000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x0578F000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x05AFE000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x05D5A000 \SystemRoot\system32\drivers\portcls.sys
    0x05D97000 \SystemRoot\system32\drivers\drmk.sys
    0x05DB9000 \SystemRoot\system32\drivers\ksthunk.sys
    0x000E0000 \SystemRoot\System32\win32k.sys
    0x05DBF000 \SystemRoot\System32\drivers\Dxapi.sys
    0x05DCB000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00560000 \SystemRoot\System32\TSDDD.dll
    0x05DD9000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x05DE7000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x00640000 \SystemRoot\System32\cdd.dll
    0x00890000 \SystemRoot\System32\ATMFD.DLL
    0x05A00000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x05A1D000 \SystemRoot\system32\drivers\LVUSBS64.sys
    0x05A28000 \SystemRoot\system32\drivers\usbaudio.sys
    0x05A43000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x05A5E000 \SystemRoot\system32\drivers\luafv.sys
    0x05A81000 \SystemRoot\system32\drivers\WudfPf.sys
    0x05AA2000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x05ABF000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x05ACD000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x057B1000 \SystemRoot\System32\Drivers\dump_nvstor.sys
    0x05AD7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x05600000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x05DE9000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x05631000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x05AEA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x05684000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x0569C000 \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys
    0x03E3C000 \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys
    0x06C88000 \SystemRoot\system32\drivers\HTTP.sys
    0x06D50000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x06D6E000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x06D86000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x06C00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x06C4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x06C71000 \??\C:\Windows\system32\drivers\cpuz133_x64.sys
    0x07423000 \SystemRoot\system32\drivers\peauth.sys
    0x074C9000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x074D4000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x07501000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x07513000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x07835000 \SystemRoot\System32\DRIVERS\srv.sys
    0x078CB000 \SystemRoot\system32\DRIVERS\wacmoumonitor.sys
    0x078D4000 \SystemRoot\System32\Drivers\LGPBTDD.sys
    0x078DF000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x078F0000 \SystemRoot\System32\Drivers\usbaapl64.sys
    0x07901000 \SystemRoot\system32\DRIVERS\WinUsb.sys
    0x07912000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x77680000 \Windows\System32\ntdll.dll
    0x47BB0000 \Windows\System32\smss.exe
    0xFF9A0000 \Windows\System32\apisetschema.dll
    0xFF260000 \Windows\System32\autochk.exe
    0xFF860000 \Windows\System32\rpcrt4.dll
    0x77560000 \Windows\System32\kernel32.dll
    0x77460000 \Windows\System32\user32.dll
    0xFF7C0000 \Windows\System32\msvcrt.dll
    0xFF720000 \Windows\System32\comdlg32.dll
    0xFF610000 \Windows\System32\msctf.dll
    0xFF590000 \Windows\System32\difxapi.dll
    0xFF580000 \Windows\System32\lpk.dll
    0x77850000 \Windows\System32\psapi.dll
    0xFE7F0000 \Windows\System32\shell32.dll
    0xFE7D0000 \Windows\System32\imagehlp.dll
    0xFE730000 \Windows\System32\clbcatq.dll
    0xFE600000 \Windows\System32\wininet.dll
    0xFE420000 \Windows\System32\setupapi.dll
    0x77840000 \Windows\System32\normaliz.dll
    0xFE3D0000 \Windows\System32\ws2_32.dll
    0xFE300000 \Windows\System32\usp10.dll
    0xFE2E0000 \Windows\System32\sechost.dll
    0xFE200000 \Windows\System32\oleaut32.dll
    0xFE1F0000 \Windows\System32\nsi.dll
    0xFDF90000 \Windows\System32\iertutil.dll
    0xFDEB0000 \Windows\System32\advapi32.dll
    0xFDE40000 \Windows\System32\gdi32.dll
    0xFDDC0000 \Windows\System32\shlwapi.dll
    0xFDD70000 \Windows\System32\Wldap32.dll
    0xFDB60000 \Windows\System32\ole32.dll
    0xFDB30000 \Windows\System32\imm32.dll
    0xFD9B0000 \Windows\System32\urlmon.dll
    0xFD990000 \Windows\System32\devobj.dll
    0xFD8F0000 \Windows\System32\comctl32.dll
    0xFD8B0000 \Windows\System32\wintrust.dll
    0xFD740000 \Windows\System32\crypt32.dll
    0xFD700000 \Windows\System32\cfgmgr32.dll
    0xFD690000 \Windows\System32\KernelBase.dll
    0xFD680000 \Windows\System32\msasn1.dll
    0x75A10000 \Windows\SysWOW64\normaliz.dll

    Processes (total 107):
    0 System Idle Process
    4 System
    280 C:\Windows\System32\smss.exe
    404 csrss.exe
    464 C:\Windows\System32\wininit.exe
    476 csrss.exe
    484 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    492 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    556 C:\Windows\System32\services.exe
    572 C:\Windows\System32\lsass.exe
    580 C:\Windows\System32\lsm.exe
    672 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    720 C:\Windows\System32\winlogon.exe
    1004 C:\Windows\System32\svchost.exe
    328 C:\Windows\System32\nvvsvc.exe
    316 C:\Windows\System32\svchost.exe
    880 C:\Windows\System32\svchost.exe
    1080 C:\Windows\System32\svchost.exe
    1132 C:\Windows\System32\svchost.exe
    1204 C:\Windows\System32\audiodg.exe
    1284 C:\Windows\System32\svchost.exe
    1396 C:\Windows\System32\wisptis.exe
    1420 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    1548 WUDFHost.exe
    1596 C:\Windows\System32\nvvsvc.exe
    1688 WUDFHost.exe
    1752 C:\Windows\System32\svchost.exe
    1876 C:\Windows\System32\spoolsv.exe
    1904 C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    2044 C:\Windows\System32\svchost.exe
    1520 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    1948 C:\Users\Nate\AppData\Local\Temp\AMPing.exe
    1116 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2028 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    2092 C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
    2116 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2196 E:\Program Files\MozyHome\mozybackup.exe
    2356 C:\Windows\SysWOW64\PnkBstrA.exe
    2384 C:\Windows\SysWOW64\PnkBstrB.exe
    2456 E:\Program Files\MozyHome\mozybackup.exe
    2496 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2564 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2604 C:\Windows\System32\svchost.exe
    2636 C:\Windows\System32\Pen_Tablet.exe
    2688 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2992 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    3028 C:\Program Files (x86)\AVG\AVG9\avgam.exe
    3056 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    3304 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    3516 C:\Windows\System32\SearchIndexer.exe
    3736 C:\Windows\System32\svchost.exe
    3784 WUDFHost.exe
    3212 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3932 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    3952 WUDFHost.exe
    4296 E:\Program Files\MozyHome\mozybackup.exe
    4344 C:\Windows\System32\taskeng.exe
    4368 C:\Windows\System32\wisptis.exe
    4376 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
    4388 C:\Windows\System32\dwm.exe
    4396 C:\Windows\System32\taskhost.exe
    4548 C:\Windows\explorer.exe
    4596 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
    4860 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    4868 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    4876 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    4884 C:\Program Files\Windows Sidebar\sidebar.exe
    4908 C:\Windows\System32\WTablet\Pen_TabletUser.exe
    4984 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    5068 E:\Program Files\MozyHome\mozystat.exe
    5088 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    5096 C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe
    4120 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    4128 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    4108 C:\Windows\System32\Pen_Tablet.exe
    4260 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
    3172 C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
    2336 C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
    4812 C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
    4200 C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
    5036 C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
    5064 C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
    3228 C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe
    5016 C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
    5568 C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    5680 C:\Windows\System32\conhost.exe
    5804 C:\Program Files\iPod\bin\iPodService.exe
    6020 C:\Program Files (x86)\iTunes\iTunes.exe
    3836 C:\Program Files\Windows Media Player\wmpnetwk.exe
    6044 C:\Windows\System32\svchost.exe
    3020 C:\Windows\System32\svchost.exe
    5852 WmiPrvSE.exe
    6504 C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
    6824 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    6964 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    7004 C:\Windows\System32\conhost.exe
    6768 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    6788 C:\Windows\System32\conhost.exe
    6572 taskhost.exe
    192 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    6612 C:\Windows\System32\conhost.exe
    6700 dllhost.exe
    3704 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    5528 C:\Users\Nate\Desktop\MBRCheck.exe
    5836 C:\Windows\System32\conhost.exe
    3684 C:\Windows\System32\dllhost.exe
    1172 C:\Windows\System32\sppsvc.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000 (NTFS)

    PhysicalDrive0 Model Number: WDC WD6400AAKS-75A7B, Rev: 01.0
    PhysicalDrive1 Model Number: WDC WD10EACS-00D6B0, Rev: 01.0
    PhysicalDrive2 Model Number: WDC WD5000AACS-00ZUB, Rev: 01.0

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 RE: Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    931 GB \\.\PhysicalDrive1 RE: Unknown MBR code
    SHA1: D4B3B62F609601336788D00CE203BC3CFEAFD2B6
    465 GB \\.\PhysicalDrive2 RE: Unknown MBR code
    SHA1: D4B3B62F609601336788D00CE203BC3CFEAFD2B6


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    It looks good now :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. tovette

    tovette TS Rookie Topic Starter Posts: 22

    Here is the OTL.txt log
    ---

    OTL logfile created on: 10/21/2010 10:29:27 PM - Run 1
    OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\Nate\Documents\Saves
    64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 67.00% Memory free
    12.00 Gb Paging File | 10.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 596.12 Gb Total Space | 432.63 Gb Free Space | 72.58% Space Free | Partition Type: NTFS
    Drive D: | 931.51 Gb Total Space | 475.72 Gb Free Space | 51.07% Space Free | Partition Type: NTFS
    Drive E: | 465.76 Gb Total Space | 139.68 Gb Free Space | 29.99% Space Free | Partition Type: NTFS
    Drive F: | 4.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: NATE-PC | User Name: Nate | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/21 22:28:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nate\My Documents\Saves\OTL.exe
    PRC - [2010/10/20 00:26:37 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2010/10/20 00:26:37 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    PRC - [2010/09/29 09:36:21 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    PRC - [2010/09/24 02:10:48 | 009,777,448 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunes.exe
    PRC - [2010/09/20 09:13:35 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
    PRC - [2010/09/10 23:04:54 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2010/08/31 21:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    PRC - [2010/08/13 13:08:46 | 000,033,056 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/08/10 00:00:42 | 000,013,088 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    PRC - [2010/08/04 20:13:47 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/07/20 09:45:50 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    PRC - [2010/07/06 12:30:48 | 000,240,480 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
    PRC - [2010/06/26 20:20:43 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
    PRC - [2010/06/26 20:20:37 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2010/06/26 01:50:47 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2010/06/26 01:50:47 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    PRC - [2010/06/26 01:50:46 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgam.exe
    PRC - [2010/06/26 01:50:46 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    PRC - [2010/06/26 01:50:22 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2009/08/13 17:38:46 | 000,854,536 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
    PRC - [2009/08/13 17:38:04 | 000,850,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
    PRC - [2009/08/13 17:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
    PRC - [2008/04/14 12:13:34 | 001,017,328 | ---- | M] (Karen Kenworthy) -- C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/21 22:28:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nate\My Documents\Saves\OTL.exe
    MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2010/08/04 20:14:16 | 000,040,960 | ---- | M] () -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    MOD - [2010/08/04 20:13:49 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp71.dll
    MOD - [2010/08/04 20:13:49 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr71.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrB.exe -- (PnkBstrB)
    SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
    SRV:64bit: - [2010/06/29 10:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2008/05/01 15:37:30 | 004,510,504 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
    SRV - [2010/09/20 09:13:35 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgfws9.exe -- (avgfws9)
    SRV - [2010/09/10 23:04:54 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/07/20 09:45:50 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
    SRV - [2010/07/09 12:51:00 | 000,028,480 | R--- | M] (Automated Programming Technologies, Inc.) [Auto | Running] -- C:\Users\Nate\AppData\Local\Temp\AMPing.exe -- (AMPingService)
    SRV - [2010/06/26 20:20:43 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
    SRV - [2010/06/26 20:20:37 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2010/06/26 01:50:47 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2010/06/26 01:50:46 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2010/04/30 16:26:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/04/19 10:25:46 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/11 16:47:44 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/09/12 17:15:50 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
    SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010/06/26 01:50:49 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSwa.sys -- (AVGIDSErHrw7a)
    DRV:64bit: - [2010/06/26 01:50:47 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
    DRV:64bit: - [2010/06/26 01:50:47 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
    DRV:64bit: - [2010/06/26 01:50:47 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
    DRV:64bit: - [2010/05/31 06:08:36 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2010/05/05 15:56:36 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozy.sys -- (mozyFilter)
    DRV:64bit: - [2010/05/01 09:38:54 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (AvgRkx64)
    DRV:64bit: - [2010/04/30 17:27:16 | 000,029,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
    DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/03/30 23:35:04 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
    DRV:64bit: - [2010/02/17 11:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2010/02/17 11:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2010/01/24 22:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
    DRV:64bit: - [2009/07/14 15:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
    DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/01 11:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
    DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/01/15 12:11:40 | 000,015,272 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
    DRV:64bit: - [2007/05/11 17:31:02 | 003,612,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) QuickCam Orbit/Sphere MP(UVC)
    DRV:64bit: - [2007/05/11 17:30:50 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
    DRV:64bit: - [2007/05/11 17:29:08 | 001,361,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
    DRV:64bit: - [2007/02/16 11:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV:64bit: - [2007/02/15 16:11:26 | 000,012,976 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WacomVKHid.sys -- (WacomVKHid)
    DRV:64bit: - [2006/06/01 22:39:08 | 000,215,552 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RT2500.sys -- (RT2500)
    DRV - [2010/06/26 01:50:47 | 000,132,688 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys -- (AVGIDSDriverw7a)
    DRV - [2010/06/26 01:50:47 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys -- (AVGIDSFilterw7a)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 1B 98 67 08 44 CB 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
    IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=VUZTDF&PC=VUZE&q="
    FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.facebook.com"
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
    FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.003
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
    FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/09/20 09:14:43 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/08 00:15:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/04 20:14:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/10/21 20:07:17 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/21 21:31:43 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/20 00:26:38 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/20 20:30:03 | 000,000,000 | ---D | M]

    [2010/04/30 15:40:12 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Mozilla\Extensions
    [2010/08/13 18:51:49 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\16ulwfx2.default\extensions
    [2010/06/04 18:11:23 | 000,001,832 | ---- | M] () -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\16ulwfx2.default\searchplugins\bing.xml
    [2010/10/21 20:37:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

    O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Karen's Replicator.lnk = C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe (Karen Kenworthy)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
    O20 - AppInit_DLLs: (avgrssta.dll) - File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
    Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: VIDC.CFHD - C:\Windows\SysWow64\cfhd.dll (CineForm Inc.)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/10/21 21:06:40 | 000,000,000 | ---D | C] -- C:\Users\Nate\Desktop\NTBR_CD
    [2010/10/21 20:49:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
    [2010/10/21 20:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
    [2010/10/21 20:49:32 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
    [2010/10/21 20:49:32 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
    [2010/10/21 20:49:32 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
    [2010/10/21 20:49:32 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
    [2010/10/21 20:49:31 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
    [2010/10/21 20:49:31 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
    [2010/10/21 20:49:31 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
    [2010/10/21 20:49:31 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
    [2010/10/21 20:49:31 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
    [2010/10/21 20:49:31 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
    [2010/10/21 20:49:31 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
    [2010/10/21 20:49:31 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
    [2010/10/21 20:49:31 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
    [2010/10/21 20:49:31 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
    [2010/10/21 20:49:31 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
    [2010/10/21 20:49:30 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
    [2010/10/21 20:49:30 | 001,756,160 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
    [2010/10/21 20:49:30 | 000,334,848 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
    [2010/10/21 20:49:30 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
    [2010/10/21 20:49:30 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
    [2010/10/21 20:49:29 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
    [2010/10/21 20:49:29 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
    [2010/10/21 20:49:29 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
    [2010/10/21 20:49:29 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
    [2010/10/21 20:49:29 | 000,489,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
    [2010/10/21 20:49:29 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
    [2010/10/21 20:49:29 | 000,338,336 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
    [2010/10/21 20:49:29 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
    [2010/10/21 20:49:29 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
    [2010/10/21 20:49:29 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
    [2010/10/21 20:49:29 | 000,124,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
    [2010/10/21 20:49:29 | 000,124,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
    [2010/10/21 20:49:29 | 000,123,104 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
    [2010/10/21 20:49:29 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
    [2010/10/21 20:49:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
    [2010/10/21 20:49:26 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
    [2010/10/21 20:46:50 | 000,000,000 | ---D | C] -- C:\swsetup
    [2010/10/21 20:22:00 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
    [2010/10/21 20:22:00 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
    [2010/10/21 20:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
    [2010/10/21 20:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
    [2010/10/21 20:07:13 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Local\PC_Drivers_Headquarters
    [2010/10/21 20:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
    [2010/10/21 20:07:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar Installer
    [2010/10/21 20:06:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
    [2010/10/20 21:44:29 | 000,000,000 | ---D | C] -- C:\Users\Nate\DoctorWeb
    [2010/10/20 20:18:10 | 000,000,000 | ---D | C] -- C:\PROGRAM FILES (X86) (X86)
    [2010/10/20 19:57:14 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Nate\Desktop\TFC.exe
    [2010/10/19 23:42:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2010/10/19 22:52:05 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\SUPERAntiSpyware.com
    [2010/10/19 22:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/10/19 22:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2010/10/19 22:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/10/19 20:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
    [2010/10/13 00:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartFTP Client 4.0 (x64) Setup Files
    [2010/10/02 09:11:11 | 000,000,000 | ---D | C] -- C:\Users\Nate\Desktop\FLip Vidoes
    [2010/09/29 19:51:24 | 000,000,000 | ---D | C] -- C:\Users\Nate\Documents\Adobe
    [2010/09/25 10:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/09/25 10:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/09/25 10:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/09/22 17:44:53 | 000,000,000 | ---D | C] -- C:\Users\Nate\Documents\DS9
    [2010/09/05 01:29:36 | 000,000,000 | ---D | C] -- C:\Users\Nate\Star Trek Online
    [2010/09/04 20:43:51 | 000,000,000 | ---D | C] -- C:\Star Trek Cryptic Trial ST.5.20100715a.6
    [2010/09/03 01:03:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2010/09/01 22:03:51 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Local\aychjqgws
    [2010/08/28 18:13:17 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\BCC01313A67C1778B376CD24543B0111
    [2010/08/28 18:12:47 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Local\Windows Server
    [2010/08/26 22:33:07 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Local\TechSmith
    [2010/08/26 22:29:40 | 000,000,000 | ---D | C] -- C:\Users\Nate\Documents\Camtasia Studio
    [2010/08/26 22:29:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
    [2010/08/26 22:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
    [2010/08/26 22:29:14 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
    [2010/08/26 22:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
    [2010/08/26 18:21:07 | 000,000,000 | ---D | C] -- C:\Users\Nate\Documents\Any Video Converter
    [2010/08/26 18:20:57 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\AnvSoft
    [2010/08/26 18:20:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
    [2010/08/26 03:02:10 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Local\WMTools Downloaded Files
    [2010/08/26 02:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker 2.6
    [2010/08/25 19:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
    [2010/08/25 12:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2010/08/21 22:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2010/08/13 09:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2010/08/13 09:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze_Remote
    [2010/08/10 00:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HMA! Pro VPN
    [2010/08/06 01:24:35 | 000,000,000 | ---D | C] -- C:\Users\Nate\Documents\StarCraft II
    [2010/08/04 20:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
    [2010/08/04 20:13:49 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
    [2010/08/04 20:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
    [2010/08/04 20:13:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
    [2010/08/04 20:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
    [2010/08/04 20:13:42 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\Real
    [2010/07/28 22:39:34 | 000,000,000 | ---D | C] -- C:\Users\Nate\Documents\Snapshots
    [2010/07/27 00:29:13 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\SmartDraw

    ========== Files - Modified Within 90 Days ==========

    [2010/10/21 21:41:38 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/10/21 21:41:38 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/10/21 21:40:13 | 000,752,654 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/10/21 21:40:13 | 000,641,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/10/21 21:40:13 | 000,114,000 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/10/21 21:34:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/10/21 21:33:55 | 534,880,255 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/21 21:03:13 | 002,565,432 | ---- | M] () -- C:\Users\Nate\Desktop\NTBR_CD.exe
    [2010/10/21 20:06:44 | 000,002,484 | ---- | M] () -- C:\Users\Public\Desktop\Driver Detective.lnk
    [2010/10/21 19:47:48 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/10/21 19:46:37 | 000,080,384 | ---- | M] () -- C:\Users\Nate\Desktop\MBRCheck.exe
    [2010/10/21 19:17:17 | 066,656,011 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
    [2010/10/20 20:30:03 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/10/20 20:08:11 | 000,544,768 | ---- | M] () -- C:\Users\Nate\Desktop\dds.scr
    [2010/10/20 19:57:15 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Nate\Desktop\TFC.exe
    [2010/10/20 19:50:31 | 000,625,352 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavifw.avm
    [2010/10/20 00:41:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
    [2010/10/17 22:28:33 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/10/13 09:18:32 | 000,004,046 | ---- | M] () -- C:\Windows\mozy.blk
    [2010/10/13 09:18:32 | 000,000,862 | ---- | M] () -- C:\Windows\mozy.flt
    [2010/10/13 03:17:52 | 002,215,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/10/13 00:37:32 | 000,002,659 | ---- | M] () -- C:\Users\Public\Desktop\SmartFTP Client.lnk
    [2010/09/29 20:17:25 | 000,000,156 | ---- | M] () -- C:\Windows\Twunk001.MTX
    [2010/09/29 20:17:25 | 000,000,003 | ---- | M] () -- C:\Windows\Twain001.Mtx
    [2010/09/18 12:44:44 | 000,001,855 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010/09/10 23:46:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
    [2010/09/10 23:46:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
    [2010/09/10 23:46:00 | 000,007,877 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
    [2010/09/05 01:34:18 | 000,000,885 | ---- | M] () -- C:\Users\Nate\Desktop\Star Trek Online.lnk
    [2010/09/04 16:51:01 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
    [2010/08/29 02:19:21 | 004,145,013 | ---- | M] () -- C:\Users\Nate\Documents\27092.gif
    [2010/08/28 20:26:23 | 000,001,663 | ---- | M] () -- C:\Users\Nate\Desktop\Video Converter.lnk
    [2010/08/26 22:42:10 | 000,003,584 | ---- | M] () -- C:\Users\Nate\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/26 22:29:29 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
    [2010/08/26 22:22:07 | 000,000,034 | ---- | M] () -- C:\Users\Nate\Documents\tut_test.mov.sfl
    [2010/08/26 22:22:06 | 396,354,971 | ---- | M] () -- C:\Users\Nate\Documents\tut_test.mov
    [2010/08/26 20:54:00 | 000,000,038 | ---- | M] () -- C:\Users\Nate\Documents\tutorial_test.mov.sfl
    [2010/08/26 20:53:59 | 288,625,185 | ---- | M] () -- C:\Users\Nate\Documents\tutorial_test.mov
    [2010/08/25 17:43:23 | 000,038,153 | ---- | M] () -- C:\Users\Nate\Documents\atomicbomb.gif
    [2010/08/25 17:37:15 | 000,063,581 | ---- | M] () -- C:\Users\Nate\Documents\limo.gif
    [2010/08/25 17:37:04 | 000,071,839 | ---- | M] () -- C:\Users\Nate\Documents\item.gif
    [2010/08/20 15:23:10 | 000,338,336 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
    [2010/08/17 22:31:30 | 021,737,903 | ---- | M] () -- C:\Users\Nate\Documents\VulcanCollapse.mov
    [2010/08/17 22:16:07 | 055,560,507 | ---- | M] () -- C:\Users\Nate\Documents\BFighter7.mov
    [2010/08/13 09:57:32 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
    [2010/08/13 09:57:32 | 000,001,858 | ---- | M] () -- C:\Users\Nate\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
    [2010/08/12 00:05:30 | 002,877,440 | ---- | M] () -- C:\Users\Nate\Documents\vlc-1.1.2-win32.exe
    [2010/08/10 00:24:20 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\HMA! Pro VPN.lnk
    [2010/08/06 01:37:48 | 000,000,718 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
    [2010/08/04 20:13:49 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
    [2010/07/29 01:23:45 | 019,473,201 | ---- | M] () -- C:\Users\Nate\Documents\vlc-1.1.1-win32.exe
    [2010/07/24 20:03:37 | 000,129,947 | ---- | M] () -- C:\Users\Nate\Documents\R9_Julmaar_WIP02.jpg
    [2010/07/24 14:48:36 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
    [2010/07/24 14:48:36 | 000,000,814 | ---- | M] () -- C:\Users\Nate\Desktop\TeraCopy.lnk

    ========== Files Created - No Company Name ==========

    [2010/10/21 21:03:11 | 002,565,432 | ---- | C] () -- C:\Users\Nate\Desktop\NTBR_CD.exe
    [2010/10/21 20:06:44 | 000,002,484 | ---- | C] () -- C:\Users\Public\Desktop\Driver Detective.lnk
    [2010/10/21 19:46:39 | 000,080,384 | ---- | C] () -- C:\Users\Nate\Desktop\MBRCheck.exe
    [2010/10/20 20:36:14 | 000,002,283 | ---- | C] () -- C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Karen's Replicator.lnk
    [2010/10/20 20:36:14 | 000,000,698 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
    [2010/10/20 20:30:03 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/10/20 20:08:22 | 000,544,768 | ---- | C] () -- C:\Users\Nate\Desktop\dds.scr
    [2010/10/19 22:52:00 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/10/13 00:37:31 | 000,002,659 | ---- | C] () -- C:\Users\Public\Desktop\SmartFTP Client.lnk
    [2010/09/25 10:16:20 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/09/18 12:44:44 | 000,001,855 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010/09/05 01:34:18 | 000,000,885 | ---- | C] () -- C:\Users\Nate\Desktop\Star Trek Online.lnk
    [2010/08/29 02:19:20 | 004,145,013 | ---- | C] () -- C:\Users\Nate\Documents\27092.gif
    [2010/08/28 20:26:23 | 000,001,663 | ---- | C] () -- C:\Users\Nate\Desktop\Video Converter.lnk
    [2010/08/26 22:29:29 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
    [2010/08/26 22:22:07 | 000,000,034 | ---- | C] () -- C:\Users\Nate\Documents\tut_test.mov.sfl
    [2010/08/26 22:09:45 | 396,354,971 | ---- | C] () -- C:\Users\Nate\Documents\tut_test.mov
    [2010/08/26 20:54:00 | 000,000,038 | ---- | C] () -- C:\Users\Nate\Documents\tutorial_test.mov.sfl
    [2010/08/26 20:53:54 | 288,625,185 | ---- | C] () -- C:\Users\Nate\Documents\tutorial_test.mov
    [2010/08/26 02:56:50 | 000,003,584 | ---- | C] () -- C:\Users\Nate\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/25 17:43:23 | 000,038,153 | ---- | C] () -- C:\Users\Nate\Documents\atomicbomb.gif
    [2010/08/25 17:37:15 | 000,063,581 | ---- | C] () -- C:\Users\Nate\Documents\limo.gif
    [2010/08/25 17:37:03 | 000,071,839 | ---- | C] () -- C:\Users\Nate\Documents\item.gif
    [2010/08/17 22:30:24 | 021,737,903 | ---- | C] () -- C:\Users\Nate\Documents\VulcanCollapse.mov
    [2010/08/17 22:15:14 | 055,560,507 | ---- | C] () -- C:\Users\Nate\Documents\BFighter7.mov
    [2010/08/12 00:05:04 | 002,877,440 | ---- | C] () -- C:\Users\Nate\Documents\vlc-1.1.2-win32.exe
    [2010/08/10 00:24:20 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\HMA! Pro VPN.lnk
    [2010/08/06 01:24:35 | 000,000,718 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
    [2010/07/29 01:23:08 | 019,473,201 | ---- | C] () -- C:\Users\Nate\Documents\vlc-1.1.1-win32.exe
    [2010/07/24 20:03:37 | 000,129,947 | ---- | C] () -- C:\Users\Nate\Documents\R9_Julmaar_WIP02.jpg
    [2010/04/30 17:15:50 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
     
  14. tovette

    tovette TS Rookie Topic Starter Posts: 22

    OTL.txt part 2
    ---
    ========== Files - Modified Within 90 Days ==========

    [2010/10/21 21:41:38 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/10/21 21:41:38 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/10/21 21:40:13 | 000,752,654 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/10/21 21:40:13 | 000,641,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/10/21 21:40:13 | 000,114,000 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/10/21 21:34:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/10/21 21:33:55 | 534,880,255 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/21 21:03:13 | 002,565,432 | ---- | M] () -- C:\Users\Nate\Desktop\NTBR_CD.exe
    [2010/10/21 20:06:44 | 000,002,484 | ---- | M] () -- C:\Users\Public\Desktop\Driver Detective.lnk
    [2010/10/21 19:47:48 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/10/21 19:46:37 | 000,080,384 | ---- | M] () -- C:\Users\Nate\Desktop\MBRCheck.exe
    [2010/10/21 19:17:17 | 066,656,011 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
    [2010/10/20 20:30:03 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/10/20 20:08:11 | 000,544,768 | ---- | M] () -- C:\Users\Nate\Desktop\dds.scr
    [2010/10/20 19:57:15 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Nate\Desktop\TFC.exe
    [2010/10/20 19:50:31 | 000,625,352 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavifw.avm
    [2010/10/20 00:41:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
    [2010/10/17 22:28:33 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/10/13 09:18:32 | 000,004,046 | ---- | M] () -- C:\Windows\mozy.blk
    [2010/10/13 09:18:32 | 000,000,862 | ---- | M] () -- C:\Windows\mozy.flt
    [2010/10/13 03:17:52 | 002,215,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/10/13 00:37:32 | 000,002,659 | ---- | M] () -- C:\Users\Public\Desktop\SmartFTP Client.lnk
    [2010/09/29 20:17:25 | 000,000,156 | ---- | M] () -- C:\Windows\Twunk001.MTX
    [2010/09/29 20:17:25 | 000,000,003 | ---- | M] () -- C:\Windows\Twain001.Mtx
    [2010/09/18 12:44:44 | 000,001,855 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010/09/10 23:46:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
    [2010/09/10 23:46:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
    [2010/09/10 23:46:00 | 000,007,877 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
    [2010/09/05 01:34:18 | 000,000,885 | ---- | M] () -- C:\Users\Nate\Desktop\Star Trek Online.lnk
    [2010/09/04 16:51:01 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
    [2010/08/29 02:19:21 | 004,145,013 | ---- | M] () -- C:\Users\Nate\Documents\27092.gif
    [2010/08/28 20:26:23 | 000,001,663 | ---- | M] () -- C:\Users\Nate\Desktop\Video Converter.lnk
    [2010/08/26 22:42:10 | 000,003,584 | ---- | M] () -- C:\Users\Nate\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/26 22:29:29 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
    [2010/08/26 22:22:07 | 000,000,034 | ---- | M] () -- C:\Users\Nate\Documents\tut_test.mov.sfl
    [2010/08/26 22:22:06 | 396,354,971 | ---- | M] () -- C:\Users\Nate\Documents\tut_test.mov
    [2010/08/26 20:54:00 | 000,000,038 | ---- | M] () -- C:\Users\Nate\Documents\tutorial_test.mov.sfl
    [2010/08/26 20:53:59 | 288,625,185 | ---- | M] () -- C:\Users\Nate\Documents\tutorial_test.mov
    [2010/08/25 17:43:23 | 000,038,153 | ---- | M] () -- C:\Users\Nate\Documents\atomicbomb.gif
    [2010/08/25 17:37:15 | 000,063,581 | ---- | M] () -- C:\Users\Nate\Documents\limo.gif
    [2010/08/25 17:37:04 | 000,071,839 | ---- | M] () -- C:\Users\Nate\Documents\item.gif
    [2010/08/20 15:23:10 | 000,338,336 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
    [2010/08/17 22:31:30 | 021,737,903 | ---- | M] () -- C:\Users\Nate\Documents\VulcanCollapse.mov
    [2010/08/17 22:16:07 | 055,560,507 | ---- | M] () -- C:\Users\Nate\Documents\BFighter7.mov
    [2010/08/13 09:57:32 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
    [2010/08/13 09:57:32 | 000,001,858 | ---- | M] () -- C:\Users\Nate\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
    [2010/08/12 00:05:30 | 002,877,440 | ---- | M] () -- C:\Users\Nate\Documents\vlc-1.1.2-win32.exe
    [2010/08/10 00:24:20 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\HMA! Pro VPN.lnk
    [2010/08/06 01:37:48 | 000,000,718 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
    [2010/08/04 20:13:49 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
    [2010/07/29 01:23:45 | 019,473,201 | ---- | M] () -- C:\Users\Nate\Documents\vlc-1.1.1-win32.exe
    [2010/07/24 20:03:37 | 000,129,947 | ---- | M] () -- C:\Users\Nate\Documents\R9_Julmaar_WIP02.jpg
    [2010/07/24 14:48:36 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
    [2010/07/24 14:48:36 | 000,000,814 | ---- | M] () -- C:\Users\Nate\Desktop\TeraCopy.lnk

    ========== Files Created - No Company Name ==========

    [2010/10/21 21:03:11 | 002,565,432 | ---- | C] () -- C:\Users\Nate\Desktop\NTBR_CD.exe
    [2010/10/21 20:06:44 | 000,002,484 | ---- | C] () -- C:\Users\Public\Desktop\Driver Detective.lnk
    [2010/10/21 19:46:39 | 000,080,384 | ---- | C] () -- C:\Users\Nate\Desktop\MBRCheck.exe
    [2010/10/20 20:36:14 | 000,002,283 | ---- | C] () -- C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Karen's Replicator.lnk
    [2010/10/20 20:36:14 | 000,000,698 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
    [2010/10/20 20:30:03 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/10/20 20:08:22 | 000,544,768 | ---- | C] () -- C:\Users\Nate\Desktop\dds.scr
    [2010/10/19 22:52:00 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/10/13 00:37:31 | 000,002,659 | ---- | C] () -- C:\Users\Public\Desktop\SmartFTP Client.lnk
    [2010/09/25 10:16:20 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/09/18 12:44:44 | 000,001,855 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010/09/05 01:34:18 | 000,000,885 | ---- | C] () -- C:\Users\Nate\Desktop\Star Trek Online.lnk
    [2010/08/29 02:19:20 | 004,145,013 | ---- | C] () -- C:\Users\Nate\Documents\27092.gif
    [2010/08/28 20:26:23 | 000,001,663 | ---- | C] () -- C:\Users\Nate\Desktop\Video Converter.lnk
    [2010/08/26 22:29:29 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
    [2010/08/26 22:22:07 | 000,000,034 | ---- | C] () -- C:\Users\Nate\Documents\tut_test.mov.sfl
    [2010/08/26 22:09:45 | 396,354,971 | ---- | C] () -- C:\Users\Nate\Documents\tut_test.mov
    [2010/08/26 20:54:00 | 000,000,038 | ---- | C] () -- C:\Users\Nate\Documents\tutorial_test.mov.sfl
    [2010/08/26 20:53:54 | 288,625,185 | ---- | C] () -- C:\Users\Nate\Documents\tutorial_test.mov
    [2010/08/26 02:56:50 | 000,003,584 | ---- | C] () -- C:\Users\Nate\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/25 17:43:23 | 000,038,153 | ---- | C] () -- C:\Users\Nate\Documents\atomicbomb.gif
    [2010/08/25 17:37:15 | 000,063,581 | ---- | C] () -- C:\Users\Nate\Documents\limo.gif
    [2010/08/25 17:37:03 | 000,071,839 | ---- | C] () -- C:\Users\Nate\Documents\item.gif
    [2010/08/17 22:30:24 | 021,737,903 | ---- | C] () -- C:\Users\Nate\Documents\VulcanCollapse.mov
    [2010/08/17 22:15:14 | 055,560,507 | ---- | C] () -- C:\Users\Nate\Documents\BFighter7.mov
    [2010/08/12 00:05:04 | 002,877,440 | ---- | C] () -- C:\Users\Nate\Documents\vlc-1.1.2-win32.exe
    [2010/08/10 00:24:20 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\HMA! Pro VPN.lnk
    [2010/08/06 01:24:35 | 000,000,718 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
    [2010/07/29 01:23:08 | 019,473,201 | ---- | C] () -- C:\Users\Nate\Documents\vlc-1.1.1-win32.exe
    [2010/07/24 20:03:37 | 000,129,947 | ---- | C] () -- C:\Users\Nate\Documents\R9_Julmaar_WIP02.jpg
    [2010/04/30 17:15:50 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

    ========== LOP Check ==========

    [2010/08/26 18:20:57 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\AnvSoft
    [2010/05/10 22:00:54 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\AVG9
    [2010/09/19 03:02:24 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Azureus
    [2010/08/28 18:33:46 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\BCC01313A67C1778B376CD24543B0111
    [2010/05/15 00:59:21 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Facebook
    [2010/04/30 16:24:24 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\FontCreator
    [2010/07/17 15:27:47 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\HandBrake
    [2010/07/14 21:13:09 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\OpenOffice.org
    [2010/04/30 17:21:42 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Publish Providers
    [2010/05/02 14:48:36 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\runic games
    [2010/07/27 00:37:09 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\SmartDraw
    [2010/08/26 20:34:59 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Sony
    [2010/05/28 20:15:49 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Stardock
    [2010/06/04 01:59:24 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\TeraCopy
    [2009/07/13 22:08:49 | 000,021,670 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 18:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/04/30 06:19:59 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2010/10/21 21:33:55 | 534,880,255 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/21 21:34:06 | 2144,833,535 | -HS- | M] () -- C:\pagefile.sys
    [2010/06/26 01:00:50 | 000,000,405 | ---- | M] () -- C:\rkill.log

    < %systemroot%\Fonts\*.com >
    [2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/04/30 14:57:37 | 000,000,221 | -HS- | M] () -- C:\Users\Nate\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2008/04/12 20:59:36 | 000,627,200 | ---- | M] () -- C:\Users\Nate\Desktop\keyfinder.exe
    [2010/10/21 19:46:37 | 000,080,384 | ---- | M] () -- C:\Users\Nate\Desktop\MBRCheck.exe
    [2010/10/21 21:03:13 | 002,565,432 | ---- | M] () -- C:\Users\Nate\Desktop\NTBR_CD.exe
    [2010/10/20 19:57:15 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Nate\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/03 03:03:19 | 000,000,402 | -HS- | M] () -- C:\Users\Nate\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 480 bytes -> C:\ProgramData\TEMP:05EE1EEF

    < End of report >
     
  15. tovette

    tovette TS Rookie Topic Starter Posts: 22

    Here is the Extras.txt log
    ----
    OTL Extras logfile created on: 10/21/2010 10:29:27 PM - Run 1
    OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\Nate\Documents\Saves
    64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 67.00% Memory free
    12.00 Gb Paging File | 10.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 596.12 Gb Total Space | 432.63 Gb Free Space | 72.58% Space Free | Partition Type: NTFS
    Drive D: | 931.51 Gb Total Space | 475.72 Gb Free Space | 51.07% Space Free | Partition Type: NTFS
    Drive E: | 465.76 Gb Total Space | 139.68 Gb Free Space | 29.99% Space Free | Partition Type: NTFS
    Drive F: | 4.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: NATE-PC | User Name: Nate | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
    "{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
    "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
    "{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
    "{86B77B5A-B157-6386-37B0-DB2494DEEAFF}" = MozyHome Remote Backup
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.63
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.63
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.63
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{C8A75512-2A33-443B-B64B-622320B86C58}" = SmartFTP Client
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "TeraCopy_is1" = TeraCopy 2.01

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
    "{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{251C3815-7A55-4607-A82D-C3B98F0FBAB8}" = Sony Vegas 7.0
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{37B03AA0-B125-4649-900C-F26E1081F163}" = Camtasia Studio 7
    "{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
    "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
    "{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
    "{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}" = Sony Media Manager 2.2
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
    "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
    "8461-7759-5462-8226" = Vuze
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
    "Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3
    "AhaView" = AhaView
    "Any Video Converter_is1" = Any Video Converter 3.0.7
    "AVG9Uninstall" = AVG 9.0
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "DVDSmith Movie Backup_is1" = DVDSmith Movie Backup 1.0.5
    "EVE" = EVE Online (remove only)
    "FontCreator55_is1" = FontCreator 5.6
    "Handbrake" = Handbrake 0.9.4
    "HMA! Pro VPN" = HMA! Pro VPN 2.4.1
    "Impulse" = Impulse
    "JDownloader" = JDownloader
    "Karen's Replicator" = Karen's Replicator
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Pen Tablet Driver" = Pen Tablet
    "PunkBusterSvc" = PunkBuster Services
    "RealPlayer 12.0" = RealPlayer
    "Revo Uninstaller" = Revo Uninstaller 1.89
    "Sins of a Solar Empire" = Sins of a Solar Empire
    "SmartFTP Client 3.0 (x64) Setup Files" = SmartFTP Client Setup Files 3.0 (x64) (remove only)
    "SmartFTP Client 4.0 (x64) Setup Files" = SmartFTP Client Setup Files 4.0 (x64) (remove only)
    "Star Trek Online" = Star Trek Online
    "StarCraft II" = StarCraft II
    "Steam App 12840" = DiRT 2
    "Steam App 16450" = F.E.A.R. 2: Project Origin
    "Steam App 17330" = Crysis Warhead
    "Steam App 21690" = Resident Evil 5
    "Steam App 41500" = Torchlight
    "Steam App 550" = Left 4 Dead 2
    "Steam App 55000" = Flotilla
    "Steam App 630" = Alien Swarm
    "Steam App 9860" = The Chronicles of Riddick: Assault on Dark Athena
    "Vector Magic" = Vector Magic
    "VLC media player" = VLC media player 0.9.9
    "Vuze_Remote Toolbar" = Vuze Remote Toolbar
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "World of Warcraft" = World of Warcraft

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/22/2010 12:40:27 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
    Faulting
    process id: 0xb9c Faulting application start time: 0x01cb71a336a107d0 Faulting application
    path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
    Id: 7d5bbfd0-dd96-11df-9879-001ec94ec4ca

    Error - 10/22/2010 12:40:45 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
    Faulting
    process id: 0x1a54 Faulting application start time: 0x01cb71a341c470c0 Faulting application
    path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
    Id: 8876c450-dd96-11df-9879-001ec94ec4ca

    Error - 10/22/2010 12:41:07 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
    Faulting
    process id: 0x16cc Faulting application start time: 0x01cb71a34ee5f3a0 Faulting application
    path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
    Id: 95a08490-dd96-11df-9879-001ec94ec4ca

    Error - 10/22/2010 12:41:29 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
    Faulting
    process id: 0xde0 Faulting application start time: 0x01cb71a35bac5e30 Faulting application
    path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
    Id: a263e1e0-dd96-11df-9879-001ec94ec4ca

    Error - 10/22/2010 12:41:50 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
    Faulting
    process id: 0x4c8 Faulting application start time: 0x01cb71a368692bd0 Faulting application
    path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
    Id: af2b5de0-dd96-11df-9879-001ec94ec4ca

    Error - 10/22/2010 12:42:12 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
    Faulting
    process id: 0xac8 Faulting application start time: 0x01cb71a375327c90 Faulting application
    path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
    Id: bbf2b2d0-dd96-11df-9879-001ec94ec4ca

    Error - 10/22/2010 12:42:33 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
    Faulting
    process id: 0x4a4 Faulting application start time: 0x01cb71a381f8c010 Faulting application
    path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
    Id: c8afce90-dd96-11df-9879-001ec94ec4ca

    Error - 10/22/2010 12:42:55 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
    Faulting
    process id: 0x4a8 Faulting application start time: 0x01cb71a38eb8c200 Faulting application
    path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
    Id: d57834f0-dd96-11df-9879-001ec94ec4ca

    Error - 10/22/2010 12:43:16 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
    Faulting
    process id: 0x19c0 Faulting application start time: 0x01cb71a39b817680 Faulting application
    path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
    Id: e239bd80-dd96-11df-9879-001ec94ec4ca

    Error - 10/22/2010 12:43:37 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
    Faulting
    process id: 0xa88 Faulting application start time: 0x01cb71a3a8408e10 Faulting application
    path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
    Id: ef02e730-dd96-11df-9879-001ec94ec4ca

    [ System Events ]
    Error - 10/20/2010 1:33:52 AM | Computer Name = Nate-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Provider
    Host service which failed to start because of the following error: %%1068

    Error - 10/20/2010 3:31:06 AM | Computer Name = Nate-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk7\DR7.

    Error - 10/20/2010 3:31:07 AM | Computer Name = Nate-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk7\DR7.

    Error - 10/20/2010 3:47:34 AM | Computer Name = Nate-PC | Source = bowser | ID = 8003
    Description =

    Error - 10/20/2010 4:59:43 AM | Computer Name = Nate-PC | Source = bowser | ID = 8003
    Description =

    Error - 10/20/2010 5:34:44 AM | Computer Name = Nate-PC | Source = bowser | ID = 8003
    Description =

    Error - 10/20/2010 10:43:51 PM | Computer Name = Nate-PC | Source = HTTP | ID = 15011
    Description =

    Error - 10/20/2010 10:58:36 PM | Computer Name = Nate-PC | Source = Service Control Manager | ID = 7034
    Description = The AVG9IDSAgent service terminated unexpectedly. It has done this
    1 time(s).

    Error - 10/20/2010 11:38:31 PM | Computer Name = Nate-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk7\DR7.

    Error - 10/20/2010 11:38:31 PM | Computer Name = Nate-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk7\DR7.
    < End of report >
     
  16. tovette

    tovette TS Rookie Topic Starter Posts: 22

    Sorry about all the OTL posts... I was having posting issues lastnight- computer wasn't cooperating well- desktop kept crashing :\
     
  17. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    No problem :)

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O20 - AppInit_DLLs: (avgrssta.dll) - File not found
      O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      [2010/09/01 22:03:51 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Local\aychjqgws
      [2010/08/28 18:13:17 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\BCC01313A67C1778B376CD24543B0111
      @Alternate Data Stream - 480 bytes -> C:\ProgramData\TEMP:05EE1EEF
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  18. tovette

    tovette TS Rookie Topic Starter Posts: 22

    Here is the latest logs.
    OTL.txt
    ------------
    All processes killed
    ========== OTL ==========
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ not found.
    File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
    File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
    File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:avgrssta.dll deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Folder C:\Users\Nate\AppData\Local\aychjqgws\ not found.
    Folder C:\Users\Nate\AppData\Roaming\BCC01313A67C1778B376CD24543B0111\ not found.
    Unable to delete ADS C:\ProgramData\TEMP:05EE1EEF .
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Nate
    ->Temp folder emptied: 428767 bytes
    ->Temporary Internet Files folder emptied: 292268 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 7114788 bytes
    ->Flash cache emptied: 923 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 7.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Nate
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.16.0 log created on 10232010_041523

    Files\Folders moved on Reboot...
    C:\Users\Nate\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
    ---------
    Extras.txt
    OTL Extras logfile created on: 10/21/2010 10:29:27 PM - Run 1
    OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\Nate\Documents\Saves
    64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 67.00% Memory free
    12.00 Gb Paging File | 10.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 596.12 Gb Total Space | 432.63 Gb Free Space | 72.58% Space Free | Partition Type: NTFS
    Drive D: | 931.51 Gb Total Space | 475.72 Gb Free Space | 51.07% Space Free | Partition Type: NTFS
    Drive E: | 465.76 Gb Total Space | 139.68 Gb Free Space | 29.99% Space Free | Partition Type: NTFS
    Drive F: | 4.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: NATE-PC | User Name: Nate | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
    "{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
    "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
    "{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
    "{86B77B5A-B157-6386-37B0-DB2494DEEAFF}" = MozyHome Remote Backup
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.63
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.63
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.63
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{C8A75512-2A33-443B-B64B-622320B86C58}" = SmartFTP Client
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "TeraCopy_is1" = TeraCopy 2.01

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
    "{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{251C3815-7A55-4607-A82D-C3B98F0FBAB8}" = Sony Vegas 7.0
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{37B03AA0-B125-4649-900C-F26E1081F163}" = Camtasia Studio 7
    "{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
    "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
    "{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
    "{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}" = Sony Media Manager 2.2
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
    "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
    "8461-7759-5462-8226" = Vuze
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
    "Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3
    "AhaView" = AhaView
    "Any Video Converter_is1" = Any Video Converter 3.0.7
    "AVG9Uninstall" = AVG 9.0
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "DVDSmith Movie Backup_is1" = DVDSmith Movie Backup 1.0.5
    "EVE" = EVE Online (remove only)
    "FontCreator55_is1" = FontCreator 5.6
    "Handbrake" = Handbrake 0.9.4
    "HMA! Pro VPN" = HMA! Pro VPN 2.4.1
    "Impulse" = Impulse
    "JDownloader" = JDownloader
    "Karen's Replicator" = Karen's Replicator
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Pen Tablet Driver" = Pen Tablet
    "PunkBusterSvc" = PunkBuster Services
    "RealPlayer 12.0" = RealPlayer
    "Revo Uninstaller" = Revo Uninstaller 1.89
    "Sins of a Solar Empire" = Sins of a Solar Empire
    "SmartFTP Client 3.0 (x64) Setup Files" = SmartFTP Client Setup Files 3.0 (x64) (remove only)
    "SmartFTP Client 4.0 (x64) Setup Files" = SmartFTP Client Setup Files 4.0 (x64) (remove only)
    "Star Trek Online" = Star Trek Online
    "StarCraft II" = StarCraft II
    "Steam App 12840" = DiRT 2
    "Steam App 16450" = F.E.A.R. 2: Project Origin
    "Steam App 17330" = Crysis Warhead
    "Steam App 21690" = Resident Evil 5
    "Steam App 41500" = Torchlight
    "Steam App 550" = Left 4 Dead 2
    "Steam App 55000" = Flotilla
    "Steam App 630" = Alien Swarm
    "Steam App 9860" = The Chronicles of Riddick: Assault on Dark Athena
    "Vector Magic" = Vector Magic
    "VLC media player" = VLC media player 0.9.9
    "Vuze_Remote Toolbar" = Vuze Remote Toolbar
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "World of Warcraft" = World of Warcraft

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/22/2010 12:40:27 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
    Faulting
    process id: 0xb9c Faulting application start time: 0x01cb71a336a107d0 Faulting application
    path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
    Id: 7d5bbfd0-dd96-11df-9879-001ec94ec4ca

    Error - 10/22/2010 12:40:45 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
    Faulting
    process id: 0x1a54 Faulting application start time: 0x01cb71a341c470c0 Faulting application
    path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
    Id: 8876c450-dd96-11df-9879-001ec94ec4ca

    Error - 10/22/2010 12:41:07 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
    Faulting
    process id: 0x16cc Faulting application start time: 0x01cb71a34ee5f3a0 Faulting application
    path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
    Id: 95a08490-dd96-11df-9879-001ec94ec4ca

    Error - 10/22/2010 12:41:29 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
    Faulting
    process id: 0xde0 Faulting application start time: 0x01cb71a35bac5e30 Faulting application
    path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
    Id: a263e1e0-dd96-11df-9879-001ec94ec4ca

    Error - 10/22/2010 12:41:50 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
    Faulting
    process id: 0x4c8 Faulting application start time: 0x01cb71a368692bd0 Faulting application
    path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
    Id: af2b5de0-dd96-11df-9879-001ec94ec4ca

    Error - 10/22/2010 12:42:12 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
    Faulting
    process id: 0xac8 Faulting application start time: 0x01cb71a375327c90 Faulting application
    path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
    Id: bbf2b2d0-dd96-11df-9879-001ec94ec4ca

    Error - 10/22/2010 12:42:33 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
    Faulting
    process id: 0x4a4 Faulting application start time: 0x01cb71a381f8c010 Faulting application
    path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
    Id: c8afce90-dd96-11df-9879-001ec94ec4ca

    Error - 10/22/2010 12:42:55 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
    Faulting
    process id: 0x4a8 Faulting application start time: 0x01cb71a38eb8c200 Faulting application
    path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
    Id: d57834f0-dd96-11df-9879-001ec94ec4ca

    Error - 10/22/2010 12:43:16 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
    Faulting
    process id: 0x19c0 Faulting application start time: 0x01cb71a39b817680 Faulting application
    path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
    Id: e239bd80-dd96-11df-9879-001ec94ec4ca

    Error - 10/22/2010 12:43:37 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
    Faulting
    process id: 0xa88 Faulting application start time: 0x01cb71a3a8408e10 Faulting application
    path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
    Id: ef02e730-dd96-11df-9879-001ec94ec4ca

    [ System Events ]
    Error - 10/20/2010 1:33:52 AM | Computer Name = Nate-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Provider
    Host service which failed to start because of the following error: %%1068

    Error - 10/20/2010 3:31:06 AM | Computer Name = Nate-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk7\DR7.

    Error - 10/20/2010 3:31:07 AM | Computer Name = Nate-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk7\DR7.

    Error - 10/20/2010 3:47:34 AM | Computer Name = Nate-PC | Source = bowser | ID = 8003
    Description =

    Error - 10/20/2010 4:59:43 AM | Computer Name = Nate-PC | Source = bowser | ID = 8003
    Description =

    Error - 10/20/2010 5:34:44 AM | Computer Name = Nate-PC | Source = bowser | ID = 8003
    Description =

    Error - 10/20/2010 10:43:51 PM | Computer Name = Nate-PC | Source = HTTP | ID = 15011
    Description =

    Error - 10/20/2010 10:58:36 PM | Computer Name = Nate-PC | Source = Service Control Manager | ID = 7034
    Description = The AVG9IDSAgent service terminated unexpectedly. It has done this
    1 time(s).

    Error - 10/20/2010 11:38:31 PM | Computer Name = Nate-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk7\DR7.

    Error - 10/20/2010 11:38:31 PM | Computer Name = Nate-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk7\DR7.


    < End of report >
     
  19. tovette

    tovette TS Rookie Topic Starter Posts: 22

    Here's the checkup.txt
    -----
    Results of screen317's Security Check version 0.99.5
    Windows 7 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    AVG 9.0
    Adobe After Effects CS3 Presets
    WMI entry may not exist for antivirus; attempting automatic update.
    AVG9 successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.85.3
    Adobe Reader 9.4.0
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVG avgwdsvc.exe
    AVG avgemc.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  20. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Looks good :)
    Go on.
     
  21. tovette

    tovette TS Rookie Topic Starter Posts: 22

    Uhh my explorer.exe is still crashing on me....
     
  22. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    We'll get back to it, when we're done with cleaning process.
    Eset scan please.
     
  23. tovette

    tovette TS Rookie Topic Starter Posts: 22

    Eset scan...

    C:\Users\Nate\DoctorWeb\Quarantine\iSetup.exe probably a variant of Win32/Genetik trojan
    C:\Users\Nate\DoctorWeb\Quarantine\iSetup_0.exe probably a variant of Win32/Genetik trojan
    C:\Windows\System32\hlp.dat Win32/Bamital.DZ trojan
    C:\Windows\SysWOW64\hlp.dat Win32/Bamital.DZ trojan
     
  24. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Windows\System32\hlp.dat 
      C:\Windows\SysWOW64\hlp.dat
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     
  25. tovette

    tovette TS Rookie Topic Starter Posts: 22

    I ran OTL and upon start up the exeplorer.exe immediately crashed only this time it took the mouse and the wallpaper with it. I have no means of accessing anything now. Also the boot sequence took way longer than anticipated and my external drive is no longer being read.

    I'm wondering if I should reinstall the OS. At this point I don't really care about reinstalling my apps and my data is backed up on other drives.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.