Inactive [A] Another novice lookin' for help with sirefef.y

[MTshortstuff]

Hey guys. Like many others, my home computer got infected with Win64/sirefef.y today. I've browsed the threads you have made for other users, and I have followed the instructions up to the point where I can get the initial report from the Farbar Recovery Scan Tool. It seems like the action to take from here is unique to each infected computer, so I was wondering if I could get the 411 on my situation.

Here is the report. Thanks in advance guys

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 30-07-2012 19:26:15
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [162328 2011-02-11] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2011-02-11] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [417304 2011-02-11] (Intel Corporation)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k [244480 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Gateway Photo Frame] "C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -A [124416 2009-07-20] (IOI)
HKLM-x32\...\Run: [Qwest Personal Digital Vault] "C:\Program Files (x86)\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe" /m [1064808 2009-12-18] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-04-14] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [x]
HKLM-x32\...\Run: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [380416 2012-03-16] ()
HKLM-x32\...\Run: [BYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe [392280 2012-03-14] (LG Electronics)
HKU\Betsy\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-08-27] (Google Inc.)
HKU\Betsy\...\Run: [Ihotushi] C:\Users\Betsy\AppData\Roaming\Avatbo\myco.exe [307200 2010-09-28] (IconFX Software)
HKU\Betsy\...\Policies\system: [LogonHoursAction] 2
HKU\Betsy\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Brandon\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-10] (Microsoft Corporation)
HKU\Brandon\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-08-27] (Google Inc.)
HKU\Brandon\...\Run: [winupd] C:\Users\Brandon\AppData\Local\Temp:winupd.exe [x]
HKU\Brandon\...\Policies\system: [LogonHoursAction] 2
HKU\Brandon\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25

==================== Services (Whitelisted) ======

3 FirebirdServerMAGIXInstance; "C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe" [3276800 2008-08-07] (MAGIXÆ)
4 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [62208 2009-08-12] (NewTech Infosystems, Inc.)
2 uvnc_service_gs; "C:\Program Files (x86)\Gbridge LLC\Gbridge\gbwinvnc.exe" -service [1587536 2010-06-11] (UltraVNC)
3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)
3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)
3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)
2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service [x]

========================== Drivers (Whitelisted) =============

3 gbridge; C:\Windows\System32\DRIVERS\gbridge64.sys [48192 2009-10-12] (Gbridge LLC)
3 GEARAspiWDM; C:\Windows\SysWow64\Drivers\GEARAspiWDM.sys [15664 2011-03-02] (GEAR Software Inc.)
3 OV550I; C:\Windows\System32\Drivers\FilmScan.sys [196992 2008-02-21] (Omnivision Technologies, Inc.)
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [16896 2009-05-05] (NewTech Infosystems Corporation)
1 jzagqzbv; \??\C:\Windows\system32\drivers\jzagqzbv.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-30 19:26 - 2012-07-30 19:26 - 00000000 ____D C:\FRST
2012-07-30 16:48 - 2012-07-30 16:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14A7F2C64F543E3B
2012-07-30 16:44 - 2012-07-30 16:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E640E03D67A50D59
2012-07-30 14:55 - 2012-07-30 14:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D5EC784F0D89CA26
2012-07-30 14:49 - 2012-07-30 14:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2F1680CCAE39D33
2012-07-30 14:46 - 2012-07-30 14:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4B44364F8E12FF01
2012-07-30 14:39 - 2012-07-30 14:40 - 00001273 ____A C:\Users\Betsy\Desktop\shutdown.lnk
2012-07-30 14:23 - 2012-07-30 14:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5303699A6A8B0AC
2012-07-30 14:16 - 2012-07-30 14:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16E1673C7590AEC7
2012-07-30 14:10 - 2012-07-30 14:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.895625ADFD36B12C
2012-07-30 14:06 - 2012-07-30 14:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-30 14:04 - 2012-07-30 14:05 - 12621696 ____A (Microsoft Corporation) C:\Users\Betsy\Downloads\mseinstall.exe
2012-07-30 14:02 - 2012-07-30 14:02 - 07866472 ____A (Microsoft Corporation) C:\Users\Betsy\Desktop\mseinstall.exe
2012-07-30 14:01 - 2012-07-30 14:01 - 00352976 ____A (Softonic) C:\Users\Betsy\Downloads\SoftonicDownloader_for_microsoft-security-essentials.exe
2012-07-30 13:44 - 2012-07-30 13:45 - 00000000 ___SD C:\32788R22FWJFW
2012-07-30 13:44 - 2012-07-30 13:45 - 00000000 ____D C:\Qoobox
2012-07-30 13:43 - 2012-07-30 13:44 - 04722436 ____R (Swearware) C:\Users\Betsy\Downloads\ComboFix.exe
2012-07-29 19:26 - 2012-07-29 20:04 - 00000480 ____A C:\Windows\Tasks\PC Utility Kit Registration3.job
2012-07-29 19:26 - 2012-07-29 20:04 - 00000446 ____A C:\Windows\Tasks\PC Utility Kit Update3.job
2012-07-29 19:26 - 2012-07-29 20:04 - 00000444 ____A C:\Windows\Tasks\PC Utility Kit.job
2012-07-29 19:26 - 2012-07-29 19:26 - 00001199 ____A C:\Users\Betsy\Desktop\PC Utility Kit.lnk
2012-07-29 19:26 - 2012-07-29 19:26 - 00000000 ____D C:\Users\Betsy\AppData\Roaming\PC Utility Kit
2012-07-29 19:26 - 2012-07-29 19:26 - 00000000 ____D C:\Users\Betsy\AppData\Roaming\DriverCure
2012-07-29 19:26 - 2012-07-29 19:26 - 00000000 ____D C:\Users\All Users\PC Utility Kit
2012-07-29 19:26 - 2012-07-29 19:26 - 00000000 ____D C:\Program Files (x86)\PC Utility Kit
2012-07-18 07:01 - 2012-07-18 07:01 - 00226816 ____A C:\Users\Betsy\Documents\2012-13 MOA Registration Word Template.dot
2012-07-17 03:15 - 2012-07-17 16:17 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2012-07-11 09:41 - 2012-07-11 09:41 - 00104674 ____A C:\Users\Betsy\Downloads\decibel.zip
2012-07-11 09:41 - 2012-07-11 09:41 - 00000000 ____D C:\Users\Betsy\Downloads\decibel

============ 3 Months Modified Files ========================

2012-07-30 16:54 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-30 16:54 - 2009-07-13 20:51 - 00088478 ____A C:\Windows\setupact.log
2012-07-30 16:48 - 2012-07-30 16:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14A7F2C64F543E3B
2012-07-30 16:44 - 2012-07-30 16:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E640E03D67A50D59
2012-07-30 14:58 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-30 14:57 - 2010-01-31 18:32 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-30 14:55 - 2012-07-30 14:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D5EC784F0D89CA26
2012-07-30 14:49 - 2012-07-30 14:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2F1680CCAE39D33
2012-07-30 14:46 - 2012-07-30 14:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4B44364F8E12FF01
2012-07-30 14:40 - 2012-07-30 14:39 - 00001273 ____A C:\Users\Betsy\Desktop\shutdown.lnk
2012-07-30 14:23 - 2012-07-30 14:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5303699A6A8B0AC
2012-07-30 14:23 - 2009-07-13 21:13 - 00005202 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-30 14:16 - 2012-07-30 14:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16E1673C7590AEC7
2012-07-30 14:16 - 2009-10-22 15:33 - 01377972 ___AH C:\Windows\WindowsUpdate.log
2012-07-30 14:11 - 2009-08-27 12:54 - 00235476 ____A C:\Windows\PFRO.log
2012-07-30 14:10 - 2012-07-30 14:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.895625ADFD36B12C
2012-07-30 14:06 - 2011-01-29 16:57 - 00005168 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-30 14:05 - 2012-07-30 14:04 - 12621696 ____A (Microsoft Corporation) C:\Users\Betsy\Downloads\mseinstall.exe
2012-07-30 14:02 - 2012-07-30 14:02 - 07866472 ____A (Microsoft Corporation) C:\Users\Betsy\Desktop\mseinstall.exe
2012-07-30 14:01 - 2012-07-30 14:01 - 00352976 ____A (Softonic) C:\Users\Betsy\Downloads\SoftonicDownloader_for_microsoft-security-essentials.exe
2012-07-30 13:55 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-30 13:55 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-30 13:49 - 2010-01-31 18:32 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-30 13:44 - 2012-07-30 13:43 - 04722436 ____R (Swearware) C:\Users\Betsy\Downloads\ComboFix.exe
2012-07-29 20:04 - 2012-07-29 19:26 - 00000480 ____A C:\Windows\Tasks\PC Utility Kit Registration3.job
2012-07-29 20:04 - 2012-07-29 19:26 - 00000446 ____A C:\Windows\Tasks\PC Utility Kit Update3.job
2012-07-29 20:04 - 2012-07-29 19:26 - 00000444 ____A C:\Windows\Tasks\PC Utility Kit.job
2012-07-29 20:04 - 2012-04-18 17:41 - 00002427 ____A C:\Windows\SysWOW64\lgAxconfig.ini
2012-07-29 19:53 - 2012-01-23 19:20 - 00001076 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-29 19:30 - 2011-12-22 16:46 - 00002257 ___AH C:\Users\Brandon\Desktop\Jodix Free WMA to MP3 Converter.lnk
2012-07-29 19:30 - 2010-01-24 08:04 - 00002186 ___AH C:\Users\Brandon\Desktop\Magic DVD Ripper.lnk
2012-07-29 19:26 - 2012-07-29 19:26 - 00001199 ____A C:\Users\Betsy\Desktop\PC Utility Kit.lnk
2012-07-25 18:04 - 2009-12-07 13:32 - 00119912 ____A C:\Users\Betsy\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-25 18:04 - 2009-07-13 20:45 - 00433080 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-18 07:01 - 2012-07-18 07:01 - 00226816 ____A C:\Users\Betsy\Documents\2012-13 MOA Registration Word Template.dot
2012-07-17 16:17 - 2012-07-17 03:15 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2012-07-12 11:08 - 2011-08-09 12:40 - 00002307 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-11 09:41 - 2012-07-11 09:41 - 00104674 ____A C:\Users\Betsy\Downloads\decibel.zip
2012-07-03 11:46 - 2011-12-19 19:40 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

ZeroAccess:
C:\Windows\Installer\{31fb4b83-073c-0c52-27fd-c725bde1cb8f}
C:\Windows\Installer\{31fb4b83-073c-0c52-27fd-c725bde1cb8f}\L
C:\Windows\Installer\{31fb4b83-073c-0c52-27fd-c725bde1cb8f}\U

ZeroAccess:
C:\Users\Betsy\AppData\Local\{31fb4b83-073c-0c52-27fd-c725bde1cb8f}
C:\Users\Betsy\AppData\Local\{31fb4b83-073c-0c52-27fd-c725bde1cb8f}\@
C:\Users\Betsy\AppData\Local\{31fb4b83-073c-0c52-27fd-c725bde1cb8f}\L
C:\Users\Betsy\AppData\Local\{31fb4b83-073c-0c52-27fd-c725bde1cb8f}\n
C:\Users\Betsy\AppData\Local\{31fb4b83-073c-0c52-27fd-c725bde1cb8f}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 6109.14 MB
Available physical RAM: 5398.61 MB
Total Pagefile: 6107.29 MB
Available Pagefile: 5392.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Gateway) (Fixed) (Total:916.41 GB) (Free:816.55 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:5.43 GB) NTFS
4 Drive g: (GROBELS) (Fixed) (Total:931.09 GB) (Free:927.67 GB) FAT32
5 Drive h: (BRENT HEIST) (Removable) (Total:0.95 GB) (Free:0.95 GB) FAT
9 Drive l: () (Removable) (Total:0.95 GB) (Free:0.05 GB) FAT
11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
12 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 931 GB 0 B
Disk 2 Online 974 MB 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 968 MB 0 B
Disk 7 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 15 GB 1024 KB
Partition 2 Primary 100 MB 15 GB
Partition 3 Primary 916 GB 15 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 15 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Gateway NTFS Partition 916 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 200 MB 512 B
Partition 2 Primary 931 GB 201 MB

==================================================================================

Disk: 1
Partition 1
Type : EE
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 1
Partition 2
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G GROBELS FAT32 Partition 931 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 974 MB 0 B

==================================================================================

Disk: 2
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

==================================================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 968 MB 124 KB

==================================================================================

Disk: 6
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 L FAT Removable 968 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-25 20:58

======================= End Of Log ==========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

 

[MTshortstuff]

You're a machine man! Sooo snappy with these replies!

My bad - Should've known to do that before posting. I've been around a lot of forums, but I know next to nothing about manual virus/malware removal haha.

It's doin' its thing...

Aight, here we go.

Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-30 19:57:53
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-07-30 14:58] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

 

[Broni]

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[MTshortstuff]

I think I've done the first part right, but no guarantees. It's tellin' me "Fix completed. The 'Fixlog.txt' is saved in the same directory FRST is located."

Fixlog.txt says:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-30 20:13:46 Run:1
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_USERS\Betsy\Software\Microsoft\Windows\CurrentVersion\Run\\Ihotushi Value deleted successfully.
HKEY_USERS\Brandon\Software\Microsoft\Windows\CurrentVersion\Run\\winupd Value deleted successfully.
C:\Users\Betsy\AppData\Roaming\Avatbo\myco.exe moved successfully.
C:\Users\Brandon\AppData\Local\Temp:winupd.exe not found.
jzagqzbv service deleted successfully.
C:\Windows\system32\drivers\jzagqzbv.sys not found.
C:\Windows\System32\services.exe.14A7F2C64F543E3B moved successfully.
C:\Windows\System32\services.exe.E640E03D67A50D59 moved successfully.
C:\Windows\System32\services.exe.D5EC784F0D89CA26 moved successfully.
C:\Windows\System32\services.exe.E2F1680CCAE39D33 moved successfully.
C:\Windows\System32\services.exe.4B44364F8E12FF01 moved successfully.
C:\Users\Betsy\Desktop\shutdown.lnk moved successfully.
C:\Windows\System32\services.exe.A5303699A6A8B0AC moved successfully.
C:\Windows\System32\services.exe.16E1673C7590AEC7 moved successfully.
C:\Windows\System32\services.exe.895625ADFD36B12C moved successfully.
C:\Windows\Installer\{31fb4b83-073c-0c52-27fd-c725bde1cb8f} moved successfully.
C:\Users\Betsy\AppData\Local\{31fb4b83-073c-0c52-27fd-c725bde1cb8f} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Now I'm restarting normally...PC seems to be runnin' mighty fine man! None of that "Shuttin' down in one minute" jazz! I knew a man like you knew what he was doing haha.

Now I'm giving it a dose of ComboFix, seeing that I don't have the program. I can't promise anything, but I think all of my stuff is disabled.

Got it on the desktop, clicked it, and it's "preparing to run" and now it's creating a System Restore point. It's completing some stages, and now it's deleting a slew of files and folders. Rebooting now.

It's making the Log Report...Got it!

ComboFix 12-07-30.01 - Betsy 07/30/2012 20:31:51.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.4891 [GMT -6:00]
Running from: c:\users\Betsy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Betsy\AppData\Roaming\Microsoft\~DFK78ff334b.tmp
c:\users\Betsy\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Betsy\AppData\Roaming\Microsoft\bass.dll
c:\users\Betsy\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Betsy\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Betsy\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Betsy\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Betsy\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\Betsy\AppData\Roaming\Moasy
c:\users\Betsy\AppData\Roaming\Moasy\olegn.leu
c:\users\Betsy\g2mdlhlpx.exe
c:\users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\windows\Installer\{31fb4b83-073c-0c52-27fd-c725bde1cb8f}\@
c:\windows\Installer\{31fb4b83-073c-0c52-27fd-c725bde1cb8f}\U\00000001.@
c:\windows\Installer\{31fb4b83-073c-0c52-27fd-c725bde1cb8f}\U\80000000.@
c:\windows\Installer\{31fb4b83-073c-0c52-27fd-c725bde1cb8f}\U\800000cb.@
c:\windows\SysWow64\SET650F.tmp
c:\windows\SysWow64\SET6A7E.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RelevantKnowledge
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-31 03:26 . 2012-07-31 03:26--------d-----w-C:\FRST
2012-07-31 02:37 . 2012-07-31 02:37--------d-----w-c:\users\Default\AppData\Local\temp
2012-07-30 03:26 . 2012-07-30 03:26--------d-----w-c:\users\Betsy\AppData\Roaming\PC Utility Kit
2012-07-30 03:26 . 2012-07-30 03:26--------d-----w-c:\users\Betsy\AppData\Roaming\DriverCure
2012-07-30 03:26 . 2012-07-30 03:26--------d-----w-c:\program files (x86)\Common Files\PC Utility Kit
2012-07-30 03:26 . 2012-07-30 03:26--------d-----w-c:\programdata\PC Utility Kit
2012-07-30 03:26 . 2012-07-30 03:26--------d-----w-c:\program files (x86)\PC Utility Kit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 19:46 . 2011-12-20 03:4024904----a-w-c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBiterror.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 08:49176936----a-w-c:\program files (x86)\BitTorrentBar\prxtbBiterror.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBiterror.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-12 244480]
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
"Qwest Personal Digital Vault"="c:\program files (x86)\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe" [2009-12-18 1064808]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Philips Device Listener"="c:\program files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2012-03-17 380416]
"BYR_AGENT"="c:\programdata\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2012-03-15 392280]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2011-12-26 247968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 OV550I;35mm Film Scanner;c:\windows\system32\Drivers\FilmScan.sys [2008-02-22 196992]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-12 62208]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S2 uvnc_service_gs;uvnc_service_gs;c:\program files (x86)\Gbridge LLC\Gbridge\gbwinvnc.exe [2010-06-12 1587536]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-12 287960]
S3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\DRIVERS\gbridge64.sys [2009-10-13 48192]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 02:32]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 02:32]
.
2012-07-30 c:\windows\Tasks\PC Utility Kit Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-07-30 c:\windows\Tasks\PC Utility Kit Update3.job
- c:\program files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe [2012-03-27 19:30]
.
2012-07-30 c:\windows\Tasks\PC Utility Kit.job
- c:\program files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe [2012-04-10 21:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"combofix"="c:\combofix\CF1770.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173612096216p0345v1l5k4851r258
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{043C5167-00BB-4324-AF7E-62013FAEDACF}"=hex:51,66,7a,6c,4c,1d,38,12,09,52,2f,
00,89,4e,4a,06,d0,68,21,41,3a,f0,9e,db
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"=hex:51,66,7a,6c,4c,1d,38,12,c4,f1,d4,
8c,0d,b7,42,06,f0,18,f4,98,5c,39,e1,33
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:dc,78,a5,56,8d,5b,cd,01
.
[HKEY_USERS\S-1-5-21-3759343653-2838114903-552803618-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3759343653-2838114903-552803618-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2012-07-30 20:46:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-31 02:46
.
Pre-Run: 876,973,719,552 bytes free
Post-Run: 877,746,573,312 bytes free
.
- - End Of File - - 5152929C489B9D804ECF1E12BA8DB890
Correct me if I'm wrong, but because all of this worked I don't think the back half of your post is relevant to me.
Thanks a ton for your work so far man!

 

[Broni]

Looks good

Any visible issues?

=================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

==================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[MTshortstuff]

I already have Malwarebytes. I'll update it and give 'er a spin.

Uh oh.

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Illegal operation attempted on a registry key that has been marked for deletion."

Earlier you said to reboot if I got this message. Should I go ahead and do so?

 

[Broni]

Yes.

 

[MTshortstuff]

Whoop whoop! Crisis averted. It's up and running now

Quick scanning...

It found one thing. I can't tell if it's relevant to sirefef.y though.

Here's the report.


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.30.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Betsy :: GROBELS [administrator]

7/30/2012 9:11:16 PM
mbam-log-2012-07-30 (21-11-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223734
Time elapsed: 2 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Betsy\Downloads\SoftonicDownloader_for_microsoft-security-essentials.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.

(end)

Restarted the thing, now I'm going over to OTL.
It downloaded just dandy and is doing the quick scan...
I'll post the files - it just takes a few posts!

 

[MTshortstuff]

OTL (1st half):

OTL logfile created on: 7/30/2012 9:23:02 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Betsy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 4.69 Gb Available Physical Memory | 78.68% Memory free
11.93 Gb Paging File | 10.57 Gb Available in Paging File | 88.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 817.55 Gb Free Space | 89.21% Space Free | Partition Type: NTFS
Drive E: | 931.09 Gb Total Space | 927.67 Gb Free Space | 99.63% Space Free | Partition Type: FAT32
Drive L: | 968.25 Mb Total Space | 51.78 Mb Free Space | 5.35% Space Free | Partition Type: FAT

Computer Name: GROBELS | User Name: Betsy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/30 21:22:04 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Betsy\Downloads\OTL.exe
PRC - [2012/03/16 19:15:48 | 000,380,416 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
PRC - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/09/06 03:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/06/12 01:36:00 | 001,587,536 | ---- | M] (UltraVNC) -- C:\Program Files (x86)\Gbridge LLC\Gbridge\gbwinvnc.exe
PRC - [2009/12/18 14:58:34 | 001,064,808 | ---- | M] () -- C:\Program Files (x86)\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/08/12 16:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/08/12 15:58:52 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/07/20 15:07:10 | 000,124,416 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
PRC - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 07:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/16 19:15:48 | 000,380,416 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
MOD - [2011/10/14 03:29:38 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/14 03:29:32 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/14 03:29:16 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/14 03:29:12 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/14 03:29:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/14 03:29:06 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2009/12/18 14:58:34 | 001,064,808 | ---- | M] () -- C:\Program Files (x86)\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe
MOD - [2009/12/18 14:58:32 | 000,275,784 | ---- | M] () -- C:\Program Files (x86)\Qwest Personal Digital Vault\SdbShared.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/06/12 17:37:38 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll
MOD - [2009/06/12 17:37:36 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll
MOD - [2009/02/02 18:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/06 03:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/06/12 01:36:00 | 001,587,536 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files (x86)\Gbridge LLC\Gbridge\gbwinvnc.exe -- (uvnc_service_gs)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/08/12 16:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/28 13:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 07:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 02:42:00 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2011/02/14 02:42:00 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2011/02/14 02:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/10/12 23:54:50 | 000,048,192 | ---- | M] (Gbridge LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gbridge64.sys -- (gbridge)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/12 04:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/25 14:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 17:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 17:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008/02/22 00:10:36 | 000,196,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FilmScan.sys -- (OV550I)
DRV - [2011/03/02 05:06:50 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173612096216p0345v1l5k4851r258
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173612096216p0345v1l5k4851r258
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBiterror.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3759343653-2838114903-552803618-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3759343653-2838114903-552803618-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBiterror.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3759343653-2838114903-552803618-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3759343653-2838114903-552803618-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3759343653-2838114903-552803618-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
IE - HKU\S-1-5-21-3759343653-2838114903-552803618-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3759343653-2838114903-552803618-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3759343653-2838114903-552803618-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Rhapsody"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: 7digital@songbirdnest.com:1.9.6.2119
FF - prefs.js..extensions.enabledItems: albumart@songbirdnest.com:1.0.10.2119
FF - prefs.js..extensions.enabledItems: cd-rip@songbirdnest.com:1.0.6.2119
FF - prefs.js..extensions.enabledItems: concerts@songbirdnest.com:1.1.3.2119
FF - prefs.js..extensions.enabledItems: ewaacdec@songbirdnest.com:1.0.3.2119
FF - prefs.js..extensions.enabledItems: ewh264dec@songbirdnest.com:1.0.3.2119
FF - prefs.js..extensions.enabledItems: ewmp3enc@songbirdnest.com:1.0.6.2119
FF - prefs.js..extensions.enabledItems: ewmpeg4dec@songbirdnest.com:1.0.3.2119
FF - prefs.js..extensions.enabledItems: fileassociation@philips.com:5.6.0.1151
FF - prefs.js..extensions.enabledItems: gogear@songbirdnest.com:1.1.2.2119
FF - prefs.js..extensions.enabledItems: gonzo@songbirdnest.com:1.9.6
FF - prefs.js..extensions.enabledItems: gracenote@songbirdnest.com:1.0.5.2119
FF - prefs.js..extensions.enabledItems: mashTape@songbirdnest.com:1.1.6.2119
FF - prefs.js..extensions.enabledItems: msc@songbirdnest.com:1.0.6.2119
FF - prefs.js..extensions.enabledItems: mtp@songbirdnest.com:1.0.21.2119
FF - prefs.js..extensions.enabledItems: philips-addon-manager@philips.com:5.6.0.2554
FF - prefs.js..extensions.enabledItems: philips-branding@philips.com:5.6.0.2555
FF - prefs.js..extensions.enabledItems: philips-likemusic@philips.com:5.6.0.1053
FF - prefs.js..extensions.enabledItems: philips-msc-mtp-switch@philips.com:5.6.0.2552
FF - prefs.js..extensions.enabledItems: philips-promotions@philips.com:5.6.0.1151
FF - prefs.js..extensions.enabledItems: philips-skin@philips.com:5.6.0.2551
FF - prefs.js..extensions.enabledItems: philips-ui@philips.com:5.6.0.2552
FF - prefs.js..extensions.enabledItems: purplerain@songbirdnest.com:1.9.6
FF - prefs.js..extensions.enabledItems: rhapsody@songbirdnest.com:1.1.0.2119
FF - prefs.js..extensions.enabledItems: windowsmedia@songbirdnest.com:1.0.9.2119
FF - prefs.js..extensions.enabledItems: quicktime@songbirdnest.com:1.0.9.2119
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Betsy\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Betsy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Windows Media Player\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files (x86)\RelevantKnowledge

[2012/03/16 19:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Betsy\AppData\Roaming\Mozilla\Extensions
[2012/03/16 19:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Betsy\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2012/04/05 20:16:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Betsy\AppData\Roaming\Mozilla\Firefox\extensions
[2012/04/05 20:16:57 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Betsy\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/03/16 19:10:51 | 000,000,533 | ---- | M] () -- C:\Users\Betsy\AppData\Roaming\Philips-Songbird\Profiles\io27lp1q.default\searchplugins\77daa569-cc41-41d0-bfd7-855a70e9be35.xml
[2012/03/16 19:18:23 | 000,000,503 | ---- | M] () -- C:\Users\Betsy\AppData\Roaming\Philips-Songbird\Profiles\io27lp1q.default\searchplugins\7digital.xml
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (7digital Music Store) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\7DIGITAL@SONGBIRDNEST.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (Artwork Extras) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\ALBUMART@SONGBIRDNEST.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (CD Rip Support) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\CD-RIP@SONGBIRDNEST.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (Concerts) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS

 

[MTshortstuff]

OTL (2nd half):

SONGBIRD\EXTENSIONS\CONCERTS@SONGBIRDNEST.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (AAC Decoding Support) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\EWAACDEC@SONGBIRDNEST.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (H.264 Video Decoding Support) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\EWH264DEC@SONGBIRDNEST.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (MP3 Encoding Support) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\EWMP3ENC@SONGBIRDNEST.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (MPEG-4 Video Decoding Support) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\EWMPEG4DEC@SONGBIRDNEST.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (File association) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\FILEASSOCIATION@PHILIPS.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (Philips GoGear Device Manager) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\GOGEAR@SONGBIRDNEST.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (gonzo) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\GONZO@SONGBIRDNEST.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (Gracenote Metadata Lookup Provider) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\GRACENOTE@SONGBIRDNEST.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (mashTape) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\MASHTAPE@SONGBIRDNEST.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (MSC Device Support) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\MSC@SONGBIRDNEST.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (MTP Device Support) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\MTP@SONGBIRDNEST.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (Philips addon manager) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-ADDON-MANAGER@PHILIPS.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (Philips Branding) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-BRANDING@PHILIPS.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (LikeMusic) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-LIKEMUSIC@PHILIPS.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (Philips auto msc-mtp switch) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-MSC-MTP-SWITCH@PHILIPS.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (Philips Promotions) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-PROMOTIONS@PHILIPS.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (Philips Skin) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-SKIN@PHILIPS.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (Philips UI) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-UI@PHILIPS.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (Purple Rain) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PURPLERAIN@SONGBIRDNEST.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (rhapsody) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\RHAPSODY@SONGBIRDNEST.COM
[2012/03/16 19:15:59 | 000,000,000 | ---D | M] (Windows Media Playback) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\WINDOWSMEDIA@SONGBIRDNEST.COM
[2012/03/16 19:17:43 | 000,000,000 | ---D | M] (QuickTime Playback) -- C:\USERS\BETSY\APPDATA\ROAMING\PHILIPS-SONGBIRD\PROFILES\IO27LP1Q.DEFAULT\EXTENSIONS\QUICKTIME@SONGBIRDNEST.COM

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Betsy\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Betsy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/07/30 20:39:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBiterror.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBiterror.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBiterror.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBiterror.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-3759343653-2838114903-552803618-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [Qwest Personal Digital Vault] C:\Program Files (x86)\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3759343653-2838114903-552803618-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3759343653-2838114903-552803618-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3759343653-2838114903-552803618-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-3759343653-2838114903-552803618-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3759343653-2838114903-552803618-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3759343653-2838114903-552803618-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA8713C9-52CC-42DD-A388-B7B0CCC5398B}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/30 21:26:09 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/30 20:46:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/30 20:39:52 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/30 20:29:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/30 20:29:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/30 20:29:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/30 20:24:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/30 16:06:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/07/30 16:06:09 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/07/30 15:44:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/30 15:43:59 | 004,722,436 | R--- | C] (Swearware) -- C:\Users\Betsy\Desktop\ComboFix.exe
[2012/07/29 21:26:26 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Roaming\PC Utility Kit
[2012/07/29 21:26:26 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Roaming\DriverCure
[2012/07/29 21:26:18 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Utility Kit
[2012/07/29 21:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Utility Kit
[2012/07/29 21:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit
[2012/07/29 21:26:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Utility Kit

========== Files - Modified Within 30 Days ==========

[2012/07/30 21:27:00 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 21:27:00 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 21:25:10 | 002,001,310 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/30 21:25:10 | 000,571,730 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/30 21:25:10 | 000,005,202 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/30 21:20:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/30 21:19:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/30 21:19:38 | 509,456,383 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/30 20:49:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/30 20:39:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/30 16:06:15 | 000,005,168 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/30 15:44:34 | 004,722,436 | R--- | M] (Swearware) -- C:\Users\Betsy\Desktop\ComboFix.exe
[2012/07/29 22:04:52 | 000,002,427 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/07/29 22:04:20 | 000,000,480 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit Registration3.job
[2012/07/29 22:04:20 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit Update3.job
[2012/07/29 22:04:20 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit.job
[2012/07/29 21:53:30 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/29 21:26:18 | 000,001,199 | ---- | M] () -- C:\Users\Betsy\Desktop\PC Utility Kit.lnk
[2012/07/25 20:04:40 | 000,433,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/18 09:01:44 | 000,226,816 | ---- | M] () -- C:\Users\Betsy\Documents\2012-13 MOA Registration Word Template.dot
[2012/07/12 13:08:28 | 000,002,307 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/07/30 20:29:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/30 20:29:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/30 20:29:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/30 20:29:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/30 20:29:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/29 21:26:37 | 000,000,480 | ---- | C] () -- C:\Windows\tasks\PC Utility Kit Registration3.job
[2012/07/29 21:26:18 | 000,001,199 | ---- | C] () -- C:\Users\Betsy\Desktop\PC Utility Kit.lnk
[2012/07/29 21:26:18 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\PC Utility Kit Update3.job
[2012/07/29 21:26:17 | 000,000,444 | ---- | C] () -- C:\Windows\tasks\PC Utility Kit.job
[2012/07/18 09:01:43 | 000,226,816 | ---- | C] () -- C:\Users\Betsy\Documents\2012-13 MOA Registration Word Template.dot
[2012/04/18 19:41:49 | 000,002,427 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/01/23 21:14:25 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~sk3V4Kj4jCFCWh
[2012/01/23 21:14:25 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~sk3V4Kj4jCFCWhr
[2012/01/23 21:14:23 | 000,000,336 | -H-- | C] () -- C:\ProgramData\sk3V4Kj4jCFCWh
[2012/01/09 22:13:14 | 000,012,976 | -HS- | C] () -- C:\Users\Betsy\AppData\Local\48fud25iil0773oqobc47vhemu8cl47nlr8e32y5g07vaw
[2012/01/09 22:13:14 | 000,012,976 | -HS- | C] () -- C:\ProgramData\48fud25iil0773oqobc47vhemu8cl47nlr8e32y5g07vaw
[2011/08/13 13:11:16 | 000,000,000 | ---- | C] () -- C:\Users\Betsy\AppData\Local\{D5397A64-FFEE-4099-81E9-A9AD86E90D26}
[2011/03/23 20:31:18 | 000,000,028 | -H-- | C] () -- C:\Windows\Robota.INI
[2011/03/23 16:15:33 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011/01/29 18:57:15 | 000,005,168 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/29 14:07:48 | 000,002,799 | -H-- | C] () -- C:\Windows\SKLANG.INI
[2010/09/30 08:56:06 | 000,000,148 | ---- | C] () -- C:\Users\Betsy\.jupload.properties
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/13 10:48:43 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2010/06/02 21:22:54 | 000,003,584 | ---- | C] () -- C:\Users\Betsy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/29 11:15:09 | 000,000,268 | RH-- | C] () -- C:\ProgramData\NetServices
[2009/12/29 11:15:09 | 000,000,268 | RH-- | C] () -- C:\Users\Betsy\AppData\Roaming\Metadata Importer
[2009/12/29 11:15:09 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/12/29 11:15:09 | 000,000,012 | RH-- | C] () -- C:\ProgramData\PPD Plugins
[2009/12/16 09:44:04 | 000,061,678 | ---- | C] () -- C:\Users\Betsy\AppData\Roaming\PFP110JPR.{PB
[2009/12/16 09:44:04 | 000,012,358 | ---- | C] () -- C:\Users\Betsy\AppData\Roaming\PFP110JCM.{PB
[2009/12/12 11:40:42 | 000,000,098 | ---- | C] () -- C:\Users\Betsy\AppData\Roaming\wklnhst.dat
[2009/12/08 16:59:44 | 000,000,632 | RHS- | C] () -- C:\Users\Betsy\ntuser.pol

========== LOP Check ==========

[2009/12/28 19:09:45 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Amazon
[2012/07/29 21:43:59 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Apas
[2012/02/08 19:05:45 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Audacity
[2012/07/30 22:13:46 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Avatbo
[2012/04/22 20:12:12 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\BitTorrent
[2011/03/17 06:36:31 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/28 18:41:16 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
[2011/11/20 10:49:57 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\com.Shutterfly.ExpressUploader
[2012/07/29 21:26:26 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\DriverCure
[2010/04/13 08:12:30 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Facebook
[2009/12/08 16:24:58 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Gbridge
[2011/03/13 20:01:08 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Leadertech
[2011/03/23 16:18:30 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\MAGIX
[2010/04/13 07:56:44 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Nikon
[2009/12/07 16:48:34 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Packard Bell
[2012/07/29 21:26:26 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\PC Utility Kit
[2012/03/16 19:18:41 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Philips
[2012/03/16 19:10:23 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Philips-Songbird
[2010/02/20 11:58:40 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Sony
[2009/12/12 11:40:53 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Template
[2012/04/06 12:50:14 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\TuneUpMedia
[2011/04/23 21:04:48 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Windows Live Writer
[2010/02/24 21:47:50 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\Amazon
[2010/04/23 15:45:22 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\Gbridge
[2011/03/23 16:38:18 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\MAGIX
[2010/10/30 15:58:48 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\Nikon
[2010/02/20 13:25:31 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\Sony
[2012/07/29 22:04:20 | 000,000,480 | ---- | M] () -- C:\Windows\Tasks\PC Utility Kit Registration3.job
[2012/07/29 22:04:20 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\PC Utility Kit Update3.job
[2012/07/29 22:04:20 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\PC Utility Kit.job
[2011/04/28 03:20:46 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

 

[MTshortstuff]

Extras:

OTL Extras logfile created on: 7/30/2012 9:23:02 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Betsy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 4.69 Gb Available Physical Memory | 78.68% Memory free
11.93 Gb Paging File | 10.57 Gb Available in Paging File | 88.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 817.55 Gb Free Space | 89.21% Space Free | Partition Type: NTFS
Drive E: | 931.09 Gb Total Space | 927.67 Gb Free Space | 99.63% Space Free | Partition Type: FAT32
Drive L: | 968.25 Mb Total Space | 51.78 Mb Free Space | 5.35% Space Free | Partition Type: FAT

Computer Name: GROBELS | User Name: Betsy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3759343653-2838114903-552803618-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{106DADAD-B062-4de5-8D1F-3FD2AD195E49}" = PC Utility Kit
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40a87585-3dea-47d0-8aac-c7c19689b431}" = Nero 9 Essentials
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{63688C0C-441B-B09B-97A3-B059D79A84F7}" = Shutterfly Express Uploader
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C91041E-406E-C082-0D03-75D4BC9C6CB0}" = Picaboo X
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App (Gateway Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{746FB02B-1D03-43B7-917A-E1341AB69A00}" = Qwest Personal Digital Vault™
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.1
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}" = PlayStation(R)Network Downloader
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6A4A9B1-D8AC-46E4-B143-72FE9B8173A3}" = LG Verizon United Drivers
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{ED3866E9-4F50-4A47-9945-58D5C97AB56F}" = Media Go
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"AnalogX Vocal Remover" = AnalogX Vocal Remover
"AnalogX Vocal Remover (WinAmp)" = AnalogX Vocal Remover (WinAmp)
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo X
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Photo Frame" = Gateway Photo Frame 4.2.3.10
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Gbridge" = Gbridge (remove only)
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Gateway MyBackup
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.4.2
"MAGIX Music Maker 16 Premium Download Version UK" = MAGIX Music Maker 16 Premium Download Version
"MAGIX Screenshare UK" = MAGIX Screenshare
"MAGIX Speed burnR UK" = MAGIX Speed burnR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"NoteBurner_is1" = NoteBurner 2.30
"Philips Songbird" = Philips Songbird
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PremElem90" = Adobe Premiere Elements 9
"TuneUpMedia" = TuneUp Companion 2.4.2.2
"vShare" = vShare Plugin
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite" = Windows Live Essentials
"WTA-a15cbcd9-fb4a-4944-b659-f86e1918a156" = Super Granny

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3759343653-2838114903-552803618-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/3/2012 2:48:48 AM | Computer Name = Grobels | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/3/2012 2:48:48 AM | Computer Name = Grobels | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/3/2012 2:48:48 AM | Computer Name = Grobels | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/3/2012 9:17:59 AM | Computer Name = Grobels | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: mshtml.dll, version: 9.0.8112.16440, time
stamp: 0x4eb34def Exception code: 0xc0000005 Fault offset: 0x00000000002ed3ca Faulting
process id: 0xf88 Faulting application start time: 0x01cd591d345f59c2 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\mshtml.dll
Report
Id: 82020249-c511-11e1-85da-002511ad833d

Error - 7/4/2012 2:30:48 AM | Computer Name = Grobels | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Sony\Media
Go\MediaGo.exe".Error in manifest or policy file "C:\Program Files (x86)\Sony\Media
Go\Sony.Mrs.MANIFEST" on line 3. Component identity found in manifest does not match
the identity of the component requested. Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
Definition
is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0". Please use
sxstrace.exe for detailed diagnosis.

Error - 7/4/2012 2:30:55 AM | Computer Name = Grobels | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 7/4/2012 2:31:59 AM | Computer Name = Grobels | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/4/2012 2:31:59 AM | Computer Name = Grobels | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/4/2012 2:32:00 AM | Computer Name = Grobels | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/4/2012 2:32:00 AM | Computer Name = Grobels | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 5/18/2010 8:20:26 PM | Computer Name = Grobels | Source = MCUpdate | ID = 0
Description = 6:20:26 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 12/30/2010 8:41:26 PM | Computer Name = Grobels | Source = MCUpdate | ID = 0
Description = 5:41:26 PM - Error connecting to the internet. 5:41:26 PM - Unable
to contact server..

Error - 12/30/2010 8:41:57 PM | Computer Name = Grobels | Source = MCUpdate | ID = 0
Description = 5:41:54 PM - Error connecting to the internet. 5:41:54 PM - Unable
to contact server..

[ System Events ]
Error - 7/30/2012 10:19:13 PM | Computer Name = Grobels | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/30/2012 10:19:19 PM | Computer Name = Grobels | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 7/30/2012 10:19:57 PM | Computer Name = Grobels | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/30/2012 10:19:57 PM | Computer Name = Grobels | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 7/30/2012 10:35:23 PM | Computer Name = Grobels | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/30/2012 10:37:19 PM | Computer Name = Grobels | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 7/30/2012 10:38:09 PM | Computer Name = Grobels | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/30/2012 10:38:13 PM | Computer Name = Grobels | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/30/2012 10:39:40 PM | Computer Name = Grobels | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 7/30/2012 10:45:10 PM | Computer Name = Grobels | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.


< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
  O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  [2012/07/30 21:26:09 | 000,000,000 | ---D | C] -- C:\FRST
  [2012/01/23 21:14:25 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~sk3V4Kj4jCFCWh
  [2012/01/23 21:14:25 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~sk3V4Kj4jCFCWhr
  [2012/01/23 21:14:23 | 000,000,336 | -H-- | C] () -- C:\ProgramData\sk3V4Kj4jCFCWh
  [2012/01/09 22:13:14 | 000,012,976 | -HS- | C] () -- C:\Users\Betsy\AppData\Local\48fud25iil0773oqobc47vhemu8cl47nlr8e32y5g07vaw
  [2012/01/09 22:13:14 | 000,012,976 | -HS- | C] () -- C:\ProgramData\48fud25iil0773oqobc47vhemu8cl47nlr8e32y5g07vaw
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

==============================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Broni]

Still with me?

 

[Broni]

This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.