Solved Unkown virus/malware uninstalling programs

Status
Not open for further replies.
monkeychef23

monkeychef23

Posts: 73   +4
Sorry for being on so late buuuut.....

I just realized that many of my programs are being uninstalled. It's really odd and extremely annoying. I am running spybot, malwarebytes, and antivir as we speak. If anyone wants the logs, I need them to tell me how to find them. If anyone has a quick solution that will not affect my computer configuration, please post it with instructions.

If someone does one of these things, I will reward them with one chocolate chip cookie and a glass of milk.

Thanks.
 
Alright,

so last night I was just playing some video games and looking at engadget (normal stuff), when I realized that the shortcut for Utorrent on my desktop was broken . I wasn't really sure what happened, so I looked through the entire computer to find it had been uninstalled. I started to research what it could have been, and within the course of an hour, three other programs had been uninstalled. Their folder is not present in any program files, and a search for the programs only comes up with their installers in My Downloads.

Today I booted the computer, couldn't open chrome, thunderbird, antivir, nothing. Everything came up with errors and crashes.

Anyway, I'm following the eight steps. I am currently running GMER in safe mode because I am not able to open any programs in normal mode. I will post my log later when it is done.
 
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
I'm currently having a problem with gmer. After the scan finishes, the program stops responding. Other then that, malware bytes hasn't reported anything so far.

More importantly, is there a way to fix this non-responding issue?
 
Malware Bytes


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5289

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/10/2010 2:49:23 PM
mbam-log-2010-12-10 (14-49-23).txt

Scan type: Quick scan
Objects scanned: 198672
Time elapsed: 8 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Attach



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/17/2009 3:31:50 PM
System Uptime: 1/20/2011 7:41:49 PM (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | EP43T-USB3
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | Socket 775 | 2333/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 155.828 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 550 GiB total, 0.017 GiB free.
G: is FIXED (NTFS) - 46 GiB total, 40.588 GiB free.
H: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description: Motorola Surfboard 5120 USB Cable Modem
Device ID: USB\VID_07B2&PID_5120\00137140FC31
Manufacturer:
Name: Motorola Surfboard 5120 USB Cable Modem
PNP Device ID: USB\VID_07B2&PID_5120\00137140FC31
Service:

==== System Restore Points ===================

RP479: 1/16/2011 5:00:22 PM - Windows Backup
RP480: 1/17/2011 5:00:20 PM - Windows Backup
RP481: 1/17/2011 11:51:53 PM - Installed Microsoft Mathematics (64-bit)
RP482: 1/17/2011 11:52:21 PM - Installed DirectX
RP483: 1/18/2011 3:32:31 PM - Installed XSplit
RP484: 1/18/2011 5:00:14 PM - Windows Backup
RP485: 1/19/2011 5:00:27 PM - Windows Backup
RP486: 1/19/2011 9:05:43 PM - Installed XSplit
RP487: 1/20/2011 5:00:22 PM - Windows Backup

==== Installed Programs ======================

µTorrent
7-Zip 4.65
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.4.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Android Manager WiFi
Android Screencast
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bandisoft MPEG-1 Decoder
Battlefield: Bad Company 2
Browser Configuration Utility
Call of Duty: World at War
Connect
CopyTrans Suite Remove Only
Counter-Strike: Source
Counter-Strike: Source Beta
D3DX10
Download Updater (AOL LLC)
Dropbox
Dyyno Broadcaster
Energy Saver Advance B9.0730.1
EVGA Precision 1.8.0
Fences
FLAC 1.2.1b (remove only)
FoxyTunes for Firefox
Freemake Video Converter version 1.3.0
Freemake Video Downloader version 2.0.1
Futuremark SystemInfo
Game Booster
Garry's Mod
GCalc 3
Gigabyte Raid Configurer
Glary Utilities 2.17.0.776
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Hacker Evolution
Half-Life Dedicated Server Update Tool
ImgBurn
Internet TV for Windows Media Center
IZArc 4.1
Java Auto Updater
Java(TM) 6 Update 23
Junk Mail filter update
K-Lite Codec Pack 6.1.0 (Basic)
kuler
League of Legends
League of Legends - ACE Client by Matricus
Left 4 Dead 2
Malwarebytes' Anti-Malware
Microsoft Corporation
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
mIRC
Mozilla Firefox (3.6.11)
Mozilla Firefox (4.0b1)
Mozilla Thunderbird (3.1.7)
Mp3tag v2.47b
MSVCRT
MSVCRT_amd64
Mumble and Murmur
NEC Electronics USB 3.0 Host Controller Driver
NVIDIA PhysX
OCCT Perestroika 3.1.0
OpenAL
Pando Media Booster
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
Poker Night at the Inventory
PunkBuster Services
QMC
Quicken 2009
QuickTime
Rainmeter (remove only)
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RollerCoaster Tycoon Deluxe
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shipping Assistant 3.6
Skype™ 4.1
Songbird 1.7.3 (Build 1700)
SpeedFan (remove only)
Spybot - Search & Destroy
StarCraft II
Steam
STORM
SugarSync Manager
Suite Shared Configuration CS4
Supreme Commander 2
System Protocol One
System Requirements Lab
Team Fortress 2
Team Fortress 2 Beta
TeamSpeak 3 Client
TeamViewer 6
TI Connect 1.6
Tom Clancy's H.A.W.X. 2
Ubisoft Game Launcher
Ubuntu
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2483110)
Uplink
Ventrilo Server
Winamp
Winamp 5 Media Liabrary Import/Export (remove only)
Winamp Detector Plug-in
Winamp Remote
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Xfire (remove only)
XSplit

==== Event Viewer Messages From Past Week ========

1/20/2011 4:31:33 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/20/2011 12:35:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
1/20/2011 12:35:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/20/2011 12:18:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/20/2011 12:18:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/20/2011 12:18:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/20/2011 12:18:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/20/2011 12:18:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/20/2011 12:18:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/20/2011 12:14:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx VBoxDrv VBoxUSBMon Wanarpv6 WfpLwf
1/20/2011 12:14:14 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/20/2011 12:14:14 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2011 12:14:14 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2011 12:14:14 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/20/2011 12:14:14 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/20/2011 12:14:14 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2011 12:14:14 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/20/2011 12:14:14 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/20/2011 12:14:14 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2011 12:14:14 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2011 12:12:00 PM, Error: Service Control Manager [7000] - The TeamViewer 6 service failed to start due to the following error: The pipe has been ended.
1/20/2011 12:10:59 PM, Error: Service Control Manager [7031] - The TeamViewer 6 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/20/2011 12:09:53 PM, Error: Service Control Manager [7034] - The Avira AntiVir Scheduler service terminated unexpectedly. It has done this 3 time(s).
1/20/2011 12:09:53 PM, Error: Service Control Manager [7031] - The TeamViewer 6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/20/2011 12:09:53 PM, Error: Service Control Manager [7031] - The Avira AntiVir Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/20/2011 12:09:53 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\System Volume Information\Syscache.hve' was corrupted and it has been recovered. Some data might have been lost.
1/20/2011 12:09:51 PM, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
1/20/2011 12:09:51 PM, Error: Service Control Manager [7034] - The GEST Service for program management. service terminated unexpectedly. It has done this 1 time(s).
1/20/2011 12:09:51 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
1/20/2011 12:09:51 PM, Error: Service Control Manager [7031] - The Avira AntiVir Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/20/2011 12:09:51 PM, Error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/20/2011 12:09:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SeaPort service to connect.
1/20/2011 12:09:30 PM, Error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/19/2011 3:31:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80003307165, 0xfffff880065a4c60, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011911-22698-01.
1/19/2011 3:31:21 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
1/15/2011 12:08:51 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
1/15/2011 12:06:50 PM, Error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
1/15/2011 12:06:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
1/15/2011 12:06:49 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/14/2011 3:34:33 PM, Error: NetBT [4300] - The driver could not be created.
1/13/2011 2:21:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8000335f165, 0xfffff88006371c60, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011311-21512-01.
1/13/2011 2:20:04 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Josh\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.

==== End Of File ===========================


DDS



DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Josh at 19:47:19.05 on Thu 01/20/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8190.6168 [GMT -5:00]

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Users\Josh\Documents\Other and Programs\Dyyno Broadcaster\launcherd.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files (x86)\Winamp Remote\bin\OrbMediaService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\vVX3000.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Task Killer\TaskKiller.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Josh\Documents\Other and Programs\Dyyno Broadcaster\dyyno_launcher.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Josh\Documents\Other and Programs\bin\TSVNCache.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Josh\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mWinlogon: Userinit=userinit.exe
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - C:\Program Files (x86)\Microsoft Money\System\mnyside.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Task Killer] C:\Program Files (x86)\Task Killer\TaskKiller.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [sbitunesagent] C:\Users\Josh\Documents\Songbird\songbirditunesagent.exe
uRun: [Google Update] "C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Dyyno Launcher] "C:\Users\Josh\Documents\Other and Programs\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104
uRun: [C:!Users!Josh!AppData!Local!Google!Chrome!User Data_service_run] "C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
uExplorerRun: [Thunderbird Mail Client] C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
uExplorerRun: [chrome] C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
uExplorerRun: [mumble] C:\Users\Josh\Documents\Other and Programs\Mumble\mumble.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - C:\Program Files (x86)\Microsoft Money\System\mnyside.dll
DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} - hxxp://68.39.100.29/DVROcxEx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {64F146E5-75E3-41E8-B13B-33D0BCC01771} = 167.206.245.12,167.206.245.11
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
IFEO: taskmgr.exe - C:\Program Files (x86)\Glary Utilities\procmgr.exe
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [VX3000] C:\Windows\vVX3000.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
STS-X64: FencesShlExt Class: {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Users\Josh\Documents\Other and Programs\Stardock\Fences\FencesMenu64.dll
IFEO-X64: taskmgr.exe - C:\Program Files (x86)\Glary Utilities\procmgr.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.engadget.com/|http://gizmodo.com/
FF - component: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - component: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}\components\MailUtil.dll
FF - component: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Josh\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Josh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Josh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 1\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
FF - Ext: GoogleTube: googletube@googletube.com - %profile%\extensions\googletube@googletube.com
FF - Ext: meebo: firefox@meebo.com - %profile%\extensions\firefox@meebo.com
FF - Ext: Office Black: Office2007Black@JBBS - %profile%\extensions\Office2007Black@JBBS
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: Chromifox Basic: chromifox@altmusictv.com - %profile%\extensions\chromifox@altmusictv.com
FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: AOL Radio Toolbar: {6ad56361-628f-471b-8f9d-4c338973a87d} - %profile%\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: FlipClock: {cdd09450-7280-11de-8a39-0800200c9a66} - %profile%\extensions\{cdd09450-7280-11de-8a39-0800200c9a66}
FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-18 55024]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-28 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-12-28 267944]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-12-28 83120]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-11-17 219360]
R2 Dyyno Launcher;Dyyno Service;C:\Users\Josh\Documents\Other and Programs\Dyyno Broadcaster\launcherd.exe [2010-12-12 415072]
R2 GEST Service;GEST Service for program management.;C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2009-11-17 68136]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-12-20 1153368]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-7 2228008]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-10-26 75264]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-10-26 176640]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-17 236544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-25 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-11-18 1038088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-21 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2010-8-5 43728]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-15 1255736]

=============== Created Last 30 ================

2011-01-18 20:51:38 -------- d-----w- C:\Users\Josh\AppData\Local\PMB Files
2011-01-18 20:51:37 -------- d-----w- C:\PROGRA~3\PMB Files
2011-01-18 20:34:14 -------- d-----w- C:\PROGRA~3\SplitMediaLabs
2011-01-18 12:34:58 -------- d-----w- C:\Program Files (x86)\Graboid
2011-01-18 04:52:06 -------- d-----w- C:\Program Files\Microsoft Mathematics
2011-01-12 16:54:00 -------- d-----w- C:\opt
2011-01-11 19:41:42 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
2011-01-09 00:55:32 -------- d-----w- C:\Users\Josh\AppData\Roaming\TS3Client
2011-01-09 00:55:20 -------- d-----w- C:\Users\Josh\AppData\Local\TeamSpeak 3 Client
2011-01-02 22:09:55 -------- d-----w- C:\Users\Josh\AppData\Local\TSVNCache
2011-01-02 00:42:34 -------- d-----w- C:\Users\Josh\AppData\Roaming\TortoiseSVN
2011-01-02 00:41:04 -------- d-----w- C:\Users\Josh\AppData\Roaming\Subversion
2011-01-02 00:39:49 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays
2010-12-28 16:34:56 -------- d-----w- C:\Users\Josh\AppData\Roaming\Avira
2010-12-28 16:31:55 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2010-12-28 16:31:54 -------- d-----w- C:\Program Files (x86)\Avira
2010-12-28 16:31:54 -------- d-----w- C:\PROGRA~3\Avira
2010-12-28 16:07:54 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{957EF162-351F-493E-A609-2C17E2CF0BA7}\mpengine.dll

==================== Find3M ====================

2011-01-21 00:42:23 25640 ----a-w- C:\Windows\gdrv.sys
2011-01-19 18:51:50 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-01-19 18:51:50 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-01-19 18:50:27 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-01-14 07:33:52 735353 ----a-w- C:\Users\Josh\ace_uninstaller.exe
2010-12-23 22:51:40 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-12-20 23:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-11 22:00:18 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2010-12-02 23:10:06 99384 ----a-w- C:\Users\Josh\AppData\Roaming\inst.exe
2010-12-02 23:10:06 82816 ----a-w- C:\Users\Josh\AppData\Roaming\pcouffin.sys
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:21:51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2010-11-02 05:18:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2010-11-02 05:18:59 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
2010-11-02 05:18:58 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:12:53 1133568 ----a-w- C:\Windows\System32\FntCache.dll
2010-11-02 05:12:25 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2010-11-02 05:12:08 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2010-11-02 05:12:07 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2010-11-02 05:12:06 902656 ----a-w- C:\Windows\System32\d2d1.dll
2010-11-02 05:12:06 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:59:08 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-11-02 04:41:36 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:35:51 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-11-02 02:50:58 258048 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

============= FINISH: 19:48:51.53 ===============
 
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
2011/01/20 20:13:24.0873 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
2011/01/20 20:13:24.0873 ================================================================================
2011/01/20 20:13:24.0873 SystemInfo:
2011/01/20 20:13:24.0873
2011/01/20 20:13:24.0873 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/20 20:13:24.0873 Product type: Workstation
2011/01/20 20:13:24.0873 ComputerName: LEIBFAM
2011/01/20 20:13:24.0873 UserName: Josh
2011/01/20 20:13:24.0873 Windows directory: C:\Windows
2011/01/20 20:13:24.0873 System windows directory: C:\Windows
2011/01/20 20:13:24.0874 Running under WOW64
2011/01/20 20:13:24.0874 Processor architecture: Intel x64
2011/01/20 20:13:24.0874 Number of processors: 4
2011/01/20 20:13:24.0874 Page size: 0x1000
2011/01/20 20:13:24.0874 Boot type: Normal boot
2011/01/20 20:13:24.0874 ================================================================================
2011/01/20 20:13:24.0874 Utility is running under WOW64
2011/01/20 20:13:30.0545 Initialize success
2011/01/20 20:13:33.0204 ================================================================================
2011/01/20 20:13:33.0204 Scan started
2011/01/20 20:13:33.0204 Mode: Manual;
2011/01/20 20:13:33.0204 ================================================================================
2011/01/20 20:13:34.0300 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/01/20 20:13:34.0332 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/01/20 20:13:34.0360 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/01/20 20:13:34.0416 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
2011/01/20 20:13:34.0473 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/01/20 20:13:34.0510 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/01/20 20:13:34.0540 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/01/20 20:13:34.0576 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/01/20 20:13:34.0607 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/01/20 20:13:34.0646 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/01/20 20:13:34.0661 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/01/20 20:13:34.0687 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/01/20 20:13:34.0715 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/01/20 20:13:34.0741 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/01/20 20:13:34.0766 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/01/20 20:13:34.0792 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/01/20 20:13:34.0847 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/01/20 20:13:34.0888 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/01/20 20:13:34.0917 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/01/20 20:13:34.0961 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/20 20:13:34.0988 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/01/20 20:13:35.0032 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/01/20 20:13:35.0067 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/01/20 20:13:35.0105 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/01/20 20:13:35.0148 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/01/20 20:13:35.0192 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/01/20 20:13:35.0242 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/01/20 20:13:35.0272 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/20 20:13:35.0293 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/01/20 20:13:35.0311 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/01/20 20:13:35.0342 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/01/20 20:13:35.0371 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/01/20 20:13:35.0393 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/01/20 20:13:35.0413 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/01/20 20:13:35.0436 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/01/20 20:13:35.0469 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/20 20:13:35.0502 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/20 20:13:35.0525 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/01/20 20:13:35.0558 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/01/20 20:13:35.0630 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/20 20:13:35.0762 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/01/20 20:13:35.0910 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/01/20 20:13:35.0939 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/20 20:13:35.0963 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/01/20 20:13:35.0989 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/01/20 20:13:36.0037 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/01/20 20:13:36.0063 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/01/20 20:13:36.0085 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/01/20 20:13:36.0143 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/01/20 20:13:36.0188 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/20 20:13:36.0283 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/01/20 20:13:36.0379 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/01/20 20:13:36.0405 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/01/20 20:13:36.0444 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/01/20 20:13:36.0473 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/01/20 20:13:36.0499 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/20 20:13:36.0535 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/01/20 20:13:36.0555 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/01/20 20:13:36.0592 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/20 20:13:36.0618 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/01/20 20:13:36.0637 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/01/20 20:13:36.0706 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/01/20 20:13:36.0734 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/20 20:13:36.0788 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/01/20 20:13:36.0832 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/01/20 20:13:36.0884 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
2011/01/20 20:13:36.0943 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/01/20 20:13:37.0024 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
2011/01/20 20:13:37.0044 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/01/20 20:13:37.0087 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/01/20 20:13:37.0120 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/20 20:13:37.0141 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/01/20 20:13:37.0166 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/01/20 20:13:37.0192 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/01/20 20:13:37.0236 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/20 20:13:37.0286 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/01/20 20:13:37.0324 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/01/20 20:13:37.0356 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/01/20 20:13:37.0399 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/20 20:13:37.0432 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/01/20 20:13:37.0483 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/01/20 20:13:37.0562 IntcAzAudAddService (49a81307e807c0eaad6510589dd92a3d) C:\Windows\system32\drivers\RTKVHD64.sys
2011/01/20 20:13:37.0603 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/01/20 20:13:37.0623 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/20 20:13:37.0642 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/20 20:13:37.0673 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/01/20 20:13:37.0703 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/01/20 20:13:37.0733 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/01/20 20:13:37.0752 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/01/20 20:13:37.0773 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/20 20:13:37.0812 JRAID (db85fe8d6cbaa2047cb4da1b2c193d76) C:\Windows\system32\DRIVERS\jraid.sys
2011/01/20 20:13:37.0846 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/20 20:13:37.0872 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/20 20:13:37.0898 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/20 20:13:37.0947 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/01/20 20:13:37.0964 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/01/20 20:13:38.0009 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/20 20:13:38.0064 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/01/20 20:13:38.0089 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/01/20 20:13:38.0118 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/01/20 20:13:38.0143 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/01/20 20:13:38.0167 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/01/20 20:13:38.0196 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/01/20 20:13:38.0219 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/01/20 20:13:38.0261 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/01/20 20:13:38.0294 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/20 20:13:38.0314 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/20 20:13:38.0351 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/20 20:13:38.0373 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/01/20 20:13:38.0402 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/01/20 20:13:38.0432 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/20 20:13:38.0454 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/01/20 20:13:38.0497 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/20 20:13:38.0520 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/20 20:13:38.0563 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/20 20:13:38.0589 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/01/20 20:13:38.0621 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/01/20 20:13:38.0656 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/01/20 20:13:38.0679 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/01/20 20:13:38.0697 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/01/20 20:13:38.0732 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/20 20:13:38.0757 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/20 20:13:38.0780 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/01/20 20:13:38.0809 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/01/20 20:13:38.0840 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/20 20:13:38.0858 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/01/20 20:13:38.0878 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/01/20 20:13:38.0916 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/01/20 20:13:38.0985 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/20 20:13:39.0033 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/01/20 20:13:39.0068 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/01/20 20:13:39.0094 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/20 20:13:39.0121 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/20 20:13:39.0149 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/20 20:13:39.0169 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/01/20 20:13:39.0188 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/20 20:13:39.0210 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/20 20:13:39.0276 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/01/20 20:13:39.0327 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/01/20 20:13:39.0355 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/20 20:13:39.0406 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/01/20 20:13:39.0471 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/01/20 20:13:39.0533 nusb3hub (f5bc2345e8c89d4e90fafd23a2239935) C:\Windows\system32\DRIVERS\nusb3hub.sys
2011/01/20 20:13:39.0582 nusb3xhc (5d42578241bc2a9b4a64837077436d5f) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2011/01/20 20:13:39.0833 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/01/20 20:13:39.0921 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/01/20 20:13:39.0949 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/01/20 20:13:39.0987 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/01/20 20:13:40.0020 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/20 20:13:40.0107 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/01/20 20:13:40.0130 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/01/20 20:13:40.0161 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/01/20 20:13:40.0183 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/01/20 20:13:40.0211 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/01/20 20:13:40.0272 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
2011/01/20 20:13:40.0293 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/01/20 20:13:40.0328 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/01/20 20:13:40.0442 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/20 20:13:40.0478 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/01/20 20:13:40.0514 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/20 20:13:40.0537 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/01/20 20:13:40.0584 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/01/20 20:13:40.0624 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/01/20 20:13:40.0657 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/20 20:13:40.0681 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/20 20:13:40.0694 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/01/20 20:13:40.0725 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/20 20:13:40.0761 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/20 20:13:40.0783 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/20 20:13:40.0812 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/20 20:13:40.0839 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/01/20 20:13:40.0863 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/20 20:13:40.0882 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/20 20:13:40.0942 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/01/20 20:13:40.0961 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/01/20 20:13:40.0992 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/01/20 20:13:41.0044 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/20 20:13:41.0080 RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/01/20 20:13:41.0113 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/01/20 20:13:41.0167 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/01/20 20:13:41.0213 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/01/20 20:13:41.0241 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/01/20 20:13:41.0271 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/01/20 20:13:41.0293 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/01/20 20:13:41.0354 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/01/20 20:13:41.0395 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/01/20 20:13:41.0436 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/01/20 20:13:41.0461 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/01/20 20:13:41.0502 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/01/20 20:13:41.0528 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/01/20 20:13:41.0556 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/01/20 20:13:41.0621 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/01/20 20:13:41.0686 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/01/20 20:13:41.0746 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/20 20:13:41.0803 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/20 20:13:41.0862 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/01/20 20:13:41.0892 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/20 20:13:42.0019 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/01/20 20:13:42.0104 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/20 20:13:42.0148 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/20 20:13:42.0171 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/01/20 20:13:42.0192 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/01/20 20:13:42.0220 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/20 20:13:42.0262 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/20 20:13:42.0344 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
2011/01/20 20:13:42.0386 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/20 20:13:42.0425 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/20 20:13:42.0452 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/01/20 20:13:42.0481 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/20 20:13:42.0529 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/01/20 20:13:42.0556 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/20 20:13:42.0579 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/01/20 20:13:42.0644 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
2011/01/20 20:13:42.0677 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/01/20 20:13:42.0727 usbbus (c73cb90e6a2ff90fd02451a8dfc6af8a) C:\Windows\system32\DRIVERS\lgx64bus.sys
2011/01/20 20:13:42.0755 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/20 20:13:42.0798 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/01/20 20:13:42.0822 UsbDiag (856ce1f23785369bb5a2de0aedad0aa7) C:\Windows\system32\DRIVERS\lgx64diag.sys
2011/01/20 20:13:42.0838 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/20 20:13:42.0868 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/20 20:13:42.0916 USBModem (f81055629778d33c9317b32e4d2b58db) C:\Windows\system32\DRIVERS\lgx64modem.sys
2011/01/20 20:13:42.0942 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/20 20:13:42.0970 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/20 20:13:42.0991 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/20 20:13:43.0016 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/20 20:13:43.0093 VBoxDrv (4fe30ec910ba4d18d1b0e51c7780053c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
2011/01/20 20:13:43.0130 VBoxNetAdp (47499fe912f0b4e7664f8498f2906f0e) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
2011/01/20 20:13:43.0157 VBoxNetFlt (032d3d3f93eef92fda895e87f28a0a0b) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
2011/01/20 20:13:43.0208 VBoxUSB (c328afba2bbaf5ab3dcd2170910648e7) C:\Windows\system32\Drivers\VBoxUSB.sys
2011/01/20 20:13:43.0274 VBoxUSBMon (7a15bbaa003de45a8dba5e72fec0c704) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
2011/01/20 20:13:43.0309 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/01/20 20:13:43.0345 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/20 20:13:43.0361 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/01/20 20:13:43.0390 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/01/20 20:13:43.0414 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/01/20 20:13:43.0438 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/01/20 20:13:43.0479 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/01/20 20:13:43.0509 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/01/20 20:13:43.0540 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/01/20 20:13:43.0567 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/01/20 20:13:43.0653 VX3000 (e13b31e0ada64cf1513d993f436ca39d) C:\Windows\system32\DRIVERS\VX3000.sys
2011/01/20 20:13:43.0737 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/01/20 20:13:43.0775 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/20 20:13:43.0791 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/20 20:13:43.0870 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/01/20 20:13:43.0907 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/20 20:13:43.0969 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/01/20 20:13:43.0992 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/01/20 20:13:44.0099 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/01/20 20:13:44.0137 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/20 20:13:44.0181 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/20 20:13:44.0224 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/01/20 20:13:44.0275 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/20 20:13:44.0706 ================================================================================
2011/01/20 20:13:44.0706 Scan finished
2011/01/20 20:13:44.0706 ================================================================================
 
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: EP43T-USB3
Logical Drives Mask: 0x000000dc

Kernel Drivers (total 196):
0x03250000 \SystemRoot\system32\ntoskrnl.exe
0x03207000 \SystemRoot\system32\hal.dll
0x00B9F000 \SystemRoot\system32\kdcom.dll
0x00C3F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C83000 \SystemRoot\system32\PSHED.dll
0x00C97000 \SystemRoot\system32\CLFS.SYS
0x00CF5000 \SystemRoot\system32\CI.dll
0x00E80000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F24000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F33000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F8A000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F93000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F9D000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FD0000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FDD000 \SystemRoot\System32\drivers\partmgr.sys
0x00E00000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E15000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E71000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00DB5000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00DC5000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FF2000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00C00000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00DDF000 \SystemRoot\system32\DRIVERS\jraid.sys
0x01036000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x01065000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01070000 \SystemRoot\system32\drivers\fltmgr.sys
0x010BC000 \SystemRoot\system32\drivers\fileinfo.sys
0x010D0000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01252000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010DC000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0113A000 \SystemRoot\System32\Drivers\cng.sys
0x0121A000 \SystemRoot\System32\drivers\pcw.sys
0x0122B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0145E000 \SystemRoot\system32\drivers\ndis.sys
0x01550000 \SystemRoot\system32\drivers\NETIO.SYS
0x015B0000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01601000 \SystemRoot\System32\drivers\tcpip.sys
0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x011AD000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0144A000 \SystemRoot\System32\Drivers\spldr.sys
0x01452000 \SystemRoot\SysWOW64\speedfan.sys
0x0182C000 \SystemRoot\System32\drivers\rdyboost.sys
0x01866000 \SystemRoot\System32\Drivers\mup.sys
0x01878000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01881000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x018BB000 \SystemRoot\system32\DRIVERS\disk.sys
0x018D1000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01937000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01961000 \SystemRoot\System32\Drivers\Null.SYS
0x0196A000 \SystemRoot\System32\Drivers\Beep.SYS
0x01971000 \SystemRoot\System32\drivers\vga.sys
0x0197F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x019A4000 \SystemRoot\System32\drivers\watchdog.sys
0x019B4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x019BD000 \SystemRoot\system32\drivers\rdpencdd.sys
0x019C6000 \SystemRoot\system32\drivers\rdprefmp.sys
0x019CF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x019DA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01800000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0181E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02C9F000 \SystemRoot\system32\drivers\afd.sys
0x02D29000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02D6E000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02D77000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02D9D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02DAC000 \SystemRoot\system32\DRIVERS\serial.sys
0x02DC9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02DE4000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
0x02C00000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
0x02C30000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C44000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02DF0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x019EB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x015DB000 \SystemRoot\System32\drivers\discache.sys
0x01000000 \SystemRoot\System32\Drivers\dfsc.sys
0x015EA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03AA0000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x03AC2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03AE8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0FE5E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x10AF0000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x10AF2000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0FE00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0FE46000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03AFE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x10BE6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03B54000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03B78000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x10BF7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03BA7000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x03BE5000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03A00000 \SystemRoot\system32\DRIVERS\parport.sys
0x03A1D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03A2A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03A3A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03A50000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03A74000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04072000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x040A1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x040BC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x040DD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x040F7000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
0x04119000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04128000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04137000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
0x0415E000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04160000 \SystemRoot\system32\DRIVERS\ks.sys
0x041A3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04000000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0405A000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x041B5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0520F000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x056EF000 \SystemRoot\system32\drivers\portcls.sys
0x0572C000 \SystemRoot\system32\drivers\drmk.sys
0x0574E000 \SystemRoot\system32\drivers\ksthunk.sys
0x05754000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05762000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0577B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05784000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x057A1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x057BE000 \SystemRoot\System32\drivers\Dxapi.sys
0x057CA000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x057D8000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x057E5000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05600000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0560E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0561A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x05623000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05636000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00520000 \SystemRoot\System32\TSDDD.dll
0x00790000 \SystemRoot\System32\cdd.dll
0x00950000 \SystemRoot\System32\ATMFD.DLL
0x05644000 \SystemRoot\system32\drivers\luafv.sys
0x05667000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x05684000 \SystemRoot\system32\drivers\WudfPf.sys
0x056A5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x056BA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x041CA000 \SystemRoot\System32\Drivers\fastfat.SYS
0x05E45000 \SystemRoot\system32\drivers\HTTP.sys
0x05F0D000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05F2B000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05F43000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05F70000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05FBE000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05FE1000 \SystemRoot\System32\Drivers\adfs.SYS
0x0643C000 \SystemRoot\system32\drivers\peauth.sys
0x064E2000 \SystemRoot\System32\Drivers\secdrv.SYS
0x064ED000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0651A000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0652C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06CD9000 \SystemRoot\System32\DRIVERS\srv.sys
0x06D6F000 \??\C:\Windows\gdrv.sys
0x06D78000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06C71000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x776D0000 \Windows\System32\ntdll.dll
0x482A0000 \Windows\System32\smss.exe
0xFF9F0000 \Windows\System32\apisetschema.dll
0xFFC80000 \Windows\System32\autochk.exe
0xFF780000 \Windows\System32\iertutil.dll
0x778A0000 \Windows\System32\normaliz.dll
0xFF700000 \Windows\System32\difxapi.dll
0xFF5D0000 \Windows\System32\rpcrt4.dll
0xFF4F0000 \Windows\System32\oleaut32.dll
0xFE760000 \Windows\System32\shell32.dll
0xFE550000 \Windows\System32\ole32.dll
0xFE4B0000 \Windows\System32\clbcatq.dll
0xFE3A0000 \Windows\System32\msctf.dll
0xFE380000 \Windows\System32\imagehlp.dll
0xFE2E0000 \Windows\System32\comdlg32.dll
0x775D0000 \Windows\System32\user32.dll
0xFE290000 \Windows\System32\Wldap32.dll
0xFE260000 \Windows\System32\imm32.dll
0x77890000 \Windows\System32\psapi.dll
0xFE1F0000 \Windows\System32\gdi32.dll
0xFE010000 \Windows\System32\setupapi.dll
0xFDF90000 \Windows\System32\shlwapi.dll
0xFDEF0000 \Windows\System32\msvcrt.dll
0xFDEE0000 \Windows\System32\lpk.dll
0xFDD60000 \Windows\System32\urlmon.dll
0xFDD40000 \Windows\System32\sechost.dll
0xFDC70000 \Windows\System32\usp10.dll
0xFDB90000 \Windows\System32\advapi32.dll
0xFDA60000 \Windows\System32\wininet.dll
0xFDA10000 \Windows\System32\ws2_32.dll
0x774B0000 \Windows\System32\kernel32.dll
0xFDA00000 \Windows\System32\nsi.dll
0xFD890000 \Windows\System32\crypt32.dll
0xFD850000 \Windows\System32\wintrust.dll
0xFD7E0000 \Windows\System32\KernelBase.dll
0xFD7C0000 \Windows\System32\devobj.dll
0xFD780000 \Windows\System32\cfgmgr32.dll
0xFD6E0000 \Windows\System32\comctl32.dll
0xFD6D0000 \Windows\System32\msasn1.dll
0x77230000 \Windows\SysWOW64\normaliz.dll

Processes (total 84):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
432 csrss.exe
500 csrss.exe
508 C:\Windows\System32\wininit.exe
564 C:\Windows\System32\services.exe
596 C:\Windows\System32\lsass.exe
604 C:\Windows\System32\lsm.exe
696 C:\Windows\System32\svchost.exe
716 C:\Windows\System32\winlogon.exe
824 C:\Windows\System32\nvvsvc.exe
864 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
128 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\nvvsvc.exe
1176 C:\Windows\System32\svchost.exe
1364 C:\Windows\System32\spoolsv.exe
1404 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1424 C:\Windows\System32\svchost.exe
1544 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1572 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1592 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
1624 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1716 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1724 C:\Windows\System32\conhost.exe
1736 C:\Users\Josh\Documents\Other and Programs\Dyyno Broadcaster\launcherd.exe
1772 C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
1796 C:\Program Files\Microsoft LifeCam\MSCamS64.exe
1816 C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
1860 C:\Program Files (x86)\Winamp Remote\bin\OrbMediaService.exe
2032 C:\Windows\SysWOW64\PnkBstrA.exe
1108 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
296 C:\Windows\System32\svchost.exe
1284 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
1856 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1520 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2180 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2712 WUDFHost.exe
2868 C:\Windows\System32\svchost.exe
2600 C:\Windows\System32\taskhost.exe
2840 C:\Windows\System32\dwm.exe
2104 C:\Windows\explorer.exe
3100 C:\Windows\System32\svchost.exe
3280 C:\Windows\vVX3000.exe
3288 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3336 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
3628 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
3656 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
3664 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
3684 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
3692 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
3700 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
3708 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
3860 C:\Program Files (x86)\Task Killer\TaskKiller.exe
3984 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
3188 C:\Users\Josh\Documents\Other and Programs\Dyyno Broadcaster\dyyno_launcher.exe
3204 C:\Windows\System32\SearchIndexer.exe
3388 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
164 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
1124 C:\Users\Josh\Documents\Other and Programs\bin\TSVNCache.exe
4064 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
2588 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
2740 C:\Program Files (x86)\Winamp\winampa.exe
1148 C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
3192 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3792 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3372 C:\Program Files\Windows Media Player\wmpnetwk.exe
4540 WmiPrvSE.exe
4548 C:\Windows\System32\svchost.exe
3800 dllhost.exe
5048 C:\Windows\System32\svchost.exe
4980 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
4512 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
4636 C:\Windows\SysWOW64\rundll32.exe
1692 C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
4248 C:\Windows\System32\audiodg.exe
5092 C:\Windows\System32\SearchProtocolHost.exe
4012 C:\Windows\System32\SearchFilterHost.exe
4296 C:\Users\Josh\Downloads\MBRCheck.exe
3076 C:\Windows\System32\conhost.exe
3328 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000070`80100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5001AALS-00L3B2, Rev: 01.03B01
PhysicalDrive1 Model Number: WDCWD6400AAKS-07A7B2, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
596 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 
ComboFix 11-01-20.01 - Josh 01/20/2011 20:39:19.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8190.6523 [GMT -5:00]
Running from: c:\users\Josh\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\users\Josh\ace_uninstaller.exe
c:\users\Josh\AppData\Roaming\Dyyno
c:\users\Josh\AppData\Roaming\Dyyno\dgcsrv.xml
c:\users\Josh\AppData\Roaming\Dyyno\dyyno.xml
c:\users\Josh\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-21 to 2011-01-21 )))))))))))))))))))))))))))))))
.

2011-01-21 01:44 . 2011-01-21 01:44 -------- d-----w- c:\users\Vikki\AppData\Local\temp
2011-01-21 01:01 . 2011-01-21 01:01 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2011-01-18 20:51 . 2011-01-19 17:17 -------- d-----w- c:\users\Josh\AppData\Local\PMB Files
2011-01-18 20:51 . 2011-01-18 20:51 -------- d-----w- c:\programdata\PMB Files
2011-01-18 20:34 . 2011-01-18 20:34 -------- d-----w- c:\programdata\SplitMediaLabs
2011-01-18 12:34 . 2011-01-18 12:35 -------- d-----w- c:\program files (x86)\Graboid
2011-01-18 04:52 . 2011-01-18 04:52 -------- d-----w- c:\program files\Microsoft Mathematics
2011-01-14 21:51 . 2011-01-14 21:51 -------- d-----w- c:\users\Vikki\AppData\Roaming\Winamp
2011-01-12 16:54 . 2011-01-12 16:54 -------- d-----w- C:\opt
2011-01-11 19:41 . 2011-01-11 19:41 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-01-09 00:55 . 2011-01-18 21:14 -------- d-----w- c:\users\Josh\AppData\Roaming\TS3Client
2011-01-09 00:55 . 2011-01-09 00:55 -------- d-----w- c:\users\Josh\AppData\Local\TeamSpeak 3 Client
2011-01-03 23:05 . 2011-01-03 23:05 -------- d-----w- c:\users\Andi\AppData\Roaming\Subversion
2011-01-03 20:55 . 2011-01-19 20:24 -------- d-----w- c:\users\Andi\AppData\Local\TSVNCache
2011-01-02 22:09 . 2011-01-21 00:43 -------- d-----w- c:\users\Josh\AppData\Local\TSVNCache
2011-01-02 00:42 . 2011-01-02 00:42 -------- d-----w- c:\users\Josh\AppData\Roaming\TortoiseSVN
2011-01-02 00:41 . 2011-01-02 00:41 -------- d-----w- c:\users\Josh\AppData\Roaming\Subversion
2011-01-02 00:39 . 2011-01-02 00:39 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2010-12-28 16:34 . 2010-12-28 16:34 -------- d-----w- c:\users\Josh\AppData\Roaming\Avira
2010-12-28 16:31 . 2010-12-13 13:40 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-28 16:31 . 2010-12-13 13:40 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-28 16:31 . 2010-12-28 16:31 -------- d-----w- c:\programdata\Avira
2010-12-28 16:31 . 2010-12-28 16:31 -------- d-----w- c:\program files (x86)\Avira
2010-12-28 16:07 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{957EF162-351F-493E-A609-2C17E2CF0BA7}\mpengine.dll
2010-12-23 22:52 . 2010-12-23 22:52 -------- d-----w- c:\program files (x86)\Common Files\Java
2010-12-23 22:51 . 2010-12-23 22:51 -------- d-----w- c:\program files (x86)\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 00:42 . 2010-12-01 01:26 25640 ----a-w- c:\windows\gdrv.sys
2011-01-19 18:51 . 2010-06-17 01:42 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-01-19 18:51 . 2010-06-17 01:41 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-01-19 18:50 . 2010-06-17 01:41 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2010-12-23 22:51 . 2010-06-17 23:59 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-12-20 23:09 . 2010-12-10 19:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-12-10 19:39 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-11 22:00 . 2010-06-17 01:41 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-12-02 23:10 . 2010-09-10 01:42 82816 ----a-w- c:\users\Josh\AppData\Roaming\pcouffin.sys
2010-11-04 06:35 . 2010-12-16 04:48 1194496 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-16 04:48 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-16 04:48 978944 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-16 04:48 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-16 04:48 482816 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-16 04:48 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-16 04:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-16 04:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-16 04:48 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-16 04:48 473600 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 05:17 . 2010-12-16 04:48 1169408 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 05:16 . 2010-12-16 04:48 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-16 04:48 464384 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-16 04:48 285696 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-16 04:48 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-16 04:48 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-16 04:48 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-16 04:48 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-10-27 05:06 . 2010-12-16 04:48 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-27 04:32 . 2010-12-16 04:48 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Task Killer"="c:\program files (x86)\Task Killer\TaskKiller.exe" [2007-11-04 221696]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"sbitunesagent"="c:\users\Josh\Documents\Songbird\songbirditunesagent.exe" [2010-06-09 266240]
"Google Update"="c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-09-03 136176]
"Dyyno Launcher"="c:\users\Josh\Documents\Other and Programs\Dyyno Broadcaster\dyyno_launcher.exe" [2010-12-12 2151776]
"C:!Users!Josh!AppData!Local!Google!Chrome!User Data_service_run"="c:\users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-01-10 1003576]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-18 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-07 74752]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

c:\users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Josh\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\users\Vikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"amd_dc_opt"=c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25 135664]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-11-18 1038088]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-08-05 43728]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-04-28 55024]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-08-05 202960]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-08-05 53968]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 Dyyno Launcher;Dyyno Service;c:\users\Josh\Documents\Other and Programs\Dyyno Broadcaster\launcherd.exe [2010-12-12 415072]
S2 GEST Service;GEST Service for program management.;c:\program files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2009-07-30 68136]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-26 75264]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-26 176640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-08-05 144720]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-08-05 164240]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
Contents of the 'Scheduled Tasks' folder

2011-01-21 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2009-11-21 15:21]

2011-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25 16:44]

2011-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25 16:44]

2011-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1633182106-547672266-1594137005-1000Core.job
- c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-03 18:45]

2011-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1633182106-547672266-1594137005-1000UA.job
- c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-03 18:45]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2010-10-14 23:04 142336 ----a-w- c:\users\Josh\Documents\Other and Programs\SugarSync\SugarSyncShellExt_x64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2010-10-14 23:04 142336 ----a-w- c:\users\Josh\Documents\Other and Programs\SugarSync\SugarSyncShellExt_x64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2010-10-14 23:04 142336 ----a-w- c:\users\Josh\Documents\Other and Programs\SugarSync\SugarSyncShellExt_x64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2010-10-14 23:04 142336 ----a-w- c:\users\Josh\Documents\Other and Programs\SugarSync\SugarSyncShellExt_x64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX3000"="c:\windows\vVX3000.exe" [2009-07-01 762224]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-03 8317472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\users\Josh\Documents\Other and Programs\Stardock\Fences\FencesMenu64.dll" [2009-10-02 134656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {64F146E5-75E3-41E8-B13B-33D0BCC01771} = 167.206.245.12,167.206.245.11
DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} - hxxp://68.39.100.29/DVROcxEx.cab
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.engadget.com/|http://gizmodo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox 4.0 Beta 1\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
FF - Ext: GoogleTube: googletube@googletube.com - %profile%\extensions\googletube@googletube.com
FF - Ext: meebo: firefox@meebo.com - %profile%\extensions\firefox@meebo.com
FF - Ext: Office Black: Office2007Black@JBBS - %profile%\extensions\Office2007Black@JBBS
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: Chromifox Basic: chromifox@altmusictv.com - %profile%\extensions\chromifox@altmusictv.com
FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: AOL Radio Toolbar: {6ad56361-628f-471b-8f9d-4c338973a87d} - %profile%\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: FlipClock: {cdd09450-7280-11de-8a39-0800200c9a66} - %profile%\extensions\{cdd09450-7280-11de-8a39-0800200c9a66}
FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Half-Life Dedicated Server Update Tool - c:\users\Josh\DOCUME~1\OTHERA~1\UNWISE.EXE
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Wubi - h:\ubuntu\uninstall-wubi.exe
AddRemove-Android Screencast - c:\windows\system32\javaws.exe
AddRemove-GCalc 3 - c:\windows\system32\javaws.exe
AddRemove-SugarSync - c:\program files (x86)\SugarSync\uninstall.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-20 20:46:59
ComboFix-quarantined-files.txt 2011-01-21 01:46

Pre-Run: 166,914,670,592 bytes free
Post-Run: 167,625,723,904 bytes free

- - End Of File - - 06016A1399505BBBE9AC4A1FE149BB55
 
Looks good now....

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL

OTL logfile created on: 1/20/2011 9:20:31 PM - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Josh\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 69.00% Memory free
18.00 Gb Paging File | 15.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): c:\pagefile.sys 10000 100000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 157.98 Gb Free Space | 33.93% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 550.00 Gb Total Space | 0.02 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive G: | 46.17 Gb Total Space | 40.59 Gb Free Space | 87.91% Space Free | Partition Type: NTFS
Drive H: | 3.76 Gb Total Space | 3.76 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: LEIBFAM | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/20 21:19:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
PRC - [2011/01/11 14:20:19 | 000,407,336 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/01/10 11:04:03 | 001,003,576 | ---- | M] (Google Inc.) -- C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/12/12 18:44:26 | 002,151,776 | ---- | M] () -- C:\Users\Josh\My Documents\Other and Programs\Dyyno Broadcaster\dyyno_launcher.exe
PRC - [2010/12/12 18:44:18 | 000,415,072 | ---- | M] () -- C:\Users\Josh\My Documents\Other and Programs\Dyyno Broadcaster\launcherd.exe
PRC - [2010/12/11 17:00:18 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/12/07 17:23:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010/12/07 05:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/11/30 17:54:43 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/09 11:38:56 | 003,465,384 | ---- | M] (Thorvald Natvig) -- C:\Users\Josh\My Documents\Other and Programs\Mumble\mumble.exe
PRC - [2009/11/18 10:37:26 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/10/20 23:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/07/30 17:51:02 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/01/29 21:19:34 | 000,041,472 | ---- | M] (Orb Networks) -- C:\Program Files (x86)\Winamp Remote\bin\OrbMediaService.exe


========== Modules (SafeList) ==========

MOD - [2011/01/20 21:19:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/18 09:24:46 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/24 15:04:54 | 000,199,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/01/11 14:20:19 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/12 18:44:18 | 000,415,072 | ---- | M] () [Auto | Running] -- C:\Users\Josh\My Documents\Other and Programs\Dyyno Broadcaster\launcherd.exe -- (Dyyno Launcher)
SRV - [2010/12/11 17:00:18 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/12/07 05:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/18 09:23:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/07/30 17:51:02 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/01/29 21:19:34 | 000,041,472 | ---- | M] (Orb Networks) [Auto | Running] -- C:\Program Files (x86)\Winamp Remote\bin\OrbMediaService.exe -- (OrbMediaService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/13 08:40:21 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/12/13 08:40:21 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/09 20:42:57 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/08/05 13:02:56 | 000,144,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2010/01/21 01:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010/01/21 01:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010/01/21 01:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009/10/26 10:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/10/26 10:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/09/03 15:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/07/30 06:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/30 21:24:50 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/28 15:20:06 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/11/04 13:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV - [2011/01/20 19:42:23 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/06/08 19:30:22 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2007/02/07 13:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0B DA 7C 63 DE A6 CB 01 [binary data]
IE - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;127.0.0.1;<local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.engadget.com/|http://gizmodo.com/"
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {6ad56361-628f-471b-8f9d-4c338973a87d}:5.27.1.6046
FF - prefs.js..extensions.enabledItems: googletube@googletube.com:2.0.2
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.0.0.0
FF - prefs.js..extensions.enabledItems: firefox@meebo.com:1.1
FF - prefs.js..extensions.enabledItems: {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {cdd09450-7280-11de-8a39-0800200c9a66}:0.82
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.4.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.8.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100827
FF - prefs.js..extensions.enabledItems: Office2007Black@JBBS:1.5.5


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/24 20:56:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/30 17:56:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 1\components [2010/07/06 17:25:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 1\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/12/13 22:18:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/07/21 14:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions
[2010/02/21 13:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/07/21 14:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2010/10/10 12:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions
[2010/09/21 22:08:38 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2010/08/18 14:00:16 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/02/03 19:23:15 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2010/09/21 22:08:38 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/09/01 21:30:18 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010/08/18 14:00:16 | 000,000,000 | ---D | M] (AOL Radio Toolbar) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}
[2010/09/21 22:08:37 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/09/21 22:08:37 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/09/21 22:08:38 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/07/26 19:35:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/14 16:31:29 | 000,000,000 | ---D | M] (FlipClock) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{cdd09450-7280-11de-8a39-0800200c9a66}
[2010/08/18 14:00:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/15 19:10:21 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\chromifox@altmusictv.com
[2010/06/15 19:10:28 | 000,000,000 | ---D | M] (شريط أدوات Ùيس بوك) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\firefox@facebook.com
[2009/12/06 19:12:43 | 000,000,000 | ---D | M] (meebo) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\firefox@meebo.com
[2010/09/22 20:06:07 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\foxmarks@kei.com
[2010/06/15 19:10:28 | 000,000,000 | ---D | M] (GoogleTube) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\googletube@googletube.com
[2010/09/21 22:08:37 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\nasanightlaunch@example.com
[2010/09/21 22:08:32 | 000,000,000 | ---D | M] (Office Black) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\Office2007Black@JBBS
[2009/12/07 21:01:09 | 000,000,000 | ---D | M] (RedShift V3) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\redshift_V2@shift-themes.com
[2010/08/10 12:45:56 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\extensions\YoutubeDownloader@PeterOlayev.com
[2009/12/28 17:40:04 | 000,002,283 | ---- | M] () -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdm61a.default\searchplugins\aol-search.xml
[2010/12/23 17:51:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/17 18:59:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/29 15:43:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/23 17:51:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/23 17:51:40 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/07 17:25:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files (x86)\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000..\Run: [C:!Users!Josh!AppData!Local!Google!Chrome!User Data_service_run] C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000..\Run: [Dyyno Launcher] C:\Users\Josh\Documents\Other and Programs\Dyyno Broadcaster\dyyno_launcher.exe ()
O4 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000..\Run: [sbitunesagent] C:\Users\Josh\My Documents\Songbird\songbirditunesagent.exe ()
O4 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000..\Run: [Task Killer] C:\Program Files (x86)\Task Killer\TaskKiller.exe ()
O4 - Startup: C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Josh\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-Disabled: New Application = C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O7 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-Disabled: steam = C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files (x86)\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} http://68.39.100.29/DVROcxEx.cab (DVROcxEx Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Users\Josh\My Documents\Other and Programs\Stardock\Fences\FencesMenu64.dll (Stardock)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/20 21:19:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
[2011/01/20 20:36:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/20 20:36:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/20 20:36:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/20 20:36:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/20 20:36:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/20 20:36:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/19 21:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2011/01/19 13:00:19 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ACE
[2011/01/18 15:51:38 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\PMB Files
[2011/01/18 15:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011/01/18 15:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs
[2011/01/18 07:34:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Graboid
[2011/01/17 23:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mathematics (64-bit)
[2011/01/17 23:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mathematics
[2011/01/16 14:52:47 | 000,000,000 | ---D | C] -- C:\Users\Josh\Documents\Chrome Themes
[2011/01/16 14:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2011/01/12 11:54:00 | 000,000,000 | ---D | C] -- C:\opt
[2011/01/11 14:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/01/08 19:55:32 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\TS3Client
[2011/01/08 19:55:21 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/01/08 19:55:20 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\TeamSpeak 3 Client
[2011/01/02 17:09:55 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\TSVNCache
[2011/01/01 19:42:34 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\TortoiseSVN
[2011/01/01 19:41:04 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Subversion
[2011/01/01 19:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
[2011/01/01 19:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2011/01/01 14:39:46 | 000,000,000 | ---D | C] -- C:\Users\Josh\Documents\My Games
[2010/12/28 11:34:56 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Avira
[2010/12/28 11:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2010/12/28 11:31:55 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/12/28 11:31:55 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/12/28 11:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/12/28 11:31:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010/12/24 14:33:07 | 000,000,000 | ---D | C] -- C:\Users\Josh\Documents\Dyyno
[2010/12/23 17:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/12/23 17:51:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/12/23 17:21:10 | 000,000,000 | ---D | C] -- C:\Users\Josh\Documents\Alpha Server Config
[2010/09/09 20:42:57 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Josh\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/01/20 21:19:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
[2011/01/20 21:13:32 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/20 21:13:32 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/20 21:11:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/20 20:57:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1633182106-547672266-1594137005-1000UA.job
[2011/01/20 20:57:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1633182106-547672266-1594137005-1000Core.job
[2011/01/20 20:01:34 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/01/20 19:43:20 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/20 19:43:20 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/01/20 19:42:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/20 19:42:00 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/19 15:31:28 | 458,483,725 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/19 13:51:50 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/01/19 13:51:50 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/01/19 13:50:27 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/01/19 13:00:19 | 000,001,838 | ---- | M] () -- C:\Users\Josh\Desktop\ACE LoL Client.lnk
[2011/01/19 11:49:56 | 000,001,190 | ---- | M] () -- C:\Users\Josh\Desktop\lol.launcher - Shortcut.lnk
[2011/01/18 17:19:01 | 000,784,344 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/18 17:19:01 | 000,663,722 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/18 17:19:01 | 000,122,452 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/18 15:33:01 | 000,001,252 | ---- | M] () -- C:\Users\Josh\Desktop\XSplit Broadcaster.lnk
[2011/01/17 23:57:11 | 000,000,173 | ---- | M] () -- C:\Users\Josh\AppData\Local\msmathematics.qat.Josh
[2011/01/17 15:27:40 | 000,013,659 | ---- | M] () -- C:\Users\Josh\Desktop\Roaming - Shortcut.lnk
[2011/01/17 12:04:01 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/16 14:29:12 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2011/01/12 11:41:11 | 000,001,095 | ---- | M] () -- C:\Users\Josh\Desktop\eclipse - Shortcut.lnk
[2011/01/12 10:58:38 | 000,002,391 | ---- | M] () -- C:\Users\Josh\Desktop\Google Chrome.lnk
[2011/01/11 15:07:10 | 000,000,890 | ---- | M] () -- C:\Users\Josh\Desktop\League of Legends - Shortcut.lnk
[2011/01/08 19:55:21 | 000,001,203 | ---- | M] () -- C:\Users\Josh\Desktop\TeamSpeak 3 Client.lnk
[2011/01/08 08:02:34 | 003,034,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/28 11:32:06 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/12/24 16:02:04 | 000,000,032 | ---- | M] () -- C:\Users\Josh\Documents\mineserver_201024.7z
[2010/12/24 14:30:20 | 000,001,119 | ---- | M] () -- C:\Users\Josh\Desktop\Dyyno Broadcaster.lnk

========== Files Created - No Company Name ==========

[2011/01/20 20:36:49 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/20 20:36:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/20 20:36:49 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/20 20:36:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/20 20:36:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/20 20:01:29 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/01/19 11:49:56 | 000,001,190 | ---- | C] () -- C:\Users\Josh\Desktop\lol.launcher - Shortcut.lnk
[2011/01/19 11:47:47 | 000,001,838 | ---- | C] () -- C:\Users\Josh\Desktop\ACE LoL Client.lnk
[2011/01/18 15:33:01 | 000,001,252 | ---- | C] () -- C:\Users\Josh\Desktop\XSplit Broadcaster.lnk
[2011/01/17 23:57:11 | 000,000,173 | ---- | C] () -- C:\Users\Josh\AppData\Local\msmathematics.qat.Josh
[2011/01/17 15:27:40 | 000,013,659 | ---- | C] () -- C:\Users\Josh\Desktop\Roaming - Shortcut.lnk
[2011/01/16 14:29:12 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2011/01/12 11:41:11 | 000,001,095 | ---- | C] () -- C:\Users\Josh\Desktop\eclipse - Shortcut.lnk
[2011/01/11 15:07:10 | 000,000,890 | ---- | C] () -- C:\Users\Josh\Desktop\League of Legends - Shortcut.lnk
[2011/01/08 19:55:21 | 000,001,203 | ---- | C] () -- C:\Users\Josh\Desktop\TeamSpeak 3 Client.lnk
[2010/12/28 11:32:06 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/12/24 16:01:54 | 000,000,032 | ---- | C] () -- C:\Users\Josh\Documents\mineserver_201024.7z
[2010/10/07 21:07:06 | 000,778,156 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/09 20:43:32 | 000,000,033 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\pcouffin.log
[2010/09/09 20:42:57 | 000,007,859 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\pcouffin.cat
[2010/09/09 20:42:57 | 000,001,167 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\pcouffin.inf
[2010/08/11 20:37:22 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2010/07/13 17:01:21 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/07/09 14:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/03/08 15:13:58 | 000,000,139 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/01/28 20:31:26 | 000,000,279 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/12/18 22:36:21 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/12/18 22:36:21 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/12/10 17:26:04 | 000,003,584 | ---- | C] () -- C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/28 10:46:42 | 000,007,597 | ---- | C] () -- C:\Users\Josh\AppData\Local\resmon.resmoncfg
[2009/11/24 17:29:17 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2009/11/22 12:22:33 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/11/19 21:50:32 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/17 15:35:05 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/08/28 13:13:46 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\PlayerDll.dll
[2009/08/28 13:13:42 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\DVRConfig.dll
[2009/08/28 13:13:38 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ResourceDll.dll
[2009/08/20 09:36:54 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\DVRTH264.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/06/26 17:24:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini

========== LOP Check ==========
 
continued:


[2011/01/20 12:11:41 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Dropbox
[2010/10/21 18:05:58 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Stardock
[2011/01/03 18:05:00 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Subversion
[2011/01/17 15:29:02 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\.minecraft
[2010/07/29 09:39:51 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Atari
[2010/01/12 22:07:58 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\CocoonSoftware
[2010/07/29 09:39:26 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\DAEMON Tools Net
[2010/02/14 19:45:35 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Deusty
[2010/02/21 13:24:33 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Doomi.809F847005C7832B69625A614BB25CA209244440.1
[2010/11/02 23:42:24 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Dropbox
[2009/11/24 17:29:17 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\FirstClass
[2010/07/30 16:22:54 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\GlarySoft
[2010/12/02 18:08:44 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\HLSW
[2010/09/11 19:32:27 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\ImgBurn
[2010/10/12 20:41:44 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\IObit
[2010/07/29 09:53:55 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Leadertech
[2010/10/09 16:10:53 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\leafChat
[2010/06/22 19:02:15 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\LolClient
[2010/10/22 13:50:06 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Mobile Action
[2010/09/10 14:21:02 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\MoveFab
[2010/07/26 09:25:27 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Mp3tag
[2011/01/20 12:10:04 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Mumble
[2010/06/14 14:16:24 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\oovooinstaller
[2010/03/11 17:27:05 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Opera
[2010/10/22 15:56:21 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Rainmeter
[2010/10/06 13:48:53 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Softpark
[2010/08/14 21:53:00 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Songbird2
[2010/06/14 12:30:34 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Stardock
[2011/01/01 19:41:04 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Subversion
[2010/01/24 20:39:28 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\SystemRequirementsLab
[2010/12/14 17:33:59 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\TeamViewer
[2010/09/11 19:46:24 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\TeraCopy
[2010/02/21 13:29:37 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Thunderbird
[2011/01/18 16:14:41 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\TS3Client
[2011/01/20 19:45:24 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\uTorrent
[2010/12/02 18:10:06 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Vso
[2010/07/29 18:09:11 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\WindSolutions
[2010/02/22 15:10:31 | 000,000,000 | ---D | M] -- C:\Users\Louis\AppData\Roaming\Thunderbird
[2011/01/20 19:43:20 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011/01/03 15:54:26 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/01/20 20:46:59 | 000,027,807 | ---- | M] () -- C:\ComboFix.txt
[2009/11/17 15:41:38 | 000,000,197 | ---- | M] () -- C:\csb.log
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/01/20 19:42:00 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/19 19:40:04 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2009/11/17 15:40:37 | 000,000,190 | ---- | M] () -- C:\Install.log
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/01/20 19:42:10 | 1895,825,406 | -HS- | M] () -- C:\pagefile.sys
[2009/11/17 15:38:33 | 000,001,944 | ---- | M] () -- C:\RHDSetup.log
[2011/01/20 21:23:42 | 000,054,040 | ---- | M] () -- C:\service.log
[2011/01/20 20:14:13 | 000,062,196 | ---- | M] () -- C:\TDSSKiller.2.4.14.0_20.01.2011_20.13.24_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/22 23:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/17 15:33:34 | 000,000,221 | -HS- | M] () -- C:\Users\Josh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/07/21 16:02:56 | 000,812,544 | ---- | M] (Big Bang enterprises) -- C:\Users\Josh\Desktop\DoubleKiller.exe
[2009/12/19 15:42:30 | 002,170,856 | ---- | M] (CPUID) -- C:\Users\Josh\Desktop\Hardware Namer.exe
[2010/10/13 14:28:50 | 000,525,824 | ---- | M] () -- C:\Users\Josh\Desktop\MCLawl.exe
[2010/10/10 13:04:00 | 000,232,501 | ---- | M] () -- C:\Users\Josh\Desktop\Minecraft.exe
[2011/01/20 21:19:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
[2010/06/14 19:15:39 | 000,791,256 | ---- | M] () -- C:\Users\Josh\Desktop\Universal-USB-Installer-v1.6.4.exe
[2010/08/30 16:41:56 | 000,077,824 | ---- | M] (Lexar Media) -- C:\Users\Josh\Desktop\USB fixer.exe
[2010/07/13 17:24:56 | 002,668,544 | ---- | M] () -- C:\Users\Josh\Desktop\VirtualDub.exe
[2010/06/14 19:22:51 | 001,469,477 | ---- | M] () -- C:\Users\Josh\Desktop\wubi.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2009/06/26 17:24:18 | 000,013,023 | ---- | M] () -- C:\Windows\VX3000.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/02/21 13:08:20 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/02/21 13:08:20 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/02/21 13:08:20 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/02/21 13:08:20 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/02/21 13:08:20 | 000,786,432 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2010/02/21 13:08:20 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/03 09:10:44 | 000,000,402 | -HS- | M] () -- C:\Users\Josh\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/03/08 15:13:58 | 000,000,139 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B174FAE

< End of report >
 
Extras


OTL Extras logfile created on: 1/20/2011 9:20:31 PM - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Josh\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 69.00% Memory free
18.00 Gb Paging File | 15.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): c:\pagefile.sys 10000 100000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 157.98 Gb Free Space | 33.93% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 550.00 Gb Total Space | 0.02 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive G: | 46.17 Gb Total Space | 40.59 Gb Free Space | 87.91% Space Free | Partition Type: NTFS
Drive H: | 3.76 Gb Total Space | 3.76 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: LEIBFAM | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1633182106-547672266-1594137005-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{390239C9-8AB0-4E81-9E74-2020988D5582}" = MySQL Server 5.1
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E061CBA-1DBB-45DD-8873-D100072ADCAD}" = Microsoft LifeCam
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{818AA386-29D5-4DFF-BBB5-3F16133F1409}" = TortoiseSVN 1.6.12.20536 (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CC95E3FF-822B-47CD-9B4D-C89536615461}" = Oracle VM VirtualBox 3.2.8
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"CCleaner" = CCleaner
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{019210C1-32C8-423C-BEFD-763C8E7A188F}" = Microsoft Money 2003
"{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}" = Microsoft Money 2003 System Pack
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37C5A56A-00EA-347B-B7A1-5628BED56702}" = Google Talk Plugin
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B9.0730.1
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A824A87-5353-4964-8935-AF3CB72D9DEC}" = XSplit
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{924EAD66-F854-4605-8493-696DD59A113B}" = RollerCoaster Tycoon Deluxe
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C3234E43-10BF-470E-BD2B-2E36EA29D11C}" = League of Legends
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{EDE1736D-94BA-0200-0000-000000000000}" = Android Manager WiFi
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F744201B-8229-4FBF-AF10-13BAFD02AF7C}" = STORM
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"ACE LoL Client" = League of Legends - ACE Client by Matricus
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dyyno Broadcaster" = Dyyno Broadcaster
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fences" = Fences
"FLAC" = FLAC 1.2.1b (remove only)
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Freemake Video Converter_is1" = Freemake Video Converter version 1.3.0
"Freemake Video Downloader_is1" = Freemake Video Downloader version 2.0.1
"Game Booster_is1" = Game Booster
"Glary Utilities_is1" = Glary Utilities 2.17.0.776
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"ImgBurn" = ImgBurn
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mIRC" = mIRC
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Mozilla Firefox (4.0b1)" = Mozilla Firefox (4.0b1)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"Mp3tag" = Mp3tag v2.47b
"Mumble" = Mumble and Murmur
"OCCT_is1" = OCCT Perestroika 3.1.0
"OpenAL" = OpenAL
"Orb" = Winamp Remote
"Precision" = EVGA Precision 1.8.0
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter (remove only)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Songbird-release-1700" = Songbird 1.7.3 (Build 1700)
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 10090" = Call of Duty: World at War
"Steam App 1510" = Uplink
"Steam App 240" = Counter-Strike: Source
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 31280" = Poker Night at the Inventory
"Steam App 4000" = Garry's Mod
"Steam App 40100" = Supreme Commander 2
"Steam App 440" = Team Fortress 2
"Steam App 48160" = Tom Clancy's H.A.W.X. 2
"Steam App 520" = Team Fortress 2 Beta
"Steam App 550" = Left 4 Dead 2
"Steam App 58300" = System Protocol One
"Steam App 70100" = Hacker Evolution
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"Winamp" = Winamp
"Winamp5MLImpex" = Winamp 5 Media Liabrary Import/Export (remove only)
"WinLiveSuite" = Windows Live Essentials
"Wubi" = Ubuntu
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1633182106-547672266-1594137005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"QUICKMEDIACONVERTER" = QMC
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;127.0.0.1;<local>
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKU\S-1-5-21-1633182106-547672266-1594137005-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2009/11/19 21:50:32 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B174FAE


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
HKU\S-1-5-21-1633182106-547672266-1594137005-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry value HKEY_USERS\S-1-5-21-1633182106-547672266-1594137005-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\ProgramData\ezsidmv.dat moved successfully.
ADS C:\ProgramData\TEMP:0B174FAE deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Andi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Josh
->Temp folder emptied: 26093624 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 52858768 bytes
->Flash cache emptied: 2897 bytes

User: Louis
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Vikki
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 9199738 bytes

Total Files Cleaned = 84.00 mb


[EMPTYFLASH]

User: All Users

User: Andi
->Flash cache emptied: 0 bytes

User: AppData

User: Default

User: Default User

User: Josh
->Flash cache emptied: 0 bytes

User: Louis
->Flash cache emptied: 0 bytes

User: Public

User: Vikki
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.3 log created on 01202011_215759

Files\Folders moved on Reboot...
File move failed. C:\Users\Josh\AppData\Local\Temp\BITCB7D.tmp scheduled to be moved on reboot.
C:\Users\Josh\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
Mozilla Firefox (4.0b1.) Firefox Out of Date!
Mozilla Thunderbird (3.1.7)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Josh Documents School Virus Info\SecurityCheck.exe
``````````End of Log````````````
 
Status
Not open for further replies.

Similar threads

N
Apple Silicon Macs review roundup: So it begins
Replies
12
Views
3K
sreams
S
Shawn Knight
Don't turn to Amazon (or anyone else) for a student loan
Replies
21
Views
3K
jamestyrone509
jamestyrone509
Matthew DeCarlo
Things I was unprepared for as a lead developer
Replies
3
Views
2K
Arris
A

Latest posts

Back