Inactive 8 Steps Done on 64 Bit System

R

rjmontalvo

Posts: 19   +0
Hello,

I completed all the steps and the programs seemed to work but the only one that I'm able to show a log for is GMER. Both Mbam and DDS seem to have problems due to me running Vista in 64 bit. Is there anyway to get around this so I can properly paste my logs on the forum?

Thanks!
 
Welcome aboard
yahooo.gif


DDS and MBAM will run on 64-bit.
What kind of problems are you having with those programs and what are your computer issues?

Please, observe following rules:

  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
When I run MBAM it completes fine but puts up an error saying: Please check whether you're running 32-Bit or 64-Bit Operating System and contact Program provider. The log is created but that same error comes up whenever I click on it through program. I also looked where the file should be on hard drive and there's no log folder or txt files.

At the end of the of DDS the program attempts to open up Notepad and fails to do so saying just about the same error as I listed above.

As for PC probs, whenever I boot up the laptop I get a few error windows. One is "Failed to load Commonres.dll" as well as a few random
files from Avira and Openoffice with the error "Bad Image" attached to each. There are quite a few programs now that just refuse to run out of
no where. Unfortunately I'm at work right now so the exact wordings of the errors aren't in front of me but I will repost with exact details later.
 
Below is the GMER log, how do I get a MBRCheck log? I looked online and found another forum speaking of it, but the version I downloaded and used said I had a unknown MBR code and my attempt to dump to a log file ended up with a bunch of gibberish (which I'll paste below GMER)

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-09 22:16:22
Windows 6.0.6001 Service Pack 1
Running: y724pt7t.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application@Sources MSDMine?STacS
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0E 0x87 0x98 0x83 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x38 0xE7 0x2B 0x83 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x85 0x2C 0xD3 0x5F ...
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application@Sources MSDMine?STacS
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Application@Sources MSDMine?STacS
Reg HKLM\SYSTEM\ControlSet004\Services\Eventlog\Application@Sources MSDMine?STacS
Reg HKLM\SYSTEM\ControlSet005\Services\Eventlog\Application@Sources MSDMine?STacS
Reg HKLM\SYSTEM\ControlSet006\Services\Eventlog\Application@Sources MSDMine?STacS
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x23 0xC6 0xEA 0x2C ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x38 0xE7 0x2B 0x83 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x85 0x2C 0xD3 0x5F ...
Reg HKLM\SYSTEM\ControlSet007\Services\Eventlog\Application@Sources MSDMine?STacS
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x42 0x99 0x59 0x7D ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x38 0xE7 0x2B 0x83 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x85 0x2C 0xD3 0x5F ...
Reg HKLM\SYSTEM\ControlSet008\Services\Eventlog\Application@Sources MSDMine?STacS
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x50 0x5F 0x22 0x65 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x38 0xE7 0x2B 0x83 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x85 0x2C 0xD3 0x5F ...
Reg HKLM\SYSTEM\ControlSet009\Services\Eventlog\Application@Sources MSDMine?STacS
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8C 0x99 0xB5 0x1B ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x38 0xE7 0x2B 0x83 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x85 0x2C 0xD3 0x5F ...
Reg HKLM\SYSTEM\ControlSet010\Services\Eventlog\Application@Sources MSDMine?STacS
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0E 0x87 0x98 0x83 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x38 0xE7 0x2B 0x83 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x85 0x2C 0xD3 0x5F ...

---- EOF - GMER 1.0.15 ----

MBR Check

1ÀŽÐ¼ |ûPPü¾|¿PW¹åó¤Ë¿ 1À²€ÍsOtëóëþ½ž€~ Ztjº R´Ít ´Í€üqtWé; f¸d f»@B f÷ãf»í: f÷óf‰Áäa$8àtøˆÄfIfù wëZJú uµé ¾¾±8,|u Æ âô‰õéo éi ½¾f‹^`h h fSh h |h h ´B²€‰æÍaas Ot0ä²€ÍëÍè{ ½¾ÆF €ÆF ÆF ÆF *Ÿ¨t€N$*Ÿ¨t€N4èr h h |˽Îf‹^`h h fSh h |h h ´B²€‰æÍaas Ot0ä²€ÍëÍè ½¾€~'tºÆF'è% 뱿 1ÀŽÀ» ~¸µ ±¶ ²€Ís Ot0äÍ
ëÞÿ 1ÀŽÀ» ~¸µ ±¶ ²€Ís Ot0äÍ
ëÞà Acer&3 system bz™î
a! ! 'þÿÿ  *€þÿÿþÿÿ *ø‡µ þÿÿþÿÿ U Hí Uª
 
Ooops, sorry for MBRCheck :)

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
LOL I totally didn't notice that the program put the log on my desktop. Here it is ;P

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: Gateway
BIOS Manufacturer: Gateway
System Manufacturer: Gateway
System Product Name: M-6888u
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 153):
0x02615000 \SystemRoot\system32\ntoskrnl.exe
0x02B2D000 \SystemRoot\system32\hal.dll
0x0060E000 \SystemRoot\system32\kdcom.dll
0x00618000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00645000 \SystemRoot\system32\PSHED.dll
0x00659000 \SystemRoot\system32\CLFS.SYS
0x006B6000 \SystemRoot\system32\CI.dll
0x00802000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DC000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00A07000 \SystemRoot\System32\Drivers\spqg.sys
0x00B2D000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00B36000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x00B64000 \SystemRoot\system32\drivers\acpi.sys
0x00BBA000 \SystemRoot\system32\drivers\msisadrv.sys
0x00BC4000 \SystemRoot\system32\drivers\pci.sys
0x008EA000 \SystemRoot\System32\drivers\partmgr.sys
0x00BF4000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x008FF000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x0090B000 \SystemRoot\system32\drivers\volmgr.sys
0x0091F000 \SystemRoot\System32\drivers\volmgrx.sys
0x00BF8000 \SystemRoot\system32\drivers\intelide.sys
0x00985000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00995000 \SystemRoot\System32\drivers\mountmgr.sys
0x00C0E000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00D12000 \SystemRoot\system32\drivers\atapi.sys
0x00D1A000 \SystemRoot\system32\drivers\ataport.SYS
0x00D3E000 \SystemRoot\system32\drivers\fltmgr.sys
0x00D84000 \SystemRoot\system32\drivers\fileinfo.sys
0x00768000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E0F000 \SystemRoot\system32\drivers\ndis.sys
0x00D98000 \SystemRoot\system32\drivers\msrpc.sys
0x009A8000 \SystemRoot\system32\drivers\NETIO.SYS
0x01002000 \SystemRoot\System32\drivers\tcpip.sys
0x01176000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01208000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138C000 \SystemRoot\system32\drivers\volsnap.sys
0x013D0000 \SystemRoot\System32\Drivers\spldr.sys
0x013D8000 \SystemRoot\System32\Drivers\mup.sys
0x011A2000 \SystemRoot\System32\drivers\ecache.sys
0x013EA000 \SystemRoot\system32\drivers\disk.sys
0x011CE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00FD2000 \SystemRoot\system32\drivers\crcdisk.sys
0x02309000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02315000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x0231E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02331000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x02604000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x02408000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x024E7000 \SystemRoot\System32\drivers\watchdog.sys
0x024F6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02509000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02515000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0255B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0256C000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x02C0F000 \SystemRoot\system32\DRIVERS\NETw4v64.sys
0x02F26000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02F3C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02F4A000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x02F99000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x02F9B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02FA7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02FC3000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x02595000 \SystemRoot\System32\Drivers\a0th9a8e.SYS
0x02B50000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02B88000 \SystemRoot\system32\DRIVERS\storport.sys
0x02FD0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02FDD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02C00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02336000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x025DA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02367000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02BE5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x025EA000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C0C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02385000 \SystemRoot\system32\DRIVERS\ks.sys
0x023B9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x023C4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03208000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0324F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03263000 \SystemRoot\system32\drivers\HdAudio.sys
0x032AC000 \SystemRoot\system32\drivers\portcls.sys
0x032E7000 \SystemRoot\system32\drivers\drmk.sys
0x0330A000 \SystemRoot\system32\drivers\ksthunk.sys
0x03310000 \SystemRoot\system32\drivers\stwrt64.sys
0x03374000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
0x04E08000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x04C0C000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x04CD4000 \SystemRoot\system32\drivers\modem.sys
0x04CE3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04CFF000 \SystemRoot\System32\Drivers\usbvideo.sys
0x04D29000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x04D33000 \SystemRoot\System32\Drivers\Null.SYS
0x04D46000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04D4E000 \SystemRoot\System32\drivers\vga.sys
0x04D5C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04D81000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04D8A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04D93000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04D9E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04DAF000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x04DB8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04DD5000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x04DE5000 \SystemRoot\system32\DRIVERS\smb.sys
0x04F82000 \SystemRoot\system32\drivers\afd.sys
0x04C00000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x0500D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x05051000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0506F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0507E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x05099000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x050E7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x050F3000 \SystemRoot\System32\Drivers\dfsc.sys
0x05110000 \SystemRoot\System32\Drivers\aswSP.SYS
0x05133000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02200000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05141000 \SystemRoot\system32\drivers\RTSTOR64.SYS
0x05155000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0515E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05170000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0517A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x05185000 \SystemRoot\System32\drivers\Dxapi.sys
0x05191000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00420000 \SystemRoot\System32\TSDDD.dll
0x00660000 \SystemRoot\System32\cdd.dll
0x051A4000 \SystemRoot\system32\drivers\luafv.sys
0x051C6000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x05000000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x06C0E000 \SystemRoot\system32\drivers\spsys.sys
0x06CA8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06CBC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x06CF0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x06CFB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06D13000 \SystemRoot\system32\drivers\HTTP.sys
0x06DB2000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06DDB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x033C8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x023D4000 \SystemRoot\system32\drivers\mrxdav.sys
0x07408000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x07431000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0747A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07499000 \SystemRoot\System32\DRIVERS\srv2.sys
0x074CB000 \SystemRoot\System32\DRIVERS\srv.sys
0x07579000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x07C06000 \SystemRoot\system32\drivers\peauth.sys
0x07CBC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07CC7000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07CD6000 \SystemRoot\system32\DRIVERS\xaudio64.sys
0x07CDE000 \SystemRoot\system32\drivers\tdtcp.sys
0x07CEB000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x07CF9000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x07D35000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x775A0000 \Windows\System32\ntdll.dll

Processes (total 67):
0 System Idle Process
4 System
444 C:\Windows\System32\smss.exe
568 csrss.exe
620 C:\Windows\System32\wininit.exe
640 csrss.exe
676 C:\Windows\System32\services.exe
688 C:\Windows\System32\lsass.exe
700 C:\Windows\System32\lsm.exe
740 C:\Windows\System32\winlogon.exe
868 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
388 C:\Windows\System32\Ati2evxx.exe
520 C:\Windows\System32\svchost.exe
12 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\audiodg.exe
1100 C:\Windows\System32\SLsvc.exe
1132 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\Ati2evxx.exe
1308 C:\Windows\System32\svchost.exe
1440 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1740 C:\Windows\System32\spoolsv.exe
1764 C:\Windows\System32\svchost.exe
1956 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1992 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2012 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
940 C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
2004 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2120 C:\Windows\System32\svchost.exe
2136 C:\Windows\System32\Locator.exe
2188 C:\Program Files (x86)\IDT\WDM\stacsv64.exe
2524 C:\Windows\System32\taskeng.exe
2536 C:\Windows\System32\dwm.exe
2608 C:\Windows\explorer.exe
2648 C:\Windows\System32\taskeng.exe
2868 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2876 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2904 C:\Windows\sttray64.exe
2956 C:\Windows\ehome\ehtray.exe
3036 C:\Windows\System32\svchost.exe
2060 C:\Windows\System32\svchost.exe
2564 C:\Windows\System32\SearchIndexer.exe
2716 C:\Windows\System32\drivers\XAudio64.exe
3084 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3124 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3180 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3188 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
3196 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3272 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
3284 C:\Windows\ehome\ehmsas.exe
3524 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3908 C:\Program Files\iPod\bin\iPodService.exe
3900 C:\Windows\System32\wbem\unsecapp.exe
2840 WmiPrvSE.exe
4360 C:\Program Files\Windows Media Player\wmpnetwk.exe
3504 C:\Users\Rich\AppData\Local\Google\Chrome\Application\chrome.exe
3340 C:\Users\Rich\AppData\Local\Google\Chrome\Application\chrome.exe
2720 C:\Program Files\Windows Media Player\wmpnscfg.exe
340 C:\Users\Rich\AppData\Local\Google\Chrome\Application\chrome.exe
2348 C:\Users\Rich\AppData\Local\Google\Chrome\Application\chrome.exe
4460 C:\Users\Rich\AppData\Local\Google\Chrome\Application\chrome.exe
2456 C:\Windows\System32\SearchProtocolHost.exe
1212 C:\Windows\System32\SearchFilterHost.exe
4316 dllhost.exe
2224 dllhost.exe
2312 C:\Users\Rich\Downloads\MBRCheck (1).exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`40100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000032`ab200000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 16320FCDEEF27AEA4D198A0877B9A7EECB751892


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
It looks like we have problem with your MBR...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
 
Post NTBR Boot CD Log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: Gateway
BIOS Manufacturer: Gateway
System Manufacturer: Gateway
System Product Name: M-6888u
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 153):
0x0260B000 \SystemRoot\system32\ntoskrnl.exe
0x02B23000 \SystemRoot\system32\hal.dll
0x0060B000 \SystemRoot\system32\kdcom.dll
0x00615000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00642000 \SystemRoot\system32\PSHED.dll
0x00656000 \SystemRoot\system32\CLFS.SYS
0x006B3000 \SystemRoot\system32\CI.dll
0x0080C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00A0E000 \SystemRoot\System32\Drivers\splz.sys
0x00B34000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00B3D000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x00B6B000 \SystemRoot\system32\drivers\acpi.sys
0x00BC1000 \SystemRoot\system32\drivers\msisadrv.sys
0x00BCB000 \SystemRoot\system32\drivers\pci.sys
0x008F4000 \SystemRoot\System32\drivers\partmgr.sys
0x00BFB000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00A00000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00909000 \SystemRoot\system32\drivers\volmgr.sys
0x0091D000 \SystemRoot\System32\drivers\volmgrx.sys
0x00983000 \SystemRoot\system32\drivers\intelide.sys
0x0098B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x0099B000 \SystemRoot\System32\drivers\mountmgr.sys
0x00C0A000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00D0E000 \SystemRoot\system32\drivers\atapi.sys
0x00D16000 \SystemRoot\system32\drivers\ataport.SYS
0x00D3A000 \SystemRoot\system32\drivers\fltmgr.sys
0x00D80000 \SystemRoot\system32\drivers\fileinfo.sys
0x00765000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E00000 \SystemRoot\system32\drivers\ndis.sys
0x00D94000 \SystemRoot\system32\drivers\msrpc.sys
0x01000000 \SystemRoot\system32\drivers\NETIO.SYS
0x01058000 \SystemRoot\System32\drivers\tcpip.sys
0x011CC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01208000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138C000 \SystemRoot\system32\drivers\volsnap.sys
0x013D0000 \SystemRoot\System32\Drivers\spldr.sys
0x013D8000 \SystemRoot\System32\Drivers\mup.sys
0x00FC3000 \SystemRoot\System32\drivers\ecache.sys
0x013EA000 \SystemRoot\system32\drivers\disk.sys
0x009AE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00FEF000 \SystemRoot\system32\drivers\crcdisk.sys
0x0230C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02318000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02321000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02334000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0260C000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x02C05000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02CE4000 \SystemRoot\System32\drivers\watchdog.sys
0x02CF3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02D06000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02D12000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02D58000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02D69000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x02E07000 \SystemRoot\system32\DRIVERS\NETw4v64.sys
0x0311E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03134000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03142000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x03191000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03193000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0319F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x031BB000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x02D92000 \SystemRoot\System32\Drivers\acarrct0.SYS
0x031C8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02B58000 \SystemRoot\system32\DRIVERS\storport.sys
0x02DD7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02BB5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02DE4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02339000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02DF0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02BD8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0236A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02382000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02E00000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02394000 \SystemRoot\system32\DRIVERS\ks.sys
0x02600000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x023C8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03207000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0324E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03262000 \SystemRoot\system32\drivers\HdAudio.sys
0x032AB000 \SystemRoot\system32\drivers\portcls.sys
0x032E6000 \SystemRoot\system32\drivers\drmk.sys
0x03309000 \SystemRoot\system32\drivers\ksthunk.sys
0x0330F000 \SystemRoot\system32\drivers\stwrt64.sys
0x03373000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
0x04C06000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x04E04000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x04ECC000 \SystemRoot\system32\drivers\modem.sys
0x04EDB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x04EE5000 \SystemRoot\System32\Drivers\Null.SYS
0x04EF8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04F00000 \SystemRoot\System32\drivers\vga.sys
0x04F0E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04F33000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04F3C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04F45000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04F50000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04F61000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x04F6A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04F87000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x04F97000 \SystemRoot\system32\DRIVERS\smb.sys
0x04D80000 \SystemRoot\system32\drivers\afd.sys
0x04FB2000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x04FBC000 \SystemRoot\System32\DRIVERS\netbt.sys
0x033C7000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04DED000 \SystemRoot\system32\DRIVERS\netbios.sys
0x033E5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04A07000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04A55000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04A61000 \SystemRoot\System32\Drivers\dfsc.sys
0x04A7E000 \SystemRoot\System32\Drivers\aswSP.SYS
0x04AA1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04ABD000 \SystemRoot\System32\Drivers\usbvideo.sys
0x04AE7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04AF5000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x023D8000 \SystemRoot\system32\drivers\RTSTOR64.SYS
0x04EEE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x023EC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x02BF6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x02200000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x0220B000 \SystemRoot\System32\drivers\Dxapi.sys
0x02217000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00490000 \SystemRoot\System32\TSDDD.dll
0x00610000 \SystemRoot\System32\cdd.dll
0x0222A000 \SystemRoot\system32\drivers\luafv.sys
0x0224C000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x02286000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x06C06000 \SystemRoot\system32\drivers\spsys.sys
0x06CA0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06CB4000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x06CE8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x06CF3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06D0B000 \SystemRoot\system32\drivers\HTTP.sys
0x06DAA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06DD3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0228F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x022A9000 \SystemRoot\system32\drivers\mrxdav.sys
0x022D0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0720A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x07253000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07272000 \SystemRoot\System32\DRIVERS\srv2.sys
0x072A4000 \SystemRoot\System32\DRIVERS\srv.sys
0x07352000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x07A0F000 \SystemRoot\system32\drivers\peauth.sys
0x07AC5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07AD0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07ADF000 \SystemRoot\system32\DRIVERS\xaudio64.sys
0x07AE7000 \SystemRoot\system32\drivers\tdtcp.sys
0x07AF4000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x07B02000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x07B3E000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x772B0000 \Windows\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
492 C:\Windows\System32\smss.exe
568 csrss.exe
620 C:\Windows\System32\wininit.exe
640 csrss.exe
676 C:\Windows\System32\services.exe
688 C:\Windows\System32\lsass.exe
696 C:\Windows\System32\lsm.exe
740 C:\Windows\System32\winlogon.exe
884 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
508 C:\Windows\System32\Ati2evxx.exe
524 C:\Windows\System32\svchost.exe
572 C:\Windows\System32\svchost.exe
820 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\audiodg.exe
1100 C:\Windows\System32\SLsvc.exe
1128 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\Ati2evxx.exe
1436 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1728 C:\Windows\System32\spoolsv.exe
1752 C:\Windows\System32\svchost.exe
1924 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1972 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1996 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2032 C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
1788 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2084 C:\Windows\System32\svchost.exe
2108 C:\Windows\System32\Locator.exe
2136 C:\Program Files (x86)\IDT\WDM\stacsv64.exe
2240 C:\Windows\System32\svchost.exe
2276 C:\Windows\System32\svchost.exe
2304 C:\Windows\System32\SearchIndexer.exe
2348 C:\Windows\System32\drivers\XAudio64.exe
2784 C:\Windows\System32\dwm.exe
2824 C:\Windows\explorer.exe
2928 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2940 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2960 C:\Windows\sttray64.exe
3048 C:\Windows\ehome\ehtray.exe
3064 C:\Program Files (x86)\Steam\Steam.exe
880 C:\Windows\ehome\ehmsas.exe
1532 C:\Windows\System32\taskeng.exe
1008 C:\Windows\System32\taskeng.exe
2124 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3128 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3184 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
3376 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3424 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3440 WmiPrvSE.exe
3516 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
3572 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
3596 C:\Windows\System32\mobsync.exe
3920 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4052 C:\Program Files\iPod\bin\iPodService.exe
3472 C:\Windows\System32\wbem\unsecapp.exe
3420 WmiPrvSE.exe
3956 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
3952 C:\Windows\System32\SearchProtocolHost.exe
1036 C:\Windows\System32\SearchFilterHost.exe
3492 dllhost.exe
2508 dllhost.exe
4072 C:\Users\Rich\Downloads\MBRCheck (1).exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`40100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000032`ab200000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 
Looks good :)

See, if this will run...

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/


  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
  • Close SUPERAntiSpyware.
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

  • Open SUPERAntiSpyware.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Post SUPERAntiSpyware log.
 
The laptop shut off twice while almost done with scan, seemed like it was overheating. Then refuses to go more than a few minutes without doin the same. Going to leave it for a bit n come back to it tomm.

Didn't want to seem like I fixed it n left ya. Thanks for the help thus far.
 
If the laptop is overheating, leaving it off for a while won't solve overheating issue.
I suggest, you buy a can of compressed air and clean well all vents.
IF it's an overheating problem avoid using the laptop until the issue is solved, or can cause permanent CPU damage.
 
Thanks for the heads up, did a good air can clean up and seems ok. Here's the log:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/11/2010 at 06:12 PM

Application Version : 4.45.1000

Core Rules Database Version : 5843
Trace Rules Database Version: 3655

Scan type : Complete Scan
Total Scan Time : 01:07:14

Memory items scanned : 255
Memory threats detected : 0
Registry items scanned : 11500
Registry threats detected : 0
File items scanned : 141040
File threats detected : 2

Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\SYSTEM32\DDRAWEX.DLL
C:\WINDOWS\SYSTEM32\NAPIPSEC.DLL
 
Good :)

How is computer doing overall?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
The OTL log is too big for one post, here's first section:

OTL logfile created on: 11/11/2010 6:47:16 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Rich\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 189.67 Gb Total Space | 63.89 Gb Free Space | 33.69% Space Free | Partition Type: NTFS
Drive F: | 95.42 Gb Total Space | 75.01 Gb Free Space | 78.61% Space Free | Partition Type: NTFS

Computer Name: LAPPY | User Name: Rich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/11 18:45:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe
PRC - [2010/11/01 16:36:03 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Users\Rich\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/10/17 08:25:41 | 000,030,192 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 18:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2010/11/11 18:45:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2008/07/16 13:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/09 08:58:26 | 000,830,464 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2007/01/29 08:24:38 | 000,410,624 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2010/11/10 19:01:26 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/17 08:25:41 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/07/26 20:49:46 | 000,119,296 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files (x86)\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2007/01/19 15:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\MSN Messenger\usnsvc.exe -- (usnjsvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/10/19 22:12:49 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/07 09:47:33 | 000,061,008 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/02/29 01:59:32 | 001,252,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/25 03:46:52 | 000,150,016 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:46:57 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/09 11:44:54 | 004,168,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/01/03 19:57:26 | 000,062,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2007/10/30 21:44:38 | 003,197,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel(R)
DRV:64bit: - [2007/09/30 02:03:32 | 000,384,024 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/07/26 20:50:24 | 000,391,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2007/05/23 20:47:28 | 000,020,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/01/29 08:24:06 | 000,009,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2006/12/21 08:33:28 | 001,511,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2006/12/21 08:30:50 | 000,300,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2006/12/21 08:29:48 | 000,731,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/11/17 01:22:06 | 000,297,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/06/18 10:27:24 | 000,017,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2008/07/16 12:56:06 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1010&m=m-6888u
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1010&m=m-6888u
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1010&m=m-6888u
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1010&m=m-6888u

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1010&m=m-6888u
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: seotoolbar@seobook.com:1.0.20
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/01 16:32:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/01 16:32:48 | 000,000,000 | ---D | M]

[2010/10/18 17:00:14 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\Mozilla\Extensions
[2010/11/08 18:42:45 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\shqru1oa.default\extensions
[2010/10/24 21:37:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\shqru1oa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/19 17:57:14 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\shqru1oa.default\extensions\seotoolbar@seobook.com
[2010/10/18 16:52:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.87.77.134 68.87.72.134
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll ()
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll ()
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll ()
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll ()
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rich\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rich\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1eed668e-d9a2-11df-9104-000325249adc}\Shell\AutoRun\command - "" = G:\wdsync.exe -- File not found
O33 - MountPoints2\{9e12a464-e370-11df-a761-000325249adc}\Shell\AutoRun\command - "" = G:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{9e12a464-e370-11df-a761-000325249adc}\Shell\slacker\command - "" = G:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{d129d577-dbf8-11df-8cd8-001f3cacead8}\Shell - "" = AutoRun
O33 - MountPoints2\{d129d577-dbf8-11df-8cd8-001f3cacead8}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.clmp3enc - C:\Program Files (x86)\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/11 18:45:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe
[2010/11/10 20:56:11 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\SUPERAntiSpyware.com
[2010/11/10 20:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/11/10 20:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/11/10 20:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/10 20:33:54 | 000,000,000 | ---D | C] -- C:\Users\Rich\Desktop\NTBR_CD
[2010/11/09 23:57:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2010/11/09 23:56:58 | 000,000,000 | ---D | C] -- C:\63f0913c402f0067fff127f1
[2010/11/09 23:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/09 21:32:55 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Malwarebytes
[2010/11/09 21:32:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/09 21:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/09 21:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/08 22:15:45 | 000,000,000 | ---D | C] -- C:\Users\Rich\Documents\The KMPlayer
[2010/11/08 22:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
[2010/11/07 20:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/11/07 20:38:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2010/11/07 20:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/11/07 19:23:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise Disk Cleaner
[2010/11/07 19:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise Registry Cleaner
[2010/11/07 11:02:03 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\PeerNetworking
[2010/11/07 10:53:35 | 000,000,000 | ---D | C] -- C:\Users\Rich\Desktop\OpenOffice.org 3.2 (en-US) Installation Files
[2010/11/06 15:44:43 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/11/06 15:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\InterActual
[2010/10/28 22:16:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/10/27 17:40:48 | 000,000,000 | ---D | C] -- C:\Users\Rich\Documents\All-in-One Submission 8.88
[2010/10/27 17:40:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\All-in-One Submission 8.0
[2010/10/27 17:29:52 | 000,000,000 | ---D | C] -- C:\Users\Rich\Documents\All-in-One Submission 9.088.8
[2010/10/26 16:51:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/10/24 12:36:34 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\OpenOffice.org
[2010/10/24 10:31:28 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Adobe
[2010/10/22 22:42:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2010/10/21 18:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Pismo File Mount Audit Package
[2010/10/21 18:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\KernSafe
[2010/10/21 18:00:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\All-in-One Submission 9.0
[2010/10/19 22:12:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010/10/19 22:12:09 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\DAEMON Tools Lite
[2010/10/19 22:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/10/19 20:12:04 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/10/18 20:45:43 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\LolClient
[2010/10/18 16:53:06 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Mozilla
[2010/10/18 16:53:06 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Mozilla
[2010/10/18 16:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/10/17 20:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/10/17 20:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010/10/17 19:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2010/10/17 19:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010/10/17 19:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/17 18:54:21 | 000,000,000 | ---D | C] -- C:\Riot Games
[2010/10/17 18:12:26 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\PMB Files
[2010/10/17 18:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/10/17 18:12:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2010/10/17 08:26:51 | 000,000,000 | ---D | C] -- C:\Users\Rich\Documents\My Google Gadgets
[2010/10/17 08:09:35 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Apple Computer
[2010/10/17 08:09:35 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Apple Computer
[2010/10/17 08:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/17 08:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/17 08:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/10/17 08:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/10/17 08:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/10/17 08:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/10/17 08:07:23 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Apple
[2010/10/17 08:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/10/17 08:06:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/10/17 08:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/17 08:06:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/10/17 08:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/10/17 08:05:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/10/17 06:40:00 | 000,000,000 | ---D | C] -- C:\Users\Rich\Documents\Rich
[2010/10/17 01:35:11 | 000,425,984 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray64.exe
[2010/10/17 01:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2010/10/17 01:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\es-MX
[2010/10/17 01:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\es-MX
[2010/10/17 01:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\es-AR
[2010/10/17 01:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\es-AR
[2010/10/17 01:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2010/10/17 01:31:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010/10/17 01:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/10/17 01:25:34 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/10/17 01:23:30 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/10/17 00:03:01 | 000,000,000 | ---D | C] -- C:\Users\Rich\Games
[2010/10/16 23:44:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
[2010/10/16 23:44:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/10/16 23:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/10/16 23:36:57 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Macromedia
[2010/10/16 23:36:53 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Adobe
[2010/10/16 23:11:05 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Google
[2010/10/16 22:49:16 | 000,017,952 | ---- | C] (Acer, Inc.) -- C:\Windows\SysWow64\drivers\int15_64.sys
[2010/10/16 22:49:16 | 000,015,392 | ---- | C] (Acer, Inc.) -- C:\Windows\SysWow64\drivers\int15.sys
[2010/10/16 22:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\GATEWAY
[2010/10/16 22:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/10/16 22:45:50 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\ATI
[2010/10/16 22:45:50 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\ATI
[2010/10/16 22:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/10/16 22:45:46 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Symantec
[2010/10/16 22:45:37 | 000,000,000 | R--D | C] -- C:\Users\Rich\Searches
[2010/10/16 22:45:29 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Identities
[2010/10/16 22:45:27 | 000,000,000 | R--D | C] -- C:\Users\Rich\Contacts
[2010/10/16 22:45:25 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\VirtualStore
[2010/10/16 22:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Application Data
[2010/10/16 22:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\eBay
[2010/10/16 22:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/10/16 22:43:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/10/16 22:43:14 | 000,000,000 | --SD | C] -- C:\Users\Rich\AppData\Roaming\Microsoft
[2010/10/16 22:43:14 | 000,000,000 | R--D | C] -- C:\Users\Rich\Videos
[2010/10/16 22:43:14 | 000,000,000 | R--D | C] -- C:\Users\Rich\Saved Games
[2010/10/16 22:43:14 | 000,000,000 | R--D | C] -- C:\Users\Rich\Pictures
[2010/10/16 22:43:14 | 000,000,000 | R--D | C] -- C:\Users\Rich\Music
[2010/10/16 22:43:14 | 000,000,000 | R--D | C] -- C:\Users\Rich\Links
[2010/10/16 22:43:14 | 000,000,000 | R--D | C] -- C:\Users\Rich\Favorites
[2010/10/16 22:43:14 | 000,000,000 | R--D | C] -- C:\Users\Rich\Downloads
[2010/10/16 22:43:14 | 000,000,000 | R--D | C] -- C:\Users\Rich\Documents
[2010/10/16 22:43:14 | 000,000,000 | R--D | C] -- C:\Users\Rich\Desktop
[2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\AppData\Local\Temporary Internet Files
[2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Templates
[2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Start Menu
[2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\SendTo
[2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Recent
[2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\PrintHood
[2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\NetHood
[2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Documents\My Videos
[2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Documents\My Pictures
[2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Documents\My Music
[2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\My Documents
[2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Local Settings
[2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\AppData\Local\History
[2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Cookies
[2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Application Data
[2010/10/16 22:43:14 | 000,000,000 | -HSD | C] -- C:\Users\Rich\AppData\Local\Application Data
[2010/10/16 22:43:14 | 000,000,000 | -H-D | C] -- C:\Users\Rich\AppData
[2010/10/16 22:43:14 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Temp
[2010/10/16 22:43:14 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Microsoft
[2010/10/16 22:43:14 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Media Center Programs
[2010/10/16 22:39:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2010/10/16 22:39:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2010/10/16 22:39:36 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2010/10/16 22:39:36 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2010/10/16 22:39:36 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2010/10/16 22:39:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2010/10/16 22:39:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2010/10/16 22:39:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2010/10/16 22:39:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2010/10/16 22:08:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2010/10/16 22:08:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010/10/16 22:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/10/16 22:03:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/10/16 22:02:53 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\uTorrent
[2010/10/16 22:01:28 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\DivX
[2010/10/16 22:01:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/10/16 22:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/10/16 21:58:19 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/10/16 21:58:19 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/10/16 21:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010/10/16 21:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/10/16 21:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/16 21:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX

========== Files - Modified Within 30 Days ==========
 
Extras.txt:


OTL Extras logfile created on: 11/11/2010 6:47:16 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Rich\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 189.67 Gb Total Space | 63.89 Gb Free Space | 33.69% Space Free | Partition Type: NTFS
Drive F: | 95.42 Gb Total Space | 75.01 Gb Free Space | 78.61% Space Free | Partition Type: NTFS

Computer Name: LAPPY | User Name: Rich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE ()
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE ()
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE ()

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Rich\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
InternetShortcut [print] -- rundll32.exe C:\Windows\SysWOW64\mshtml.dll,PrintHTML "%1" ()
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" ()
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ACF8820-AF4F-476F-92A5-157C5DF63175}" = lport=139 | protocol=6 | dir=in | app=system |
"{0C62328E-FD96-40C0-AD1D-089252BB6893}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F660956-9983-4042-9909-C4079F9298B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{10ABDF92-FF57-421F-A1A0-A5F111C7C2CC}" = rport=10244 | protocol=6 | dir=out | app=system |
"{1716921E-777C-4672-94F7-BF8D7499527D}" = lport=137 | protocol=17 | dir=in | app=system |
"{1F686ADF-BF38-424E-953A-940268F858D1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{299B16F0-FD3F-4A90-98ED-47BD75252045}" = rport=139 | protocol=6 | dir=out | app=system |
"{2D04C7FE-5B9F-4FBF-B69D-B48422E1D461}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3039ABEF-7DF0-4C10-BA97-5EC586C0B37C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3342C912-2999-471B-94A5-1B5A546AC5CE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{35E2EE2E-FB2C-4D81-A777-F9D388195324}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{35FA5CA9-4AAC-4369-BCFB-71F7AE6574E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{380E02C6-FCAA-48A6-91EF-B615C931B22B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3F8317D7-6DEC-479D-9CB6-4955EE660E1F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{578A78EF-21D1-4773-B432-D4014AE43D97}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5A205909-00AA-4850-B847-21F2DA8AEBEA}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |
"{5B328C01-948D-42D5-A580-DEE80057FED4}" = lport=3390 | protocol=6 | dir=in | app=system |
"{5ECA3FE0-CB51-406B-B6B4-14BFAF90C8BB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{663B95E5-9D38-4BDA-9811-8AAD2A1224DD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{672DC7A3-DA7E-4031-BFBA-1C90E97E0A89}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{67C90BC9-D27A-4EB1-9F11-18D8151D63CE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6B3AD33C-C8B8-48E6-B4BC-BD04086D01E4}" = rport=138 | protocol=17 | dir=out | app=system |
"{7184FCCB-F9F8-4DEB-B5C8-295B06A7A12F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{780E7CBA-3601-4498-A644-C496334C724B}" = lport=138 | protocol=17 | dir=in | app=system |
"{81DE3A6B-AD6A-4945-8970-403D01112816}" = rport=445 | protocol=6 | dir=out | app=system |
"{84BED730-B0DA-4C20-BBAF-98B5C9260EA3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{88DEC4FD-2214-4CE5-81B0-994093C49C04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8DFB53B7-D2F0-4DF6-BC0A-8B1A6E2B6136}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E9D298A-37E9-4A8B-BAFF-A4A6A5B33635}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |
"{8FD1DA27-C1F5-4D98-861A-450B4503478B}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{96069BD6-1A01-4BF1-8233-167D8C0F4C63}" = lport=10244 | protocol=6 | dir=in | app=system |
"{A33D7CC6-3B54-4883-9763-4FC3B17D5866}" = lport=10244 | protocol=6 | dir=in | app=system |
"{A5CEDB33-206F-4A4A-A944-D84F68063FE2}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{ACB78BCE-E84C-479F-AC3A-F079E09A520C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B7B66F05-9538-4642-9085-522DF3D66745}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |
"{C16620F6-B172-47B4-88D6-DDBC85AD467B}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |
"{C7A04B63-F2DE-4825-A53D-F7443FEBFEC0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC3766D6-2FEA-4ACA-AB13-6DF175A9F5B7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D41132F9-BCCE-4340-B104-49EEBBB92C28}" = lport=445 | protocol=6 | dir=in | app=system |
"{D622E90F-0933-465B-BC28-9C72139F0F15}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8367F76-F1AF-4D3B-BBF2-EE6181F9E833}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE586195-71BE-4744-A0D6-B0B121431EE2}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{F0E0E5D4-9A0D-44C0-9813-B7274C76D0A4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F4346086-5479-4A6E-8F14-7D08F0044573}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F79EF5E0-07A5-45D6-8ABD-873393EAAF63}" = rport=10244 | protocol=6 | dir=out | app=system |
"{F8214975-6638-4B6C-98DD-F6825A8E4191}" = lport=3390 | protocol=6 | dir=in | app=system |
"{FD61B718-0B52-4192-B30C-B77C0F12042D}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DC0B52-5A56-4EEE-9670-B1810E7AB0EF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{05548E06-FFAF-45B7-BF01-46A1A4969BDE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{09F109BA-EBB5-4B00-8A4C-2A73254AF33C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{150408AC-6193-4A9D-97A6-22BE2BF71140}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{15F64D16-FE86-41CB-8C83-CD55310A2F67}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{16072775-CDD1-417D-9FB3-72B316174FBF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{177E8C87-5003-4A50-8E44-8DE4F39BDC3A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{178D5A19-D3D8-433E-A45D-7E323B42120F}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{29EDFB8B-36C5-4A95-8987-D1DD6F0B5CB1}" = protocol=6 | dir=out | app=system |
"{2BCC85A8-107F-4195-B914-0153BACEB590}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{2CFCB24E-CD6C-4AD4-BF69-9B1535DDD9FB}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{2D4C5015-7F4C-4FBB-9561-9650751C1804}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{32313330-4147-46FB-8FC7-41BBEA4FBDEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3EDAA361-981F-427F-A8C4-4CC6160414C3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{42530451-6FAF-4F94-8468-B3DE22F1D0E3}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{42C303BE-A595-422E-86E7-B7FD5DCE959A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{42EB8B50-A952-4079-8480-4491AA4F1B97}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{46687D51-3326-41BD-B4D9-D6513FFE707F}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{4D320262-6550-4456-BC11-FF3FB57B654F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{524F73B5-C2EC-44EF-9A1D-ADC6CC823964}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\peggle deluxe\peggle.exe |
"{53A45FE4-FE9E-4556-8AD1-AB0CEF3A892A}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{62E04200-BE0A-4B7F-BAF8-00B9EDF2D7E3}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{64C80C53-3E27-4E3F-98DE-F4426B3146AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{69966BFE-013C-4333-948C-73965CA726ED}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6E1C63DB-0F20-4308-823A-7B6037B3FD2C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{72C7BA79-B483-4C72-8266-55B428EC2A4C}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{78D7609C-D0D1-42FA-B555-CA1ED77B0663}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe |
"{80EDABC2-068E-4B1E-83B5-AB6498905AB3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{83117609-0C01-40B7-8511-07E31A5DB822}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8E6A1ABC-4CD4-456B-8AF0-2C43211D1D71}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{90B5F76D-F15C-4AB9-8C92-EC0AF7380BBA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{95D92EE3-CDA5-4E6A-8AA2-16C057F7F642}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9AEFF480-C3AC-4E1C-91BA-F3043D7FF6A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B402E82-BEA6-40A4-AE52-4484B3102664}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{A090019D-DB4C-44A5-A5C9-0C098FF9CD80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A16FC2B5-9E97-4096-9459-3BFA0E08856B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A2C67DE6-F8C7-4BFE-8875-67FEBF870EEE}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A508627D-C152-40E2-A5B2-BE94EAD4941D}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{ADE62309-0D00-49E9-AD74-C765F8BA3E73}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AE3B2A38-29EF-4F18-92EE-5B1863F1535E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6B911C1-499A-42F4-AE36-6E63B6811193}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BB02B24F-2C9E-4109-8FA8-5C284433BEF7}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{BD52FDFA-4355-4048-8DDE-4A6D5DB1444E}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{C1E7B4DC-6DAA-4197-86AD-2402F7B77FC3}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C5ABA733-6162-4D23-BCFE-93E1C13743E6}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{D4306AC8-3962-4E36-9836-04E4200CE382}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D45AD202-2554-4AB7-A82E-CA2F651CB163}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4B06294-732B-4131-BDB0-930092974D77}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DC9E6640-A5BF-4ACA-8BA6-6316F1FDE6C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\peggle deluxe\peggle.exe |
"{DEC3D8C3-8AB4-4F78-AD5F-B72F2F47E17D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF2630BF-6ACD-4576-916E-B800EE18C53B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{E088300B-D131-44BD-864B-1E1D1D690948}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{E82C1A43-2FF4-4D51-9C98-D0B50AA4999F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EC1C1E65-8F24-46FD-AB84-B3CCDB4FAC5A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EC2AF791-150C-4FBC-9986-0FF819996F39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F14DC130-4983-47A3-AAF6-267162B54B33}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F251DF85-DAA8-4330-AF04-E7466D904A4B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FCE85782-4A57-46EA-AF3D-B66C9E6921DC}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"TCP Query User{5660A6A4-6AC2-46DC-8CA8-22C7560EBFC7}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{98A669FD-74C0-42C0-AC6A-2A1A6B070293}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{A7BA97DD-1072-D308-572D-07FE97251A5F}" = ATI Catalyst Install Manager
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7F364C7-D626-85EE-D162-2D4F98B6435C}" = ccc-utility64
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{0FBF1ACF-D04A-D6E7-D8BC-0FA4B2240ADD}" = Catalyst Control Center Localization Chinese Standard
"{12D64CE1-EC3C-5F31-10C1-59E1C75118D0}" = Skins
"{1C26E2F5-1BD2-A98C-B884-371A14CADA68}" = Catalyst Control Center Core Implementation
"{1C357AB8-42FB-8C16-D85C-182113227C3B}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{240FE07E-2A08-DADA-F347-F285E89728FC}" = CCC Help French
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3F7948F2-1DD2-1F76-756C-892D2BB6EC60}" = Catalyst Control Center Localization Italian
"{40196CDF-14BB-3513-0992-2CC5FF1A10C9}" = Catalyst Control Center Graphics Full Existing
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{480065EF-6F1D-D076-5B7B-0583B7368F0D}" = Catalyst Control Center Localization German
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{62D62257-AFE9-1B5A-1E2E-B2D3C362F2BF}" = CCC Help Spanish
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6C4BA523-0741-A046-6FB5-3E2AD1B04D63}" = CCC Help German
"{6E0C614F-C661-5927-7A2A-C8C1460AF978}" = Catalyst Control Center Graphics Previews Common
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F15E73A-DB15-A9CA-CDCD-C8779F43D4A9}" = Catalyst Control Center Graphics Light
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95EA8E8F-E947-9811-31F0-923F0BAB543B}" = Catalyst Control Center Localization Portuguese
"{97ABE6F8-CB59-EA31-DA82-F2E67C84E9DD}" = CCC Help English
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE7ACE9F-C729-8CB0-F117-BAC5462C67AF}" = ccc-core-static
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5C8ABD5-7AA8-181F-18AC-B7551D65325E}" = Catalyst Control Center Localization French
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CBAAFFD7-1BC7-EBBD-9ACC-F615E2CB3A9D}" = CCC Help Portuguese
"{D2998E9F-DDCB-71F0-887B-BD4D6709EB1B}" = Catalyst Control Center Graphics Full New
"{DABDC72A-7C98-502A-1649-7B81AE79085C}" = CCC Help Chinese Standard
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF7CFCDF-08ED-4BFA-8980-9F8F3A9596B3}" = All-in-One Submission 8.88
"{DFA89221-6DFA-9DA7-0F83-ECF5121F6877}" = Catalyst Control Center Localization Japanese
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E671920A-7534-D05E-F33C-3D566EAA1F93}" = Catalyst Control Center Localization Spanish
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E79E2417-00F8-9EDE-60C7-D6887F42BD85}" = Catalyst Control Center Graphics Previews Vista
"{FFC2B2AE-5695-ABA9-D0BF-185573515CFF}" = CCC Help Italian
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dungeon Keeper II" = Dungeon Keeper 2
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Steam App 3480" = Peggle Deluxe
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 440" = Team Fortress 2
"The KMPlayer" = The KMPlayer (remove only)
"uTorrent" = µTorrent
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/6/2010 8:40:59 PM | Computer Name = Lappy | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/6/2010 8:40:59 PM | Computer Name = Lappy | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/6/2010 8:40:59 PM | Computer Name = Lappy | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/6/2010 8:40:59 PM | Computer Name = Lappy | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/6/2010 8:41:18 PM | Computer Name = Lappy | Source = Application Error | ID = 1000
Description = Faulting application soffice.bin, version 3.2.9498.500, time stamp
0x4bf4c207, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a783,
exception code 0xc000012f, fault offset 0x0006ecfb, process id 0x880, application
start time 0x01cb7e146e660965.

Error - 11/6/2010 8:43:35 PM | Computer Name = Lappy | Source = Microsoft-Windows-CertificateServicesClient | ID = 1001
Description =

Error - 11/6/2010 8:43:35 PM | Computer Name = Lappy | Source = Microsoft-Windows-CertificateServicesClient | ID = 1003
Description =

Error - 11/6/2010 8:43:42 PM | Computer Name = Lappy | Source = Microsoft-Windows-CertificateServicesClient | ID = 1001
Description =

Error - 11/6/2010 8:43:42 PM | Computer Name = Lappy | Source = Microsoft-Windows-CertificateServicesClient | ID = 1003
Description =

Error - 11/6/2010 8:49:19 PM | Computer Name = Lappy | Source = EventSystem | ID = 4621
Description =

[ Media Center Events ]
Error - 11/5/2010 10:30:29 AM | Computer Name = Lappy | Source = Mcx2Prov | ID = 507
Description =

Error - 11/5/2010 10:30:29 AM | Computer Name = Lappy | Source = Mcx2Dvcs | ID = 405
Description =

[ System Events ]
Error - 10/19/2010 11:13:24 PM | Computer Name = Lappy | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 10/19/2010 11:13:24 PM | Computer Name = Lappy | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 10/19/2010 11:13:24 PM | Computer Name = Lappy | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 10/19/2010 11:13:24 PM | Computer Name = Lappy | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 10/19/2010 11:13:24 PM | Computer Name = Lappy | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 10/19/2010 11:13:24 PM | Computer Name = Lappy | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 10/19/2010 11:13:43 PM | Computer Name = Lappy | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 10/19/2010 11:20:37 PM | Computer Name = Lappy | Source = HTTP | ID = 15016
Description =

Error - 10/19/2010 11:21:11 PM | Computer Name = Lappy | Source = Service Control Manager | ID = 7000
Description =

Error - 10/19/2010 11:27:51 PM | Computer Name = Lappy | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom2, has a bad block.


< End of report >
 
For some reason second section to OTL.txt did not post:


[2010/11/11 18:51:04 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595617421-2560146394-377733985-1000UA.job
[2010/11/11 18:45:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe
[2010/11/11 18:24:37 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/11 18:24:37 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/11 18:24:37 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/11 18:18:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010/11/11 18:18:53 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/11 18:18:53 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/11 18:18:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/11 18:18:40 | 4293,320,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/10 20:56:05 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/10 20:32:03 | 002,565,432 | ---- | M] () -- C:\Users\Rich\Desktop\NTBR_CD.exe
[2010/11/10 18:15:21 | 000,089,088 | ---- | M] () -- C:\mbr.exe
[2010/11/10 00:51:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595617421-2560146394-377733985-1000Core.job
[2010/11/09 23:37:43 | 000,061,034 | ---- | M] () -- C:\Users\Rich\Documents\cc_20101109_233731.reg
[2010/11/08 22:15:29 | 000,000,836 | ---- | M] () -- C:\Users\Rich\Desktop\KMPlayer.lnk
[2010/11/07 20:39:34 | 002,255,006 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2010/11/07 18:01:52 | 000,424,717 | ---- | M] () -- C:\Users\Rich\Documents\firefox bookmarks.html
[2010/11/07 18:01:00 | 000,396,292 | ---- | M] () -- C:\Users\Rich\Documents\chrome bookmarks.html
[2010/11/07 11:02:05 | 000,029,216 | ---- | M] () -- C:\Users\Rich\AppData\Roaming\UserTile.png
[2010/11/06 18:16:02 | 000,081,920 | ---- | M] () -- C:\Users\Rich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/06 15:38:39 | 000,000,000 | ---- | M] () -- C:\Windows\iPlayer.INI
[2010/11/06 14:58:43 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/29 21:31:18 | 016,639,523 | ---- | M] () -- C:\Users\Rich\B.o.B feat. Hayley Williams and Eminem- Airplanes.mp3
[2010/10/29 16:54:52 | 000,172,227 | ---- | M] () -- C:\Users\Rich\Documents\wsdirect 10.29.csv
[2010/10/29 16:26:14 | 000,162,836 | ---- | M] () -- C:\Users\Rich\Documents\wsblog submiossion 10.29.csv
[2010/10/29 15:20:33 | 000,153,964 | ---- | M] () -- C:\Users\Rich\Documents\blog submission report 10.29.csv
[2010/10/29 13:41:43 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\All-in-One Submission 8.88 Scheduler.lnk
[2010/10/29 13:41:43 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\All-in-One Submission 8.88.lnk
[2010/10/27 17:28:17 | 000,001,944 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\All-in-One Submission 9.088.8.lnk
[2010/10/25 18:33:58 | 000,000,629 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Play League of Legends.lnk
[2010/10/24 17:23:35 | 000,019,442 | ---- | M] () -- C:\Users\Rich\Documents\anniversary 2010.odt
[2010/10/24 16:54:26 | 000,032,630 | ---- | M] () -- C:\Users\Rich\Documents\The Mechanic.odt
[2010/10/24 12:38:29 | 000,001,032 | ---- | M] () -- C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/10/21 18:26:11 | 000,001,699 | ---- | M] () -- C:\Users\Rich\Desktop\Notepad.lnk
[2010/10/21 17:06:57 | 000,001,614 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2010/10/21 07:22:58 | 000,319,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/19 22:12:49 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/10/18 21:03:22 | 000,001,804 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/10/18 21:03:09 | 000,000,905 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\World of Warcraft.lnk
[2010/10/18 20:44:49 | 000,001,027 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\OpenOffice.org 3.2.lnk
[2010/10/18 16:54:12 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/10/18 16:53:01 | 000,001,804 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/17 06:37:23 | 000,000,970 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/10/17 01:37:38 | 000,047,092 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/10/17 01:34:05 | 000,000,741 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2010/10/17 01:31:19 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010/10/16 23:49:46 | 000,002,001 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/16 23:24:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/10/16 22:52:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\Gateway_M-6888u_N-A_N1C9641000346.MRK
[2010/10/16 22:03:35 | 000,000,808 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/10/16 21:58:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

========== Files Created - No Company Name ==========

[2010/11/11 18:18:40 | 4293,320,704 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/10 20:56:05 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/10 20:32:05 | 002,565,432 | ---- | C] () -- C:\Users\Rich\Desktop\NTBR_CD.exe
[2010/11/10 18:15:43 | 000,089,088 | ---- | C] () -- C:\mbr.exe
[2010/11/09 23:37:34 | 000,061,034 | ---- | C] () -- C:\Users\Rich\Documents\cc_20101109_233731.reg
[2010/11/09 21:32:45 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/08 22:15:29 | 000,000,836 | ---- | C] () -- C:\Users\Rich\Desktop\KMPlayer.lnk
[2010/11/07 21:11:41 | 000,270,720 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
[2010/11/07 20:39:16 | 002,255,006 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2010/11/07 20:38:44 | 000,557,938 | ---- | C] () -- C:\Users\Rich\AppData\Local\dd_vcredistMSI4A08.txt
[2010/11/07 20:38:44 | 000,022,422 | ---- | C] () -- C:\Users\Rich\AppData\Local\dd_vcredistUI4A08.txt
[2010/11/07 20:38:44 | 000,010,566 | ---- | C] () -- C:\Users\Rich\AppData\Local\dd_vcredistUI4A09.txt
[2010/11/07 18:01:49 | 000,424,717 | ---- | C] () -- C:\Users\Rich\Documents\firefox bookmarks.html
[2010/11/07 18:01:00 | 000,396,292 | ---- | C] () -- C:\Users\Rich\Documents\chrome bookmarks.html
[2010/11/07 11:02:05 | 000,029,216 | ---- | C] () -- C:\Users\Rich\AppData\Roaming\UserTile.png
[2010/11/06 15:38:39 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010/11/06 14:58:43 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/29 21:30:43 | 016,639,523 | ---- | C] () -- C:\Users\Rich\B.o.B feat. Hayley Williams and Eminem- Airplanes.mp3
[2010/10/29 16:54:52 | 000,172,227 | ---- | C] () -- C:\Users\Rich\Documents\wsdirect 10.29.csv
[2010/10/29 16:26:14 | 000,162,836 | ---- | C] () -- C:\Users\Rich\Documents\wsblog submiossion 10.29.csv
[2010/10/29 15:20:33 | 000,153,964 | ---- | C] () -- C:\Users\Rich\Documents\blog submission report 10.29.csv
[2010/10/29 13:41:43 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\All-in-One Submission 8.88 Scheduler.lnk
[2010/10/29 13:41:43 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\All-in-One Submission 8.88.lnk
[2010/10/29 13:41:40 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\dbrename7.exe
[2010/10/29 13:41:40 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\Recyfull7.ico
[2010/10/27 17:28:17 | 000,001,944 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\All-in-One Submission 9.088.8.lnk
[2010/10/26 16:58:58 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/10/26 16:58:55 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/10/25 18:33:58 | 000,000,629 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Play League of Legends.lnk
[2010/10/24 17:23:33 | 000,019,442 | ---- | C] () -- C:\Users\Rich\Documents\anniversary 2010.odt
[2010/10/24 12:40:43 | 000,032,630 | ---- | C] () -- C:\Users\Rich\Documents\The Mechanic.odt
[2010/10/24 12:38:29 | 000,001,032 | ---- | C] () -- C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/10/23 02:01:50 | 000,049,160 | ---- | C] () -- C:\Windows\SysNative\infocardcpl.cpl
[2010/10/23 02:01:38 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\icardres.dll
[2010/10/23 02:01:34 | 001,168,928 | ---- | C] () -- C:\Windows\SysNative\PresentationNative_v0300.dll
[2010/10/23 02:01:34 | 000,167,432 | ---- | C] () -- C:\Windows\SysNative\infocardapi.dll
[2010/10/23 02:01:33 | 001,383,936 | ---- | C] () -- C:\Windows\SysNative\icardagt.exe
[2010/10/23 02:01:13 | 000,126,520 | ---- | C] () -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2010/10/22 16:43:18 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/10/22 16:43:18 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/10/22 16:43:17 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/10/22 16:43:17 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/10/22 16:43:17 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/10/21 18:26:11 | 000,001,699 | ---- | C] () -- C:\Users\Rich\Desktop\Notepad.lnk
[2010/10/21 17:06:57 | 000,001,614 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2010/10/21 16:59:05 | 000,442,368 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll
[2010/10/21 16:58:40 | 000,461,824 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/10/21 16:58:40 | 000,179,712 | ---- | C] () -- C:\Windows\SysNative\srvsvc.dll
[2010/10/21 16:58:40 | 000,175,104 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/10/21 16:58:40 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2010/10/21 16:58:39 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2010/10/21 16:58:39 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\sscore.dll
[2010/10/21 16:58:33 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/10/21 07:03:19 | 000,316,416 | ---- | C] () -- C:\Windows\SysNative\msshsq.dll
[2010/10/19 22:12:49 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/10/19 22:08:11 | 000,158,208 | ---- | C] () -- C:\Windows\SysNative\mscorier.dll
[2010/10/19 22:07:59 | 000,076,288 | ---- | C] () -- C:\Windows\SysNative\mscories.dll
[2010/10/19 22:04:00 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll
[2010/10/19 22:03:56 | 000,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys
[2010/10/19 22:03:56 | 000,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll
[2010/10/19 21:58:44 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/10/19 21:58:44 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/10/19 21:58:40 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/10/19 21:58:39 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/10/19 21:58:39 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/10/19 17:31:22 | 000,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2010/10/19 17:30:37 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/10/19 17:30:33 | 001,923,584 | ---- | C] () -- C:\Windows\SysNative\ole32.dll
[2010/10/19 17:30:26 | 000,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2010/10/19 17:30:26 | 000,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2010/10/19 17:30:26 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\iyuv_32.dll
[2010/10/19 17:30:26 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\msvidc32.dll
[2010/10/19 17:30:26 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\msyuv.dll
[2010/10/19 17:30:26 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\msrle32.dll
[2010/10/19 17:30:26 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\tsbyuv.dll
[2010/10/19 17:30:25 | 000,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2010/10/19 17:30:24 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\msvfw32.dll
[2010/10/19 17:29:49 | 000,791,552 | ---- | C] () -- C:\Windows\SysNative\localspl.dll
[2010/10/19 17:29:34 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/10/19 17:29:33 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010/10/19 17:29:33 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/10/19 17:29:29 | 001,280,512 | ---- | C] () -- C:\Windows\SysNative\rpcrt4.dll
[2010/10/19 17:29:17 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/10/19 17:28:48 | 000,656,384 | ---- | C] () -- C:\Windows\SysNative\kerberos.dll
[2010/10/19 17:28:40 | 000,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll
[2010/10/19 17:28:36 | 000,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
[2010/10/19 17:28:29 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/10/19 17:28:25 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
[2010/10/19 17:28:17 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/10/19 17:28:16 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/10/19 17:28:16 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2010/10/19 17:28:11 | 000,189,952 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/10/19 17:28:08 | 000,633,856 | ---- | C] () -- C:\Windows\SysNative\comctl32.dll
[2010/10/19 17:28:04 | 000,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll
[2010/10/19 17:28:04 | 000,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll
[2010/10/19 17:27:58 | 001,208,832 | ---- | C] () -- C:\Windows\SysNative\kernel32.dll
[2010/10/19 17:27:55 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\amxread.dll
[2010/10/19 17:27:55 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\apilogen.dll
[2010/10/19 17:27:53 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/10/19 17:27:49 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/10/19 17:27:47 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
[2010/10/19 17:27:43 | 002,751,488 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/10/19 17:27:28 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/10/19 17:27:26 | 000,324,608 | ---- | C] () -- C:\Windows\SysNative\PortableDeviceApi.dll
[2010/10/19 17:27:23 | 002,423,296 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2010/10/19 17:27:18 | 000,880,640 | ---- | C] () -- C:\Windows\SysNative\timedate.cpl
[2010/10/19 17:27:02 | 013,425,152 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2010/10/19 17:26:59 | 010,624,512 | ---- | C] () -- C:\Windows\SysWow64\wmp.dll
[2010/10/19 17:26:55 | 008,147,456 | ---- | C] () -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/19 17:26:54 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2010/10/19 17:26:31 | 001,030,656 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2010/10/19 17:26:28 | 000,718,336 | ---- | C] () -- C:\Windows\SysNative\rpcss.dll
[2010/10/19 17:26:26 | 000,231,424 | ---- | C] () -- C:\Windows\SysNative\sdohlp.dll
[2010/10/19 17:26:26 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\iasrecst.dll
[2010/10/19 17:26:26 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\iasads.dll
[2010/10/19 17:26:26 | 000,061,440 | ---- | C] () -- C:\Windows\SysNative\iasdatastore.dll
[2010/10/19 17:26:26 | 000,036,352 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2010/10/19 17:26:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysNative\iashost.exe
[2010/10/19 17:25:28 | 000,594,944 | ---- | C] () -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/10/19 17:25:28 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\RMActivate.exe
[2010/10/19 17:25:24 | 000,413,696 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/10/19 17:25:23 | 000,535,040 | ---- | C] () -- C:\Windows\SysNative\secproc.dll
[2010/10/19 17:25:23 | 000,534,016 | ---- | C] () -- C:\Windows\SysNative\secproc_isv.dll
[2010/10/19 17:25:23 | 000,409,600 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/10/19 17:25:21 | 000,457,216 | ---- | C] () -- C:\Windows\SysNative\msdrm.dll
[2010/10/19 17:25:21 | 000,159,232 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/10/19 17:25:21 | 000,158,720 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp.dll
[2010/10/19 17:25:18 | 000,753,152 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2010/10/19 17:25:09 | 002,452,872 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dat
[2010/10/19 17:25:06 | 005,692,928 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/10/19 17:25:04 | 007,015,424 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/10/19 17:25:03 | 003,587,584 | ---- | C] () -- C:\Windows\SysWow64\mshtml.dll
[2010/10/19 17:25:02 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/10/19 17:25:02 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/10/19 17:25:01 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/10/19 17:24:59 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/10/19 17:24:59 | 000,590,848 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/10/19 17:24:59 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/10/19 17:24:58 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/10/19 17:24:57 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/10/19 17:24:57 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010/10/19 17:24:57 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/10/19 17:24:56 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/10/19 17:24:56 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/10/19 17:24:56 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/10/19 17:24:55 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/10/19 17:24:55 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2010/10/19 17:24:55 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/10/19 17:24:40 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010/10/19 17:24:35 | 002,900,480 | ---- | C] () -- C:\Windows\SysNative\WMVCORE.DLL
[2010/10/19 17:24:32 | 003,547,136 | ---- | C] () -- C:\Windows\SysNative\mf.dll
[2010/10/19 17:24:24 | 001,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll
[2010/10/19 17:24:24 | 000,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2010/10/19 17:24:24 | 000,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll
[2010/10/19 17:24:23 | 000,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys
[2010/10/19 17:24:23 | 000,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll
[2010/10/19 17:24:23 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe
[2010/10/19 17:24:20 | 000,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll
[2010/10/19 17:23:53 | 000,141,312 | ---- | C] () -- C:\Windows\SysNative\netiohlp.dll
[2010/10/19 17:23:52 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\NETSTAT.EXE
[2010/10/19 17:23:52 | 000,023,040 | ---- | C] () -- C:\Windows\SysNative\ARP.EXE
[2010/10/19 17:23:52 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\MRINFO.EXE
[2010/10/19 17:23:51 | 000,021,504 | ---- | C] () -- C:\Windows\SysNative\ROUTE.EXE
[2010/10/19 17:23:51 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\finger.exe
[2010/10/19 17:23:51 | 000,010,752 | ---- | C] () -- C:\Windows\SysNative\TCPSVCS.EXE
[2010/10/19 17:23:51 | 000,010,240 | ---- | C] () -- C:\Windows\SysNative\HOSTNAME.EXE
[2010/10/19 17:23:15 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/10/19 17:23:12 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/10/19 17:23:11 | 000,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
[2010/10/19 17:23:08 | 000,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll
[2010/10/19 17:23:05 | 000,730,112 | ---- | C] () -- C:\Windows\SysNative\msdtcprx.dll
[2010/10/19 17:23:05 | 000,048,640 | ---- | C] () -- C:\Windows\SysNative\xolehlp.dll
[2010/10/19 17:23:03 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm
[2010/10/19 17:23:01 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
[2010/10/19 17:22:39 | 000,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll
[2010/10/19 17:22:37 | 000,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll
[2010/10/19 17:22:37 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx
[2010/10/19 17:22:37 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll
[2010/10/19 17:22:34 | 000,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb
[2010/10/19 17:22:34 | 000,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb
[2010/10/19 17:22:29 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/10/19 17:22:27 | 001,090,048 | ---- | C] () -- C:\Windows\SysNative\wmpmde.dll
[2010/10/19 17:22:24 | 002,608,803 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2010/10/19 17:22:23 | 000,353,280 | ---- | C] () -- C:\Windows\SysNative\wlanmsm.dll
[2010/10/19 17:22:22 | 000,615,936 | ---- | C] () -- C:\Windows\SysNative\wlansvc.dll
[2010/10/19 17:22:22 | 000,376,832 | ---- | C] () -- C:\Windows\SysNative\wlansec.dll
[2010/10/19 17:22:22 | 000,157,184 | ---- | C] () -- C:\Windows\SysNative\L2SecHC.dll
[2010/10/19 17:22:22 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\wlanhlp.dll
[2010/10/19 17:22:22 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\wlanapi.dll
[2010/10/18 21:03:22 | 000,001,804 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/10/18 21:03:09 | 000,000,905 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\World of Warcraft.lnk
[2010/10/18 20:44:49 | 000,001,027 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\OpenOffice.org 3.2.lnk
[2010/10/18 16:54:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/18 16:53:01 | 000,001,804 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/18 16:41:23 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll
[2010/10/18 16:41:22 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll
[2010/10/18 16:33:28 | 002,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
[2010/10/18 16:33:28 | 000,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
[2010/10/18 16:33:28 | 000,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
[2010/10/18 16:33:27 | 002,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
[2010/10/18 16:33:15 | 000,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
[2010/10/18 16:33:15 | 000,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
[2010/10/18 16:33:15 | 000,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
[2010/10/18 16:33:04 | 000,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
[2010/10/18 16:33:04 | 000,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
[2010/10/17 19:41:30 | 000,428,078 | ---- | C] () -- C:\Users\Rich\AppData\Local\dd_vcredistMSI356F.txt
[2010/10/17 19:41:30 | 000,012,138 | ---- | C] () -- C:\Users\Rich\AppData\Local\dd_vcredistUI356F.txt
[2010/10/17 18:56:44 | 003,851,784 | ---- | C] () -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/10/17 08:09:25 | 000,126,312 | ---- | C] () -- C:\Windows\SysNative\GEARAspi64.dll
[2010/10/17 08:09:25 | 000,034,152 | ---- | C] () -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010/10/17 06:37:23 | 000,000,970 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/10/17 06:25:44 | 000,607,232 | ---- | C] () -- C:\Users\Rich\Documents\Person Motion Test 1.avi
[2010/10/17 06:25:43 | 002,394,112 | ---- | C] () -- C:\Users\Rich\Documents\Human Test 2.avi
[2010/10/17 06:25:43 | 002,393,808 | ---- | C] () -- C:\Users\Rich\Documents\Stop Motion 6.avi
[2010/10/17 06:25:43 | 002,311,916 | ---- | C] () -- C:\Users\Rich\Documents\Stop Motion 3.avi
[2010/10/17 06:25:43 | 001,458,968 | ---- | C] () -- C:\Users\Rich\Documents\Stop Motion 4.avi
[2010/10/17 06:25:43 | 001,320,264 | ---- | C] () -- C:\Users\Rich\Documents\Stop Motion 2.avi
[2010/10/17 06:25:43 | 001,190,614 | ---- | C] () -- C:\Users\Rich\Documents\Stop Motion 1.avi
[2010/10/17 06:25:43 | 000,607,172 | ---- | C] () -- C:\Users\Rich\Documents\Stop Motion 5.avi
[2010/10/17 06:25:30 | 000,386,560 | ---- | C] () -- C:\Users\Rich\Documents\Motion 23.avi
[2010/10/17 06:25:23 | 000,081,920 | ---- | C] () -- C:\Users\Rich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/17 01:35:11 | 001,603,584 | ---- | C] () -- C:\Windows\SysNative\stlang64.dll
[2010/10/17 01:35:11 | 000,119,296 | ---- | C] () -- C:\Windows\SysNative\stacsv64.exe
[2010/10/17 01:35:10 | 005,593,088 | ---- | C] () -- C:\Windows\SysNative\IDTSG64.cpl
[2010/10/17 01:34:40 | 000,620,544 | ---- | C] () -- C:\Windows\SysNative\stapo64.dll
[2010/10/17 01:34:40 | 000,364,544 | ---- | C] () -- C:\Windows\SysNative\stapi64.dll
[2010/10/17 01:34:40 | 000,347,648 | ---- | C] () -- C:\Windows\SysNative\stcplx64.dll
[2010/10/17 01:34:06 | 000,293,376 | ---- | C] () -- C:\Windows\SysNative\BtwRSupport.dll
[2010/10/17 01:34:05 | 000,000,741 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2010/10/17 01:31:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/10/16 23:49:46 | 000,002,001 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/16 23:46:45 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595617421-2560146394-377733985-1000UA.job
[2010/10/16 23:46:45 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595617421-2560146394-377733985-1000Core.job
[2010/10/16 23:24:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/10/16 22:52:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\Gateway_M-6888u_N-A_N1C9641000346.MRK
[2010/10/16 22:49:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010/10/16 22:49:23 | 000,585,216 | ---- | C] () -- C:\Windows\SysNative\INT15_64.dll
[2010/10/16 22:49:23 | 000,017,952 | ---- | C] () -- C:\Windows\SysNative\drivers\int15_64.sys
[2010/10/16 22:47:15 | 005,631,520 | ---- | C] () -- C:\Windows\System\DriveIcon.dll
[2010/10/16 22:47:15 | 000,062,464 | ---- | C] () -- C:\Windows\SysNative\drivers\RTSTOR64.sys
[2010/10/16 22:47:15 | 000,038,660 | ---- | C] () -- C:\Windows\System\sd.ico
[2010/10/16 22:47:15 | 000,037,300 | ---- | C] () -- C:\Windows\System\cf.ico
[2010/10/16 22:47:15 | 000,037,041 | ---- | C] () -- C:\Windows\System\sm.ico
[2010/10/16 22:47:15 | 000,034,530 | ---- | C] () -- C:\Windows\System\ms.ico
[2010/10/16 22:47:15 | 000,005,430 | ---- | C] () -- C:\Windows\System\MyMulti.ico
[2010/10/16 22:43:14 | 000,000,258 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/10/16 22:43:14 | 000,000,240 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/10/16 22:03:35 | 000,000,808 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/10/16 21:58:49 | 000,121,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/10/16 21:58:49 | 000,020,048 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/10/16 21:58:48 | 000,051,280 | ---- | C] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/10/16 21:58:48 | 000,028,752 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/10/16 21:58:47 | 000,061,008 | ---- | C] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/10/16 21:58:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/10/16 21:58:25 | 000,426,230 | ---- | C] () -- C:\Users\Rich\AppData\Local\dd_vcredistMSI5014.txt
[2010/10/16 21:58:24 | 000,012,286 | ---- | C] () -- C:\Users\Rich\AppData\Local\dd_vcredistUI5014.txt
[2009/03/04 13:33:35 | 001,695,744 | ---- | C] () -- C:\Windows\SysWow64\gameux.dll
[2009/03/04 13:06:36 | 003,936,256 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dll
[2008/01/20 21:50:15 | 000,127,488 | ---- | C] () -- C:\Windows\SysWow64\aclui.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/20 21:49:00 | 002,226,688 | ---- | C] () -- C:\Windows\SysWow64\networkexplorer.dll

========== LOP Check ==========

[2010/10/19 22:29:40 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\DAEMON Tools Lite
[2010/10/18 20:45:43 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\LolClient
[2010/10/24 12:36:34 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\OpenOffice.org
[2010/11/07 11:02:03 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\PeerNetworking
[2010/11/08 23:27:13 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\uTorrent
[2010/11/10 21:01:11 | 000,026,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/01/20 21:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2009/03/04 13:09:41 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/11/11 18:18:40 | 4293,320,704 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 07:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/03/04 15:32:38 | 000,000,165 | ---- | M] () -- C:\Labelprint.log
[2010/11/10 18:15:21 | 000,089,088 | ---- | M] () -- C:\mbr.exe
[2010/11/10 18:17:31 | 000,000,227 | ---- | M] () -- C:\mbr.log
[2005/09/23 02:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/11/11 18:18:38 | 311,955,455 | -HS- | M] () -- C:\pagefile.sys
[2010/10/16 22:51:01 | 000,000,163 | ---- | M] () -- C:\power2go.log
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 10:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 10:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/10/21 17:06:57 | 000,000,344 | -HS- | M] () -- C:\Users\Rich\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/11/10 20:32:03 | 002,565,432 | ---- | M] () -- C:\Users\Rich\Desktop\NTBR_CD.exe
[2010/11/11 18:45:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/10/16 22:45:40 | 000,000,402 | -HS- | M] () -- C:\Users\Rich\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
 
Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

======================================================================

Please, uninstall Wise Registry Cleaner.
Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

========================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4 - HKLM..\Run: [eRecoveryService] File not found
O33 - MountPoints2\{1eed668e-d9a2-11df-9104-000325249adc}\Shell\AutoRun\command - "" = G:\wdsync.exe -- File not found
O33 - MountPoints2\{9e12a464-e370-11df-a761-000325249adc}\Shell\AutoRun\command - "" = G:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{9e12a464-e370-11df-a761-000325249adc}\Shell\slacker\command - "" = G:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{d129d577-dbf8-11df-8cd8-001f3cacead8}\Shell - "" = AutoRun
O33 - MountPoints2\{d129d577-dbf8-11df-8cd8-001f3cacead8}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
[2010/10/16 23:44:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
[2010/10/16 22:45:46 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Symantec
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

========================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
I've had an issue trying to install Java. The link doesn't allow me to auto detect what version I have so I downloaded the file manually. While installing I keep getting this error and it resets once I click ok:

Warning - Java(TM) Update
bin\net.dll: Old File not found. However, a file of the same name was found. No update done since file contents do not match.

Also, for some reason I can't find Wise Registry Cleaner in my programs under Control Panel and no Uninstall link is in start up so will have to do some searching for that.
 
Regrading Java....run JavaRa first.
Then, try updating.

Regarding Wise Registry Cleaner, probably just a a folder left in Program Files. Remove it.
 
I ran OTL and unfortunately I pasted the log into a the quick reply on here without clicking sending before running the other programs that needed a reboot. Would rerunning still give you the correct results, or is there a way to get the old results back? Also unfortunately the Security Check program is having the same problem DDS did with attempting to open Notepad but failing with an error saying it's not for 64-bit systems.
 
You can safely re-run OTL fix.

Right click on SecurityCheck.exe and click "Run As Administrator".
 
I tried running Security Check as Admin but it still shows same message when it attempts to open up Notebook so I'm unable to get that log. Here's the one for OTL. Will get online virus log soon.

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eed668e-d9a2-11df-9104-000325249adc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1eed668e-d9a2-11df-9104-000325249adc}\ not found.
File G:\wdsync.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e12a464-e370-11df-a761-000325249adc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e12a464-e370-11df-a761-000325249adc}\ not found.
File G:\slacker.synclauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e12a464-e370-11df-a761-000325249adc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e12a464-e370-11df-a761-000325249adc}\ not found.
File G:\slacker.synclauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d129d577-dbf8-11df-8cd8-001f3cacead8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d129d577-dbf8-11df-8cd8-001f3cacead8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d129d577-dbf8-11df-8cd8-001f3cacead8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d129d577-dbf8-11df-8cd8-001f3cacead8}\ not found.
File E:\autorun.exe not found.
Folder C:\Users\Public\Documents\Symantec\ not found.
Folder C:\Users\Rich\AppData\Roaming\Symantec\ not found.
Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Rich
->Temp folder emptied: 494517 bytes
->Temporary Internet Files folder emptied: 184978 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 9364860 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 521 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Mcx1

User: Public

User: Rich
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11122010_105020

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XTD92DDX\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHK8EHZ1\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNGWUF52\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CA8AHTNZ\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.
 

Similar threads

zohaibahd
Ingenious DIY setup powers home for 8 years with over 1,000 repurposed laptop batteries
Replies
24
Views
3K
Mokona
M
Daniel Sims
Snapdragon 8 Elite arrives with Linux support, potentially unlocking PC gaming on phones and tablets
Replies
3
Views
254
Porkous
P
midian182
Call of Duty: Black Ops 6 PC system requirements revealed ahead of beta
Replies
2
Views
439
Lew Zealand
Lew Zealand

Latest posts

Back