Solved Windows 7 explorer crashing/restarting

[tovette]

I've recently run into an issue where upon start up I get a windows explorer error saying that the Explorer has stopped working, then refreshes and 10 seconds later does it all over again into an endless loop. In some cases the explorer crashes altogether, system tray and all.

I've run malwarebytes, super antispyware as well as AVG scans and I've come up with issues to delete but after restarting the explorer issue is still present.

I restarted in safemode and the explorer worked fine. I also went into my configsys and removed all startup applications and that didn't work either.

My event viewer has labeled the error as this:

Log Name: Application
Source: Application Error
Date: 10/20/2010 12:34:50 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: Nate-PC
Description:
Faulting application name: Explorer.EXE, version: 6.1.7600.16450, time stamp: 0x4aebab8d
Faulting module name: Explorer.EXE, version: 6.1.7600.16450, time stamp: 0x4aebab8d
Exception code: 0xc000041d
Fault offset: 0x000000000002cc2b
Faulting process id: 0x1500
Faulting application start time: 0x01cb70293e35daf0
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\Explorer.EXE
Report Id: 84ec9b50-dc1c-11df-82f4-001ec94ec4ca
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-10-20T07:34:50.000000000Z" />
<EventRecordID>6879</EventRecordID>
<Channel>Application</Channel>
<Computer>Nate-PC</Computer>
<Security />
</System>
<EventData>
<Data>Explorer.EXE</Data>
<Data>6.1.7600.16450</Data>
<Data>4aebab8d</Data>
<Data>Explorer.EXE</Data>
<Data>6.1.7600.16450</Data>
<Data>4aebab8d</Data>
<Data>c000041d</Data>
<Data>000000000002cc2b</Data>
<Data>1500</Data>
<Data>01cb70293e35daf0</Data>
<Data>C:\Windows\Explorer.EXE</Data>
<Data>C:\Windows\Explorer.EXE</Data>
<Data>84ec9b50-dc1c-11df-82f4-001ec94ec4ca</Data>
</EventData>
</Event>

Anyone have any suggestions?? I've exhausted everything I know so I'm stumped... :\

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

 

[tovette]

Here is my log results from the 8 step...
--------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4897

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/20/2010 8:06:50 PM
mbam-log-2010-10-20 (20-06-50).txt

Scan type: Quick scan
Objects scanned: 137659
Time elapsed: 3 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

------------------


DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by Nate at 20:11:41.07 on Wed 10/20/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6141.4076 [GMT -7:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
E:\Program Files\MozyHome\mozybackup.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
E:\Program Files\MozyHome\mozybackup.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe
C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\explorer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Users\Nate\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
LSP: C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\16ulwfx2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VUZTDF&PC=VUZE&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Nate\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrw7a;AVG9IDSErHr;C:\Windows\System32\drivers\AVGIDSwa.sys [2010-4-30 27216]
R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\drivers\avgrkx64.sys [2010-4-30 56008]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-4-30 29976]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-4-30 269904]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-4-30 35536]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-4-30 317520]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-5-1 921952]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-5-1 308136]
R2 avgfws9;AVG Firewall;C:\Program Files (x86)\AVG\AVG9\avgfws9.exe [2010-5-1 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-5-1 5897808]
R2 cpuz133;cpuz133;C:\Windows\System32\drivers\cpuz133_x64.sys [2010-6-30 20968]
R2 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2010-4-30 4510504]
R3 AVGIDSDriverw7a;AVG9IDSDriver;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2010-4-30 132688]
R3 AVGIDSFilterw7a;AVG9IDSFilter;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2010-4-30 35920]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-7-14 22408]
R3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\System32\drivers\LGPBTDD.sys [2009-7-1 30728]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-11 50208]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-1-24 18216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-6-26 430152]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2007-5-11 1361952]
S3 LVUVC64;QuickCam Orbit/Sphere MP(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2007-5-11 3612704]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-1 1255736]

=============== Created Last 30 ================

2010-10-20 06:56:51 6637392 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-10-20 06:56:49 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{985C89A0-68EC-45CC-9063-36851EC7EC35}\mpengine.dll
2010-10-20 06:42:34 -------- d-----w- C:\Windows\pss
2010-10-20 05:52:05 -------- d-----w- C:\Users\Nate\AppData\Roaming\SUPERAntiSpyware.com
2010-10-20 05:52:05 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2010-10-20 05:52:00 -------- d-----w- C:\PROGRA~3\!SASCORE
2010-10-20 05:51:58 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-10-20 03:28:32 -------- d-----w- C:\PROGRA~3\F-Secure
2010-10-13 07:36:12 -------- d-----w- C:\Program Files (x86)\SmartFTP Client 4.0 (x64) Setup Files
2010-09-29 10:00:29 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-09-29 06:27:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-29 06:27:36 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-29 06:27:31 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-09-29 06:27:31 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-09-25 17:16:06 -------- d-----w- C:\Program Files\iTunes
2010-09-25 17:16:06 -------- d-----w- C:\Program Files\iPod
2010-09-25 17:14:51 -------- d-----w- C:\Program Files\Bonjour

==================== Find3M ====================

2010-09-08 18:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-08-05 03:13:49 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2010-08-05 03:13:49 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-07-28 01:55:50 95520 ----a-w- C:\Windows\System32\dnssd.dll
2010-07-28 01:55:50 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2010-07-28 01:44:10 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2010-07-28 01:44:10 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe

============= FINISH: 20:12:06.27 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/30/2010 5:30:26 AM
System Uptime: 10/20/2010 8:00:35 PM (0 hours ago)

Motherboard: Dell Inc | | 0PP150
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz | Socket 775 | 3006/1333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 596 GiB total, 435.982 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 475.716 GiB free.
E: is FIXED (NTFS) - 466 GiB total, 253.401 GiB free.
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (NTFS) - 932 GiB total, 155.319 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP83: 10/19/2010 1:44:06 AM - Scheduled Checkpoint
RP84: 10/19/2010 11:56:34 PM - Windows Update

==== Installed Programs ======================

Acrobat.com
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.3.4
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AhaView
Alien Swarm
Any Video Converter 3.0.7
Apple Application Support
Apple Software Update
AVG 9.0
Camtasia Studio 7
Crysis Warhead
DiRT 2
DVDSmith Movie Backup 1.0.5
EVE Online (remove only)
F.E.A.R. 2: Project Origin
Facebook Plug-In
Flotilla
FontCreator 5.6
Handbrake 0.9.4
HMA! Pro VPN 2.4.1
Impulse
Java(TM) 6 Update 17
Java(TM) 6 Update 7
JDownloader
Karen's Replicator
Left 4 Dead 2
Macromedia Dreamweaver 8
Macromedia Extension Manager
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.11)
MSVCRT
NVIDIA PhysX
Octoshape add-in for Adobe Flash Player
OpenOffice.org 3.0
PDF Settings
Pen Tablet
PunkBuster Services
QuickTime
RealPlayer
RealUpgrade 1.0
Resident Evil 5
Revo Uninstaller 1.89
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Sins of a Solar Empire
SmartFTP Client Setup Files 3.0 (x64) (remove only)
SmartFTP Client Setup Files 4.0 (x64) (remove only)
Sony Media Manager 2.2
Sony Vegas 7.0
Star Trek Online
StarCraft II
Steam
The Chronicles of Riddick: Assault on Dark Athena
Torchlight
Vector Magic
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 0.9.9
Vuze
Vuze Remote Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinRAR archiver
World of Warcraft

==== Event Viewer Messages From Past Week ========

10/20/2010 7:58:36 PM, Error: Service Control Manager [7034] - The AVG9IDSAgent service terminated unexpectedly. It has done this 1 time(s).
10/20/2010 7:43:51 PM, Error: Microsoft-Windows-HttpEvent [15011] - Unable to create the error log file. Make sure that the error logging directory is correct.
10/20/2010 2:34:44 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer TEMPLEMINI that believes that it is the master browser for the domain on transport NetBT_Tcpip_{712CAB92-F5A4-4346-B36C-FF1BC022A2D3}. The master browser is stopping or an election is being forced.
10/20/2010 12:31:07 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7.
10/19/2010 8:32:29 PM, Error: Application Popup [1060] - \??\C:\Users\Nate\AppData\Local\Temp\OnlineScanner\Anti-Virus\f has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/19/2010 10:33:52 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/19/2010 10:33:51 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/19/2010 10:33:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/19/2010 10:33:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/19/2010 10:33:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/19/2010 10:33:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/19/2010 10:33:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx64 AvgMfx64 discache mozyFilter spldr Wanarpv6
10/18/2010 3:24:26 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
10/15/2010 3:08:44 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer PC110204927262 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{712CAB92-F5A4-4346-B36C-FF1BC022A2D3}. The master browser is stopping or an election is being forced.
10/13/2010 3:48:44 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

==== End Of File ===========================

 

[Broni]

So far I don't see anything suspicious, but let's keep checking...

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Alternative download: http://majorgeeks.com/Dr.Web_CureIT_d4783.html

• Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
• This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, select Complete scan.
• Click the green arrow
  
  at the right, and the scan will start.
• Click Yes to all if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click File and choose Save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• [color=5]Important![/color] Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
• Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

=======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

 

[tovette]

I did the DrWeb scan but the complete scan took 16 hours (4Tb hdd) and the log file I got is 370Mb, so I don't know how I'm supposed to post that...

Here is the MBRCheck log though...
-----

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc
System Product Name: XPS 630i
Logical Drives Mask: 0x000007fc

Kernel Drivers (total 214):
0x02E49000 \SystemRoot\system32\ntoskrnl.exe
0x02E00000 \SystemRoot\system32\hal.dll
0x00BA9000 \SystemRoot\system32\kdcom.dll
0x00C72000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CB6000 \SystemRoot\system32\PSHED.dll
0x00CCA000 \SystemRoot\system32\CLFS.SYS
0x00D28000 \SystemRoot\system32\CI.dll
0x00E5F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F03000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F12000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F69000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F72000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F7C000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FAF000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FBC000 \SystemRoot\System32\drivers\partmgr.sys
0x00FD1000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FE6000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00FED000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00C00000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x00C29000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01082000 \SystemRoot\System32\drivers\mountmgr.sys
0x0109C000 \SystemRoot\system32\DRIVERS\atapi.sys
0x010A5000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x010CF000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x010FA000 \SystemRoot\system32\DRIVERS\storport.sys
0x0115C000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01167000 \SystemRoot\system32\drivers\fltmgr.sys
0x011B3000 \SystemRoot\system32\drivers\fileinfo.sys
0x01232000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x013D5000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0143D000 \SystemRoot\System32\Drivers\cng.sys
0x014B0000 \SystemRoot\System32\drivers\pcw.sys
0x014C1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014CB000 \SystemRoot\system32\drivers\ndis.sys
0x01631000 \SystemRoot\system32\drivers\NETIO.SYS
0x01691000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01802000 \SystemRoot\System32\drivers\tcpip.sys
0x016BC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01706000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01716000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01762000 \SystemRoot\System32\Drivers\spldr.sys
0x0176A000 \SystemRoot\System32\drivers\rdyboost.sys
0x017A4000 \SystemRoot\System32\Drivers\mup.sys
0x017B6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x017BF000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01600000 \SystemRoot\system32\DRIVERS\disk.sys
0x01616000 \SystemRoot\System32\Drivers\avgrkx64.sys
0x01623000 \SystemRoot\System32\Drivers\AVGIDSwa.sys
0x01413000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01200000 \SystemRoot\system32\DRIVERS\mozy.sys
0x01216000 \SystemRoot\System32\Drivers\Null.SYS
0x017F9000 \SystemRoot\System32\Drivers\Beep.SYS
0x0121F000 \SystemRoot\System32\drivers\vga.sys
0x011C7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x013EF000 \SystemRoot\System32\drivers\watchdog.sys
0x011EC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x011F5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0105E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01067000 \SystemRoot\System32\Drivers\Msfs.SYS
0x00C59000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01072000 \SystemRoot\system32\DRIVERS\avgfwd6a.sys
0x03C83000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03CA1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03CAE000 \SystemRoot\System32\Drivers\avgtdia.sys
0x03CFF000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03D44000 \SystemRoot\system32\drivers\afd.sys
0x03DCE000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x03DD9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03C00000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03C26000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03C35000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03C50000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03C64000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x03C6E000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x03E0D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03E5E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03E6A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03E75000 \SystemRoot\System32\drivers\discache.sys
0x03E84000 \SystemRoot\system32\drivers\csc.sys
0x03F07000 \SystemRoot\System32\Drivers\dfsc.sys
0x03F25000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03F36000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x03F3E000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03F85000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03FAB000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0FEED000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x10B7F000
-----

 

[Broni]

and the log file I got is 370Mb

That would be tough to even upload somewhere.
Did it find anything?

MBRCheck log is incomplete. Please redo.

 

[tovette]

I'm not sure what to look for in the DrWeb log file..

Here is the MBRCheck log...

-----
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc
System Product Name: XPS 630i
Logical Drives Mask: 0x000007fc

Kernel Drivers (total 216):
0x02E5D000 \SystemRoot\system32\ntoskrnl.exe
0x02E14000 \SystemRoot\system32\hal.dll
0x00BB5000 \SystemRoot\system32\kdcom.dll
0x00C3C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C80000 \SystemRoot\system32\PSHED.dll
0x00C94000 \SystemRoot\system32\CLFS.SYS
0x00CF2000 \SystemRoot\system32\CI.dll
0x00EF2000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F96000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00FA5000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E00000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E09000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E13000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E46000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E53000 \SystemRoot\System32\drivers\partmgr.sys
0x00E68000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E7D000 \SystemRoot\System32\drivers\volmgrx.sys
0x00ED9000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00EE0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00DB2000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x00C00000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x00DDB000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DF5000 \SystemRoot\system32\DRIVERS\atapi.sys
0x010A7000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x010D1000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x010FC000 \SystemRoot\system32\DRIVERS\storport.sys
0x0115E000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01169000 \SystemRoot\system32\drivers\fltmgr.sys
0x011B5000 \SystemRoot\system32\drivers\fileinfo.sys
0x01231000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x013D4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014C8000 \SystemRoot\System32\Drivers\cng.sys
0x0153B000 \SystemRoot\System32\drivers\pcw.sys
0x0154C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016C5000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x01556000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0168B000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x015A0000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0169B000 \SystemRoot\System32\Drivers\spldr.sys
0x017B7000 \SystemRoot\System32\drivers\rdyboost.sys
0x016A3000 \SystemRoot\System32\Drivers\mup.sys
0x016B5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01400000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0143A000 \SystemRoot\system32\DRIVERS\disk.sys
0x017F1000 \SystemRoot\System32\Drivers\avgrkx64.sys
0x01450000 \SystemRoot\System32\Drivers\AVGIDSwa.sys
0x01200000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x014B0000 \SystemRoot\system32\DRIVERS\mozy.sys
0x015EC000 \SystemRoot\System32\Drivers\Null.SYS
0x016BE000 \SystemRoot\System32\Drivers\Beep.SYS
0x013EE000 \SystemRoot\System32\drivers\vga.sys
0x0105E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01083000 \SystemRoot\System32\drivers\watchdog.sys
0x015F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01093000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0109C000 \SystemRoot\system32\drivers\rdprefmp.sys
0x011C9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x011D4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x011E5000 \SystemRoot\system32\DRIVERS\avgfwd6a.sys
0x03C2C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03C4A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03C57000 \SystemRoot\System32\Drivers\avgtdia.sys
0x03CA8000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03CED000 \SystemRoot\system32\drivers\afd.sys
0x03D77000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x03D82000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03D8B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03DB1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03DC0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03DDB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03DEF000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x03C00000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x03E2D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03E7E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03E8A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03E95000 \SystemRoot\System32\drivers\discache.sys
0x03EA4000 \SystemRoot\system32\drivers\csc.sys
0x03F27000 \SystemRoot\System32\Drivers\dfsc.sys
0x03F45000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03F56000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x03F5E000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03FA5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03FCB000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0481B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x053EC000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x0424C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04340000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04386000 \SystemRoot\system32\DRIVERS\fdc.sys
0x04393000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0439E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04200000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04211000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x044DE000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x0451C000 \SystemRoot\system32\DRIVERS\RT2500.sys
0x04557000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0457B000 \SystemRoot\system32\DRIVERS\nvm62x64.sys
0x045DF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x045EF000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x04400000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04419000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04422000 \SystemRoot\system32\DRIVERS\WacomVKHid.sys
0x04424000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0443A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0445E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0446A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04499000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x044B4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0421E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x045F2000 \SystemRoot\system32\DRIVERS\tap0901.sys
0x04238000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x053EE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04800000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x044D5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05835000 \SystemRoot\system32\DRIVERS\ks.sys
0x05878000 \SystemRoot\system32\drivers\LGBusEnum.sys
0x0587C000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0588E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x058E8000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x058F5000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x058FD000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0590B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0592D000 \SystemRoot\system32\drivers\HdAudio.sys
0x05989000 \SystemRoot\system32\drivers\portcls.sys
0x059C6000 \SystemRoot\system32\drivers\drmk.sys
0x059E8000 \SystemRoot\system32\drivers\ksthunk.sys
0x00070000 \SystemRoot\System32\win32k.sys
0x059EE000 \SystemRoot\System32\drivers\Dxapi.sys
0x05800000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005F0000 \SystemRoot\System32\TSDDD.dll
0x0145A000 \SystemRoot\system32\DRIVERS\udfs.sys
0x00760000 \SystemRoot\System32\ATMFD.DLL
0x008D0000 \SystemRoot\System32\cdd.dll
0x0580E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0581C000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x03E00000 \SystemRoot\System32\Drivers\dump_nvstor.sys
0x03FE1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05826000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05920000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x06080000 \SystemRoot\system32\drivers\luafv.sys
0x060A3000 \SystemRoot\system32\drivers\WudfPf.sys
0x060C4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x060E1000 \SystemRoot\system32\drivers\LVUSBS64.sys
0x060EC000 \SystemRoot\system32\drivers\usbaudio.sys
0x06107000 \SystemRoot\System32\Drivers\usbaapl64.sys
0x06118000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x06133000 \SystemRoot\system32\DRIVERS\wacmoumonitor.sys
0x0613C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0616D000 \SystemRoot\System32\Drivers\LGPBTDD.sys
0x06178000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x06189000 \SystemRoot\system32\DRIVERS\WinUsb.sys
0x0619A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06000000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x06053000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x06066000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x061AF000 \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys
0x061BB000 \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys
0x06CF8000 \SystemRoot\system32\drivers\HTTP.sys
0x06DC0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06DDE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06C00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06C2D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06C7B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06C9E000 \??\C:\Windows\system32\drivers\cpuz133_x64.sys
0x074C6000 \SystemRoot\system32\drivers\peauth.sys
0x0756C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07577000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x075A4000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07400000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07AB2000 \SystemRoot\System32\DRIVERS\srv.sys
0x07B48000 \SystemRoot\System32\Drivers\fastfat.SYS
0x07B7E000 \SystemRoot\system32\drivers\spsys.sys
0x07BEF000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x778F0000 \Windows\System32\ntdll.dll
0x47960000 \Windows\System32\smss.exe
0xFFC10000 \Windows\System32\apisetschema.dll
0xFF740000 \Windows\System32\autochk.exe
0xFFAD0000 \Windows\System32\wininet.dll
0xFF8C0000 \Windows\System32\ole32.dll
0xFF660000 \Windows\System32\iertutil.dll
0xFF5F0000 \Windows\System32\gdi32.dll
0xFF5D0000 \Windows\System32\imagehlp.dll
0xFF5C0000 \Windows\System32\nsi.dll
0xFF540000 \Windows\System32\shlwapi.dll
0x77AC0000 \Windows\System32\psapi.dll
0xFF3C0000 \Windows\System32\urlmon.dll
0x77AB0000 \Windows\System32\normaliz.dll
0xFF1E0000 \Windows\System32\setupapi.dll
0xFF190000 \Windows\System32\ws2_32.dll
0xFF160000 \Windows\System32\imm32.dll
0x777D0000 \Windows\System32\kernel32.dll
0xFF150000 \Windows\System32\lpk.dll
0xFF130000 \Windows\System32\sechost.dll
0xFF0E0000 \Windows\System32\Wldap32.dll
0xFF040000 \Windows\System32\msvcrt.dll
0x776D0000 \Windows\System32\user32.dll
0xFEF70000 \Windows\System32\usp10.dll
0xFEE60000 \Windows\System32\msctf.dll
0xFED80000 \Windows\System32\advapi32.dll
0xFECA0000 \Windows\System32\oleaut32.dll
0xFEB70000 \Windows\System32\rpcrt4.dll
0xFEAD0000 \Windows\System32\comdlg32.dll
0xFEA30000 \Windows\System32\clbcatq.dll
0xFDCA0000 \Windows\System32\shell32.dll
0xFDC20000 \Windows\System32\difxapi.dll
0xFDAB0000 \Windows\System32\crypt32.dll
0xFDA70000 \Windows\System32\wintrust.dll
0xFDA50000 \Windows\System32\devobj.dll
0xFDA10000 \Windows\System32\cfgmgr32.dll
0xFD9A0000 \Windows\System32\KernelBase.dll
0xFD900000 \Windows\System32\comctl32.dll
0xFD8F0000 \Windows\System32\msasn1.dll
0x77AA0000 \Windows\SysWOW64\normaliz.dll

Processes (total 112):
0 System Idle Process
4 System
280 C:\Windows\System32\smss.exe
364 csrss.exe
432 C:\Windows\System32\wininit.exe
448 csrss.exe
456 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
464 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
544 C:\Windows\System32\services.exe
556 C:\Windows\System32\lsass.exe
564 C:\Windows\System32\lsm.exe
616 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
816 C:\Windows\System32\winlogon.exe
968 C:\Windows\System32\svchost.exe
240 C:\Windows\System32\nvvsvc.exe
376 C:\Windows\System32\svchost.exe
804 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\audiodg.exe
1248 C:\Windows\System32\svchost.exe
1532 C:\Windows\System32\nvvsvc.exe
1540 C:\Windows\System32\wisptis.exe
1628 WUDFHost.exe
1676 WUDFHost.exe
1724 WUDFHost.exe
1764 C:\Windows\System32\svchost.exe
1920 C:\Windows\System32\spoolsv.exe
1952 C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
1344 C:\Windows\System32\svchost.exe
1564 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
2008 C:\Users\Nate\AppData\Local\Temp\AMPing.exe
2088 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2112 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
2168 C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
2196 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2256 E:\Program Files\MozyHome\mozybackup.exe
2324 C:\Windows\SysWOW64\PnkBstrA.exe
2344 C:\Windows\SysWOW64\PnkBstrB.exe
2376 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2456 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2480 E:\Program Files\MozyHome\mozybackup.exe
2664 C:\Windows\System32\svchost.exe
2688 C:\Windows\System32\Pen_Tablet.exe
2744 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3032 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
3092 C:\Program Files (x86)\AVG\AVG9\avgam.exe
3112 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
3308 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
3536 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3824 C:\Windows\System32\SearchIndexer.exe
3936 C:\Windows\System32\taskhost.exe
4020 E:\Program Files\MozyHome\mozybackup.exe
3632 WUDFHost.exe
3640 C:\Windows\System32\wisptis.exe
3744 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
3768 C:\Windows\System32\svchost.exe
4100 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
4116 C:\Windows\System32\taskeng.exe
4148 C:\Windows\System32\dwm.exe
4312 C:\Windows\System32\rundll32.exe
4560 C:\Windows\System32\WTablet\Pen_TabletUser.exe
4688 C:\Windows\System32\Pen_Tablet.exe
4304 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
4912 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
4920 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
4928 C:\Program Files\Windows Sidebar\sidebar.exe
5080 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
5104 E:\Program Files\MozyHome\mozystat.exe
4132 C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe
4628 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4636 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
4660 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
4764 C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
4888 C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
3060 C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
2012 C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
1380 C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
1460 C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
1048 C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe
1100 C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
5232 C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
4712 C:\Windows\System32\conhost.exe
5740 C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
5996 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
1488 C:\Program Files\iPod\bin\iPodService.exe
5392 C:\Windows\System32\svchost.exe
5676 C:\Program Files (x86)\iTunes\iTunes.exe
5796 C:\Program Files\Windows Media Player\wmpnetwk.exe
6204 C:\Windows\System32\svchost.exe
6352 taskhost.exe
6848 WmiPrvSE.exe
6444 C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
1716 dllhost.exe
5692 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
6976 C:\Windows\System32\conhost.exe
4512 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
2728 C:\Windows\System32\conhost.exe
6988 C:\Windows\servicing\TrustedInstaller.exe
5616 C:\Windows\System32\sppsvc.exe
4268 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
6944 C:\Windows\System32\svchost.exe
5804 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1124 C:\Windows\System32\wbem\WMIADAP.exe
5472 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
196 C:\Users\Nate\Desktop\MBRCheck.exe
3244 C:\Windows\System32\conhost.exe
3252 C:\Windows\System32\SearchProtocolHost.exe
7036 C:\Windows\System32\SearchFilterHost.exe
4288 C:\Windows\explorer.exe
4208 C:\Windows\System32\dllhost.exe
2816 C:\Windows\System32\SearchProtocolHost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000 (NTFS)
\\.\K: --> \\.\PhysicalDrive7 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDC WD6400AAKS-75A7B, Rev: 01.0
PhysicalDrive1 Model Number: WDC WD10EACS-00D6B0, Rev: 01.0
PhysicalDrive2 Model Number: WDC WD5000AACS-00ZUB, Rev: 01.0
PhysicalDrive7 Model Number: WDC WD10EACS-00D6B0, Rev:

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 RE: Unknown MBR code
SHA1: D4B3B62F609601336788D00CE203BC3CFEAFD2B6
931 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: D4B3B62F609601336788D00CE203BC3CFEAFD2B6
465 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: D4B3B62F609601336788D00CE203BC3CFEAFD2B6
931 GB \\.\PhysicalDrive7 RE: Unknown MBR code
SHA1: D4B3B62F609601336788D00CE203BC3CFEAFD2B6


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

 

[Broni]

You may try to upload DrWeb file to one of these places:
http://www.filesavr.com/
http://www.filedropper.com/
It'll take a while, so leave it overnight.
Post download link for me.

Your MBR seems to be infected.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

• Place a blank CD in your CD drive.
• Double click on NTBR_CD.exe file and a folder of the same name will appear.
• Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
• Follow the prompts to burn the CD.

• Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
• If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

• Insert the newly created CD into your infected PC and reboot your computer.
• Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
• Read the warning and then continue as prompted.
• You first need to select your keyboard layout - press Enter for English.
• Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
• On the following screen enter 5 to select Install Standard MBR code.
• Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
• When asked to confirm please do so.
• Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
• Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

 

[tovette]

Will a blank DVD work instead a CD?

 

[Broni]

I'm not sure.
All you can do is to try.

 

[tovette]

Still working on the DrWeb log upload.
Here's the new MBRCheck log
---

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc
System Product Name: XPS 630i
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 214):
0x03009000 \SystemRoot\system32\ntoskrnl.exe
0x035E5000 \SystemRoot\system32\hal.dll
0x00BC5000 \SystemRoot\system32\kdcom.dll
0x00C0A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C4E000 \SystemRoot\system32\PSHED.dll
0x00C62000 \SystemRoot\system32\CLFS.SYS
0x00CC0000 \SystemRoot\system32\CI.dll
0x00E1D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EC1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00ED0000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F27000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F30000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F3A000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F6D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F7A000 \SystemRoot\System32\drivers\partmgr.sys
0x00F8F000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00FA4000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E07000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00D80000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x00DA9000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x00DD9000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DF3000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01033000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0105D000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x01088000 \SystemRoot\system32\DRIVERS\storport.sys
0x010EA000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010F5000 \SystemRoot\system32\drivers\fltmgr.sys
0x01141000 \SystemRoot\system32\drivers\fileinfo.sys
0x0125C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01155000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01485000 \SystemRoot\System32\Drivers\cng.sys
0x014F8000 \SystemRoot\System32\drivers\pcw.sys
0x01509000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0168D000 \SystemRoot\system32\drivers\ndis.sys
0x0177F000 \SystemRoot\system32\drivers\NETIO.SYS
0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01801000 \SystemRoot\System32\drivers\tcpip.sys
0x0162B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01675000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01513000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01685000 \SystemRoot\System32\Drivers\spldr.sys
0x0155F000 \SystemRoot\System32\drivers\rdyboost.sys
0x017DF000 \SystemRoot\System32\Drivers\mup.sys
0x017F1000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01599000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x015D3000 \SystemRoot\system32\DRIVERS\disk.sys
0x015E9000 \SystemRoot\System32\Drivers\avgrkx64.sys
0x015F6000 \SystemRoot\System32\Drivers\AVGIDSwa.sys
0x01456000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0121A000 \SystemRoot\system32\DRIVERS\mozy.sys
0x01230000 \SystemRoot\System32\Drivers\Null.SYS
0x01239000 \SystemRoot\System32\Drivers\Beep.SYS
0x01240000 \SystemRoot\System32\drivers\vga.sys
0x011B3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x011D8000 \SystemRoot\System32\drivers\watchdog.sys
0x0124E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x011E8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x011F1000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01000000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0100B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0101C000 \SystemRoot\system32\DRIVERS\avgfwd6a.sys
0x03C3E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03C5C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03C69000 \SystemRoot\System32\Drivers\avgtdia.sys
0x03CBA000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03CFF000 \SystemRoot\system32\drivers\afd.sys
0x03D89000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x03D94000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03D9D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03DC3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03DD2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03C00000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03C14000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x03C1E000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x03E6D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03EBE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03ECA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03ED5000 \SystemRoot\System32\drivers\discache.sys
0x03EE4000 \SystemRoot\system32\drivers\csc.sys
0x03F67000 \SystemRoot\System32\Drivers\dfsc.sys
0x03F85000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03F96000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x03F9E000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03E00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03E26000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0482E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x04800000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x0406C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04160000 \SystemRoot\System32\drivers\dxgmms1.sys
0x041A6000 \SystemRoot\system32\DRIVERS\fdc.sys
0x041B3000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x04000000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04056000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x041BE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0423F000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x0427D000 \SystemRoot\system32\DRIVERS\RT2500.sys
0x042B8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x042DC000 \SystemRoot\system32\DRIVERS\nvm62x64.sys
0x04340000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04350000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x04353000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0436C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04375000 \SystemRoot\system32\DRIVERS\WacomVKHid.sys
0x04377000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0438D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x043B1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x043BD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04200000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0421B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x041CB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x043EC000 \SystemRoot\system32\DRIVERS\tap0901.sys
0x041E5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x041F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04802000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x043F9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x056B9000 \SystemRoot\system32\DRIVERS\ks.sys
0x056FC000 \SystemRoot\system32\drivers\LGBusEnum.sys
0x05700000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05712000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0576C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05779000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x05781000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0578F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05AFE000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05D5A000 \SystemRoot\system32\drivers\portcls.sys
0x05D97000 \SystemRoot\system32\drivers\drmk.sys
0x05DB9000 \SystemRoot\system32\drivers\ksthunk.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x05DBF000 \SystemRoot\System32\drivers\Dxapi.sys
0x05DCB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00560000 \SystemRoot\System32\TSDDD.dll
0x05DD9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05DE7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x00640000 \SystemRoot\System32\cdd.dll
0x00890000 \SystemRoot\System32\ATMFD.DLL
0x05A00000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05A1D000 \SystemRoot\system32\drivers\LVUSBS64.sys
0x05A28000 \SystemRoot\system32\drivers\usbaudio.sys
0x05A43000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05A5E000 \SystemRoot\system32\drivers\luafv.sys
0x05A81000 \SystemRoot\system32\drivers\WudfPf.sys
0x05AA2000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x05ABF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05ACD000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x057B1000 \SystemRoot\System32\Drivers\dump_nvstor.sys
0x05AD7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05600000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x05DE9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05631000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05AEA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05684000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0569C000 \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys
0x03E3C000 \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys
0x06C88000 \SystemRoot\system32\drivers\HTTP.sys
0x06D50000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06D6E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06D86000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06C00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06C4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06C71000 \??\C:\Windows\system32\drivers\cpuz133_x64.sys
0x07423000 \SystemRoot\system32\drivers\peauth.sys
0x074C9000 \SystemRoot\System32\Drivers\secdrv.SYS
0x074D4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07501000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07513000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07835000 \SystemRoot\System32\DRIVERS\srv.sys
0x078CB000 \SystemRoot\system32\DRIVERS\wacmoumonitor.sys
0x078D4000 \SystemRoot\System32\Drivers\LGPBTDD.sys
0x078DF000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x078F0000 \SystemRoot\System32\Drivers\usbaapl64.sys
0x07901000 \SystemRoot\system32\DRIVERS\WinUsb.sys
0x07912000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77680000 \Windows\System32\ntdll.dll
0x47BB0000 \Windows\System32\smss.exe
0xFF9A0000 \Windows\System32\apisetschema.dll
0xFF260000 \Windows\System32\autochk.exe
0xFF860000 \Windows\System32\rpcrt4.dll
0x77560000 \Windows\System32\kernel32.dll
0x77460000 \Windows\System32\user32.dll
0xFF7C0000 \Windows\System32\msvcrt.dll
0xFF720000 \Windows\System32\comdlg32.dll
0xFF610000 \Windows\System32\msctf.dll
0xFF590000 \Windows\System32\difxapi.dll
0xFF580000 \Windows\System32\lpk.dll
0x77850000 \Windows\System32\psapi.dll
0xFE7F0000 \Windows\System32\shell32.dll
0xFE7D0000 \Windows\System32\imagehlp.dll
0xFE730000 \Windows\System32\clbcatq.dll
0xFE600000 \Windows\System32\wininet.dll
0xFE420000 \Windows\System32\setupapi.dll
0x77840000 \Windows\System32\normaliz.dll
0xFE3D0000 \Windows\System32\ws2_32.dll
0xFE300000 \Windows\System32\usp10.dll
0xFE2E0000 \Windows\System32\sechost.dll
0xFE200000 \Windows\System32\oleaut32.dll
0xFE1F0000 \Windows\System32\nsi.dll
0xFDF90000 \Windows\System32\iertutil.dll
0xFDEB0000 \Windows\System32\advapi32.dll
0xFDE40000 \Windows\System32\gdi32.dll
0xFDDC0000 \Windows\System32\shlwapi.dll
0xFDD70000 \Windows\System32\Wldap32.dll
0xFDB60000 \Windows\System32\ole32.dll
0xFDB30000 \Windows\System32\imm32.dll
0xFD9B0000 \Windows\System32\urlmon.dll
0xFD990000 \Windows\System32\devobj.dll
0xFD8F0000 \Windows\System32\comctl32.dll
0xFD8B0000 \Windows\System32\wintrust.dll
0xFD740000 \Windows\System32\crypt32.dll
0xFD700000 \Windows\System32\cfgmgr32.dll
0xFD690000 \Windows\System32\KernelBase.dll
0xFD680000 \Windows\System32\msasn1.dll
0x75A10000 \Windows\SysWOW64\normaliz.dll

Processes (total 107):
0 System Idle Process
4 System
280 C:\Windows\System32\smss.exe
404 csrss.exe
464 C:\Windows\System32\wininit.exe
476 csrss.exe
484 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
492 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
556 C:\Windows\System32\services.exe
572 C:\Windows\System32\lsass.exe
580 C:\Windows\System32\lsm.exe
672 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
720 C:\Windows\System32\winlogon.exe
1004 C:\Windows\System32\svchost.exe
328 C:\Windows\System32\nvvsvc.exe
316 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\audiodg.exe
1284 C:\Windows\System32\svchost.exe
1396 C:\Windows\System32\wisptis.exe
1420 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1548 WUDFHost.exe
1596 C:\Windows\System32\nvvsvc.exe
1688 WUDFHost.exe
1752 C:\Windows\System32\svchost.exe
1876 C:\Windows\System32\spoolsv.exe
1904 C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
2044 C:\Windows\System32\svchost.exe
1520 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1948 C:\Users\Nate\AppData\Local\Temp\AMPing.exe
1116 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2028 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
2092 C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
2116 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2196 E:\Program Files\MozyHome\mozybackup.exe
2356 C:\Windows\SysWOW64\PnkBstrA.exe
2384 C:\Windows\SysWOW64\PnkBstrB.exe
2456 E:\Program Files\MozyHome\mozybackup.exe
2496 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2564 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2604 C:\Windows\System32\svchost.exe
2636 C:\Windows\System32\Pen_Tablet.exe
2688 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2992 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
3028 C:\Program Files (x86)\AVG\AVG9\avgam.exe
3056 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
3304 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
3516 C:\Windows\System32\SearchIndexer.exe
3736 C:\Windows\System32\svchost.exe
3784 WUDFHost.exe
3212 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3932 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
3952 WUDFHost.exe
4296 E:\Program Files\MozyHome\mozybackup.exe
4344 C:\Windows\System32\taskeng.exe
4368 C:\Windows\System32\wisptis.exe
4376 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
4388 C:\Windows\System32\dwm.exe
4396 C:\Windows\System32\taskhost.exe
4548 C:\Windows\explorer.exe
4596 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
4860 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
4868 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
4876 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
4884 C:\Program Files\Windows Sidebar\sidebar.exe
4908 C:\Windows\System32\WTablet\Pen_TabletUser.exe
4984 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
5068 E:\Program Files\MozyHome\mozystat.exe
5088 C:\Program Files (x86)\iTunes\iTunesHelper.exe
5096 C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe
4120 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
4128 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
4108 C:\Windows\System32\Pen_Tablet.exe
4260 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
3172 C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
2336 C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
4812 C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
4200 C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
5036 C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
5064 C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
3228 C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe
5016 C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
5568 C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
5680 C:\Windows\System32\conhost.exe
5804 C:\Program Files\iPod\bin\iPodService.exe
6020 C:\Program Files (x86)\iTunes\iTunes.exe
3836 C:\Program Files\Windows Media Player\wmpnetwk.exe
6044 C:\Windows\System32\svchost.exe
3020 C:\Windows\System32\svchost.exe
5852 WmiPrvSE.exe
6504 C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
6824 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
6964 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
7004 C:\Windows\System32\conhost.exe
6768 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
6788 C:\Windows\System32\conhost.exe
6572 taskhost.exe
192 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
6612 C:\Windows\System32\conhost.exe
6700 dllhost.exe
3704 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5528 C:\Users\Nate\Desktop\MBRCheck.exe
5836 C:\Windows\System32\conhost.exe
3684 C:\Windows\System32\dllhost.exe
1172 C:\Windows\System32\sppsvc.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: WDC WD6400AAKS-75A7B, Rev: 01.0
PhysicalDrive1 Model Number: WDC WD10EACS-00D6B0, Rev: 01.0
PhysicalDrive2 Model Number: WDC WD5000AACS-00ZUB, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 RE: Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
931 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: D4B3B62F609601336788D00CE203BC3CFEAFD2B6
465 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: D4B3B62F609601336788D00CE203BC3CFEAFD2B6


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

 

[Broni]

It looks good now

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[tovette]

Here is the OTL.txt log
---

OTL logfile created on: 10/21/2010 10:29:27 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\Nate\Documents\Saves
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 67.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.12 Gb Total Space | 432.63 Gb Free Space | 72.58% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 475.72 Gb Free Space | 51.07% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 139.68 Gb Free Space | 29.99% Space Free | Partition Type: NTFS
Drive F: | 4.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NATE-PC | User Name: Nate | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/21 22:28:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nate\My Documents\Saves\OTL.exe
PRC - [2010/10/20 00:26:37 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/20 00:26:37 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/29 09:36:21 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/09/24 02:10:48 | 009,777,448 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunes.exe
PRC - [2010/09/20 09:13:35 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
PRC - [2010/09/10 23:04:54 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/08/31 21:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/08/13 13:08:46 | 000,033,056 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/10 00:00:42 | 000,013,088 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
PRC - [2010/08/04 20:13:47 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/07/20 09:45:50 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/07/06 12:30:48 | 000,240,480 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
PRC - [2010/06/26 20:20:43 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010/06/26 20:20:37 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/06/26 01:50:47 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/06/26 01:50:47 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/26 01:50:46 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgam.exe
PRC - [2010/06/26 01:50:46 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/26 01:50:22 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2009/08/13 17:38:46 | 000,854,536 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
PRC - [2009/08/13 17:38:04 | 000,850,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
PRC - [2009/08/13 17:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2008/04/14 12:13:34 | 001,017,328 | ---- | M] (Karen Kenworthy) -- C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe


========== Modules (SafeList) ==========

MOD - [2010/10/21 22:28:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nate\My Documents\Saves\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/08/04 20:14:16 | 000,040,960 | ---- | M] () -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/04 20:13:49 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp71.dll
MOD - [2010/08/04 20:13:49 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrB.exe -- (PnkBstrB)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010/06/29 10:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/05/01 15:37:30 | 004,510,504 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2010/09/20 09:13:35 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/09/10 23:04:54 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/20 09:45:50 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/09 12:51:00 | 000,028,480 | R--- | M] (Automated Programming Technologies, Inc.) [Auto | Running] -- C:\Users\Nate\AppData\Local\Temp\AMPing.exe -- (AMPingService)
SRV - [2010/06/26 20:20:43 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/06/26 20:20:37 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/06/26 01:50:47 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/06/26 01:50:46 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/30 16:26:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/19 10:25:46 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/11 16:47:44 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/12 17:15:50 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/26 01:50:49 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSwa.sys -- (AVGIDSErHrw7a)
DRV:64bit: - [2010/06/26 01:50:47 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/06/26 01:50:47 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/06/26 01:50:47 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/05/31 06:08:36 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/05/05 15:56:36 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozy.sys -- (mozyFilter)
DRV:64bit: - [2010/05/01 09:38:54 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2010/04/30 17:27:16 | 000,029,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/30 23:35:04 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2010/02/17 11:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 11:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/24 22:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009/07/14 15:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 11:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/01/15 12:11:40 | 000,015,272 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2007/05/11 17:31:02 | 003,612,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) QuickCam Orbit/Sphere MP(UVC)
DRV:64bit: - [2007/05/11 17:30:50 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/05/11 17:29:08 | 001,361,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2007/02/16 11:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/02/15 16:11:26 | 000,012,976 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV:64bit: - [2006/06/01 22:39:08 | 000,215,552 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RT2500.sys -- (RT2500)
DRV - [2010/06/26 01:50:47 | 000,132,688 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys -- (AVGIDSDriverw7a)
DRV - [2010/06/26 01:50:47 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys -- (AVGIDSFilterw7a)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 1B 98 67 08 44 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=VUZTDF&PC=VUZE&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.003
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/09/20 09:14:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/08 00:15:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/04 20:14:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/10/21 20:07:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/21 21:31:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/20 00:26:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/20 20:30:03 | 000,000,000 | ---D | M]

[2010/04/30 15:40:12 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Mozilla\Extensions
[2010/08/13 18:51:49 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\16ulwfx2.default\extensions
[2010/06/04 18:11:23 | 000,001,832 | ---- | M] () -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\16ulwfx2.default\searchplugins\bing.xml
[2010/10/21 20:37:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Karen's Replicator.lnk = C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe (Karen Kenworthy)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrssta.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: VIDC.CFHD - C:\Windows\SysWow64\cfhd.dll (CineForm Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/10/21 21:06:40 | 000,000,000 | ---D | C] -- C:\Users\Nate\Desktop\NTBR_CD
[2010/10/21 20:49:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/10/21 20:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/10/21 20:49:32 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2010/10/21 20:49:32 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/10/21 20:49:32 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/10/21 20:49:32 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/10/21 20:49:31 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010/10/21 20:49:31 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/10/21 20:49:31 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/10/21 20:49:31 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2010/10/21 20:49:31 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010/10/21 20:49:31 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/10/21 20:49:31 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010/10/21 20:49:31 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2010/10/21 20:49:31 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2010/10/21 20:49:31 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010/10/21 20:49:31 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2010/10/21 20:49:30 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2010/10/21 20:49:30 | 001,756,160 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2010/10/21 20:49:30 | 000,334,848 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2010/10/21 20:49:30 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2010/10/21 20:49:30 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/10/21 20:49:29 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2010/10/21 20:49:29 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2010/10/21 20:49:29 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2010/10/21 20:49:29 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2010/10/21 20:49:29 | 000,489,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2010/10/21 20:49:29 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2010/10/21 20:49:29 | 000,338,336 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/10/21 20:49:29 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2010/10/21 20:49:29 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2010/10/21 20:49:29 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2010/10/21 20:49:29 | 000,124,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2010/10/21 20:49:29 | 000,124,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2010/10/21 20:49:29 | 000,123,104 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2010/10/21 20:49:29 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/10/21 20:49:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/10/21 20:49:26 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010/10/21 20:46:50 | 000,000,000 | ---D | C] -- C:\swsetup
[2010/10/21 20:22:00 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/10/21 20:22:00 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/10/21 20:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2010/10/21 20:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010/10/21 20:07:13 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Local\PC_Drivers_Headquarters
[2010/10/21 20:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2010/10/21 20:07:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar Installer
[2010/10/21 20:06:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
[2010/10/20 21:44:29 | 000,000,000 | ---D | C] -- C:\Users\Nate\DoctorWeb
[2010/10/20 20:18:10 | 000,000,000 | ---D | C] -- C:\PROGRAM FILES (X86) (X86)
[2010/10/20 19:57:14 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Nate\Desktop\TFC.exe
[2010/10/19 23:42:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/10/19 22:52:05 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/19 22:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/19 22:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/10/19 22:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/19 20:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010/10/13 00:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartFTP Client 4.0 (x64) Setup Files
[2010/10/02 09:11:11 | 000,000,000 | ---D | C] -- C:\Users\Nate\Desktop\FLip Vidoes
[2010/09/29 19:51:24 | 000,000,000 | ---D | C] -- C:\Users\Nate\Documents\Adobe
[2010/09/25 10:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/25 10:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/25 10:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/22 17:44:53 | 000,000,000 | ---D | C] -- C:\Users\Nate\Documents\DS9
[2010/09/05 01:29:36 | 000,000,000 | ---D | C] -- C:\Users\Nate\Star Trek Online
[2010/09/04 20:43:51 | 000,000,000 | ---D | C] -- C:\Star Trek Cryptic Trial ST.5.20100715a.6
[2010/09/03 01:03:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/09/01 22:03:51 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Local\aychjqgws
[2010/08/28 18:13:17 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\BCC01313A67C1778B376CD24543B0111
[2010/08/28 18:12:47 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Local\Windows Server
[2010/08/26 22:33:07 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Local\TechSmith
[2010/08/26 22:29:40 | 000,000,000 | ---D | C] -- C:\Users\Nate\Documents\Camtasia Studio
[2010/08/26 22:29:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2010/08/26 22:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2010/08/26 22:29:14 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/08/26 22:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2010/08/26 18:21:07 | 000,000,000 | ---D | C] -- C:\Users\Nate\Documents\Any Video Converter
[2010/08/26 18:20:57 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\AnvSoft
[2010/08/26 18:20:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
[2010/08/26 03:02:10 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Local\WMTools Downloaded Files
[2010/08/26 02:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker 2.6
[2010/08/25 19:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/08/25 12:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/08/21 22:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/08/13 09:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/08/13 09:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze_Remote
[2010/08/10 00:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HMA! Pro VPN
[2010/08/06 01:24:35 | 000,000,000 | ---D | C] -- C:\Users\Nate\Documents\StarCraft II
[2010/08/04 20:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010/08/04 20:13:49 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/08/04 20:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2010/08/04 20:13:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010/08/04 20:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/08/04 20:13:42 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\Real
[2010/07/28 22:39:34 | 000,000,000 | ---D | C] -- C:\Users\Nate\Documents\Snapshots
[2010/07/27 00:29:13 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\SmartDraw

========== Files - Modified Within 90 Days ==========

[2010/10/21 21:41:38 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/21 21:41:38 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/21 21:40:13 | 000,752,654 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/21 21:40:13 | 000,641,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/21 21:40:13 | 000,114,000 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/21 21:34:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/21 21:33:55 | 534,880,255 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/21 21:03:13 | 002,565,432 | ---- | M] () -- C:\Users\Nate\Desktop\NTBR_CD.exe
[2010/10/21 20:06:44 | 000,002,484 | ---- | M] () -- C:\Users\Public\Desktop\Driver Detective.lnk
[2010/10/21 19:47:48 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/21 19:46:37 | 000,080,384 | ---- | M] () -- C:\Users\Nate\Desktop\MBRCheck.exe
[2010/10/21 19:17:17 | 066,656,011 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/10/20 20:30:03 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/20 20:08:11 | 000,544,768 | ---- | M] () -- C:\Users\Nate\Desktop\dds.scr
[2010/10/20 19:57:15 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Nate\Desktop\TFC.exe
[2010/10/20 19:50:31 | 000,625,352 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavifw.avm
[2010/10/20 00:41:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/10/17 22:28:33 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/13 09:18:32 | 000,004,046 | ---- | M] () -- C:\Windows\mozy.blk
[2010/10/13 09:18:32 | 000,000,862 | ---- | M] () -- C:\Windows\mozy.flt
[2010/10/13 03:17:52 | 002,215,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/13 00:37:32 | 000,002,659 | ---- | M] () -- C:\Users\Public\Desktop\SmartFTP Client.lnk
[2010/09/29 20:17:25 | 000,000,156 | ---- | M] () -- C:\Windows\Twunk001.MTX
[2010/09/29 20:17:25 | 000,000,003 | ---- | M] () -- C:\Windows\Twain001.Mtx
[2010/09/18 12:44:44 | 000,001,855 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/10 23:46:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/09/10 23:46:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/09/10 23:46:00 | 000,007,877 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010/09/05 01:34:18 | 000,000,885 | ---- | M] () -- C:\Users\Nate\Desktop\Star Trek Online.lnk
[2010/09/04 16:51:01 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/08/29 02:19:21 | 004,145,013 | ---- | M] () -- C:\Users\Nate\Documents\27092.gif
[2010/08/28 20:26:23 | 000,001,663 | ---- | M] () -- C:\Users\Nate\Desktop\Video Converter.lnk
[2010/08/26 22:42:10 | 000,003,584 | ---- | M] () -- C:\Users\Nate\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/26 22:29:29 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010/08/26 22:22:07 | 000,000,034 | ---- | M] () -- C:\Users\Nate\Documents\tut_test.mov.sfl
[2010/08/26 22:22:06 | 396,354,971 | ---- | M] () -- C:\Users\Nate\Documents\tut_test.mov
[2010/08/26 20:54:00 | 000,000,038 | ---- | M] () -- C:\Users\Nate\Documents\tutorial_test.mov.sfl
[2010/08/26 20:53:59 | 288,625,185 | ---- | M] () -- C:\Users\Nate\Documents\tutorial_test.mov
[2010/08/25 17:43:23 | 000,038,153 | ---- | M] () -- C:\Users\Nate\Documents\atomicbomb.gif
[2010/08/25 17:37:15 | 000,063,581 | ---- | M] () -- C:\Users\Nate\Documents\limo.gif
[2010/08/25 17:37:04 | 000,071,839 | ---- | M] () -- C:\Users\Nate\Documents\item.gif
[2010/08/20 15:23:10 | 000,338,336 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/08/17 22:31:30 | 021,737,903 | ---- | M] () -- C:\Users\Nate\Documents\VulcanCollapse.mov
[2010/08/17 22:16:07 | 055,560,507 | ---- | M] () -- C:\Users\Nate\Documents\BFighter7.mov
[2010/08/13 09:57:32 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/08/13 09:57:32 | 000,001,858 | ---- | M] () -- C:\Users\Nate\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/12 00:05:30 | 002,877,440 | ---- | M] () -- C:\Users\Nate\Documents\vlc-1.1.2-win32.exe
[2010/08/10 00:24:20 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\HMA! Pro VPN.lnk
[2010/08/06 01:37:48 | 000,000,718 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/08/04 20:13:49 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/07/29 01:23:45 | 019,473,201 | ---- | M] () -- C:\Users\Nate\Documents\vlc-1.1.1-win32.exe
[2010/07/24 20:03:37 | 000,129,947 | ---- | M] () -- C:\Users\Nate\Documents\R9_Julmaar_WIP02.jpg
[2010/07/24 14:48:36 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2010/07/24 14:48:36 | 000,000,814 | ---- | M] () -- C:\Users\Nate\Desktop\TeraCopy.lnk

========== Files Created - No Company Name ==========

[2010/10/21 21:03:11 | 002,565,432 | ---- | C] () -- C:\Users\Nate\Desktop\NTBR_CD.exe
[2010/10/21 20:06:44 | 000,002,484 | ---- | C] () -- C:\Users\Public\Desktop\Driver Detective.lnk
[2010/10/21 19:46:39 | 000,080,384 | ---- | C] () -- C:\Users\Nate\Desktop\MBRCheck.exe
[2010/10/20 20:36:14 | 000,002,283 | ---- | C] () -- C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Karen's Replicator.lnk
[2010/10/20 20:36:14 | 000,000,698 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2010/10/20 20:30:03 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/20 20:08:22 | 000,544,768 | ---- | C] () -- C:\Users\Nate\Desktop\dds.scr
[2010/10/19 22:52:00 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/13 00:37:31 | 000,002,659 | ---- | C] () -- C:\Users\Public\Desktop\SmartFTP Client.lnk
[2010/09/25 10:16:20 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/18 12:44:44 | 000,001,855 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/05 01:34:18 | 000,000,885 | ---- | C] () -- C:\Users\Nate\Desktop\Star Trek Online.lnk
[2010/08/29 02:19:20 | 004,145,013 | ---- | C] () -- C:\Users\Nate\Documents\27092.gif
[2010/08/28 20:26:23 | 000,001,663 | ---- | C] () -- C:\Users\Nate\Desktop\Video Converter.lnk
[2010/08/26 22:29:29 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010/08/26 22:22:07 | 000,000,034 | ---- | C] () -- C:\Users\Nate\Documents\tut_test.mov.sfl
[2010/08/26 22:09:45 | 396,354,971 | ---- | C] () -- C:\Users\Nate\Documents\tut_test.mov
[2010/08/26 20:54:00 | 000,000,038 | ---- | C] () -- C:\Users\Nate\Documents\tutorial_test.mov.sfl
[2010/08/26 20:53:54 | 288,625,185 | ---- | C] () -- C:\Users\Nate\Documents\tutorial_test.mov
[2010/08/26 02:56:50 | 000,003,584 | ---- | C] () -- C:\Users\Nate\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/25 17:43:23 | 000,038,153 | ---- | C] () -- C:\Users\Nate\Documents\atomicbomb.gif
[2010/08/25 17:37:15 | 000,063,581 | ---- | C] () -- C:\Users\Nate\Documents\limo.gif
[2010/08/25 17:37:03 | 000,071,839 | ---- | C] () -- C:\Users\Nate\Documents\item.gif
[2010/08/17 22:30:24 | 021,737,903 | ---- | C] () -- C:\Users\Nate\Documents\VulcanCollapse.mov
[2010/08/17 22:15:14 | 055,560,507 | ---- | C] () -- C:\Users\Nate\Documents\BFighter7.mov
[2010/08/12 00:05:04 | 002,877,440 | ---- | C] () -- C:\Users\Nate\Documents\vlc-1.1.2-win32.exe
[2010/08/10 00:24:20 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\HMA! Pro VPN.lnk
[2010/08/06 01:24:35 | 000,000,718 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/07/29 01:23:08 | 019,473,201 | ---- | C] () -- C:\Users\Nate\Documents\vlc-1.1.1-win32.exe
[2010/07/24 20:03:37 | 000,129,947 | ---- | C] () -- C:\Users\Nate\Documents\R9_Julmaar_WIP02.jpg
[2010/04/30 17:15:50 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

 

[tovette]

OTL.txt part 2
---
========== Files - Modified Within 90 Days ==========

[2010/10/21 21:41:38 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/21 21:41:38 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/21 21:40:13 | 000,752,654 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/21 21:40:13 | 000,641,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/21 21:40:13 | 000,114,000 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/21 21:34:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/21 21:33:55 | 534,880,255 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/21 21:03:13 | 002,565,432 | ---- | M] () -- C:\Users\Nate\Desktop\NTBR_CD.exe
[2010/10/21 20:06:44 | 000,002,484 | ---- | M] () -- C:\Users\Public\Desktop\Driver Detective.lnk
[2010/10/21 19:47:48 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/21 19:46:37 | 000,080,384 | ---- | M] () -- C:\Users\Nate\Desktop\MBRCheck.exe
[2010/10/21 19:17:17 | 066,656,011 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/10/20 20:30:03 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/20 20:08:11 | 000,544,768 | ---- | M] () -- C:\Users\Nate\Desktop\dds.scr
[2010/10/20 19:57:15 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Nate\Desktop\TFC.exe
[2010/10/20 19:50:31 | 000,625,352 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavifw.avm
[2010/10/20 00:41:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/10/17 22:28:33 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/13 09:18:32 | 000,004,046 | ---- | M] () -- C:\Windows\mozy.blk
[2010/10/13 09:18:32 | 000,000,862 | ---- | M] () -- C:\Windows\mozy.flt
[2010/10/13 03:17:52 | 002,215,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/13 00:37:32 | 000,002,659 | ---- | M] () -- C:\Users\Public\Desktop\SmartFTP Client.lnk
[2010/09/29 20:17:25 | 000,000,156 | ---- | M] () -- C:\Windows\Twunk001.MTX
[2010/09/29 20:17:25 | 000,000,003 | ---- | M] () -- C:\Windows\Twain001.Mtx
[2010/09/18 12:44:44 | 000,001,855 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/10 23:46:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/09/10 23:46:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/09/10 23:46:00 | 000,007,877 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010/09/05 01:34:18 | 000,000,885 | ---- | M] () -- C:\Users\Nate\Desktop\Star Trek Online.lnk
[2010/09/04 16:51:01 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/08/29 02:19:21 | 004,145,013 | ---- | M] () -- C:\Users\Nate\Documents\27092.gif
[2010/08/28 20:26:23 | 000,001,663 | ---- | M] () -- C:\Users\Nate\Desktop\Video Converter.lnk
[2010/08/26 22:42:10 | 000,003,584 | ---- | M] () -- C:\Users\Nate\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/26 22:29:29 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010/08/26 22:22:07 | 000,000,034 | ---- | M] () -- C:\Users\Nate\Documents\tut_test.mov.sfl
[2010/08/26 22:22:06 | 396,354,971 | ---- | M] () -- C:\Users\Nate\Documents\tut_test.mov
[2010/08/26 20:54:00 | 000,000,038 | ---- | M] () -- C:\Users\Nate\Documents\tutorial_test.mov.sfl
[2010/08/26 20:53:59 | 288,625,185 | ---- | M] () -- C:\Users\Nate\Documents\tutorial_test.mov
[2010/08/25 17:43:23 | 000,038,153 | ---- | M] () -- C:\Users\Nate\Documents\atomicbomb.gif
[2010/08/25 17:37:15 | 000,063,581 | ---- | M] () -- C:\Users\Nate\Documents\limo.gif
[2010/08/25 17:37:04 | 000,071,839 | ---- | M] () -- C:\Users\Nate\Documents\item.gif
[2010/08/20 15:23:10 | 000,338,336 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/08/17 22:31:30 | 021,737,903 | ---- | M] () -- C:\Users\Nate\Documents\VulcanCollapse.mov
[2010/08/17 22:16:07 | 055,560,507 | ---- | M] () -- C:\Users\Nate\Documents\BFighter7.mov
[2010/08/13 09:57:32 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/08/13 09:57:32 | 000,001,858 | ---- | M] () -- C:\Users\Nate\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/12 00:05:30 | 002,877,440 | ---- | M] () -- C:\Users\Nate\Documents\vlc-1.1.2-win32.exe
[2010/08/10 00:24:20 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\HMA! Pro VPN.lnk
[2010/08/06 01:37:48 | 000,000,718 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/08/04 20:13:49 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/07/29 01:23:45 | 019,473,201 | ---- | M] () -- C:\Users\Nate\Documents\vlc-1.1.1-win32.exe
[2010/07/24 20:03:37 | 000,129,947 | ---- | M] () -- C:\Users\Nate\Documents\R9_Julmaar_WIP02.jpg
[2010/07/24 14:48:36 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2010/07/24 14:48:36 | 000,000,814 | ---- | M] () -- C:\Users\Nate\Desktop\TeraCopy.lnk

========== Files Created - No Company Name ==========

[2010/10/21 21:03:11 | 002,565,432 | ---- | C] () -- C:\Users\Nate\Desktop\NTBR_CD.exe
[2010/10/21 20:06:44 | 000,002,484 | ---- | C] () -- C:\Users\Public\Desktop\Driver Detective.lnk
[2010/10/21 19:46:39 | 000,080,384 | ---- | C] () -- C:\Users\Nate\Desktop\MBRCheck.exe
[2010/10/20 20:36:14 | 000,002,283 | ---- | C] () -- C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Karen's Replicator.lnk
[2010/10/20 20:36:14 | 000,000,698 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2010/10/20 20:30:03 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/20 20:08:22 | 000,544,768 | ---- | C] () -- C:\Users\Nate\Desktop\dds.scr
[2010/10/19 22:52:00 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/13 00:37:31 | 000,002,659 | ---- | C] () -- C:\Users\Public\Desktop\SmartFTP Client.lnk
[2010/09/25 10:16:20 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/18 12:44:44 | 000,001,855 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/05 01:34:18 | 000,000,885 | ---- | C] () -- C:\Users\Nate\Desktop\Star Trek Online.lnk
[2010/08/29 02:19:20 | 004,145,013 | ---- | C] () -- C:\Users\Nate\Documents\27092.gif
[2010/08/28 20:26:23 | 000,001,663 | ---- | C] () -- C:\Users\Nate\Desktop\Video Converter.lnk
[2010/08/26 22:29:29 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010/08/26 22:22:07 | 000,000,034 | ---- | C] () -- C:\Users\Nate\Documents\tut_test.mov.sfl
[2010/08/26 22:09:45 | 396,354,971 | ---- | C] () -- C:\Users\Nate\Documents\tut_test.mov
[2010/08/26 20:54:00 | 000,000,038 | ---- | C] () -- C:\Users\Nate\Documents\tutorial_test.mov.sfl
[2010/08/26 20:53:54 | 288,625,185 | ---- | C] () -- C:\Users\Nate\Documents\tutorial_test.mov
[2010/08/26 02:56:50 | 000,003,584 | ---- | C] () -- C:\Users\Nate\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/25 17:43:23 | 000,038,153 | ---- | C] () -- C:\Users\Nate\Documents\atomicbomb.gif
[2010/08/25 17:37:15 | 000,063,581 | ---- | C] () -- C:\Users\Nate\Documents\limo.gif
[2010/08/25 17:37:03 | 000,071,839 | ---- | C] () -- C:\Users\Nate\Documents\item.gif
[2010/08/17 22:30:24 | 021,737,903 | ---- | C] () -- C:\Users\Nate\Documents\VulcanCollapse.mov
[2010/08/17 22:15:14 | 055,560,507 | ---- | C] () -- C:\Users\Nate\Documents\BFighter7.mov
[2010/08/12 00:05:04 | 002,877,440 | ---- | C] () -- C:\Users\Nate\Documents\vlc-1.1.2-win32.exe
[2010/08/10 00:24:20 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\HMA! Pro VPN.lnk
[2010/08/06 01:24:35 | 000,000,718 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/07/29 01:23:08 | 019,473,201 | ---- | C] () -- C:\Users\Nate\Documents\vlc-1.1.1-win32.exe
[2010/07/24 20:03:37 | 000,129,947 | ---- | C] () -- C:\Users\Nate\Documents\R9_Julmaar_WIP02.jpg
[2010/04/30 17:15:50 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/08/26 18:20:57 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\AnvSoft
[2010/05/10 22:00:54 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\AVG9
[2010/09/19 03:02:24 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Azureus
[2010/08/28 18:33:46 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\BCC01313A67C1778B376CD24543B0111
[2010/05/15 00:59:21 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Facebook
[2010/04/30 16:24:24 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\FontCreator
[2010/07/17 15:27:47 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\HandBrake
[2010/07/14 21:13:09 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\OpenOffice.org
[2010/04/30 17:21:42 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Publish Providers
[2010/05/02 14:48:36 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\runic games
[2010/07/27 00:37:09 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\SmartDraw
[2010/08/26 20:34:59 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Sony
[2010/05/28 20:15:49 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Stardock
[2010/06/04 01:59:24 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\TeraCopy
[2009/07/13 22:08:49 | 000,021,670 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/13 18:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/04/30 06:19:59 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/10/21 21:33:55 | 534,880,255 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/21 21:34:06 | 2144,833,535 | -HS- | M] () -- C:\pagefile.sys
[2010/06/26 01:00:50 | 000,000,405 | ---- | M] () -- C:\rkill.log

< %systemroot%\Fonts\*.com >
[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/04/30 14:57:37 | 000,000,221 | -HS- | M] () -- C:\Users\Nate\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2008/04/12 20:59:36 | 000,627,200 | ---- | M] () -- C:\Users\Nate\Desktop\keyfinder.exe
[2010/10/21 19:46:37 | 000,080,384 | ---- | M] () -- C:\Users\Nate\Desktop\MBRCheck.exe
[2010/10/21 21:03:13 | 002,565,432 | ---- | M] () -- C:\Users\Nate\Desktop\NTBR_CD.exe
[2010/10/20 19:57:15 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Nate\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/03 03:03:19 | 000,000,402 | -HS- | M] () -- C:\Users\Nate\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 480 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

 

[tovette]

Here is the Extras.txt log
----
OTL Extras logfile created on: 10/21/2010 10:29:27 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\Nate\Documents\Saves
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 67.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.12 Gb Total Space | 432.63 Gb Free Space | 72.58% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 475.72 Gb Free Space | 51.07% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 139.68 Gb Free Space | 29.99% Space Free | Partition Type: NTFS
Drive F: | 4.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NATE-PC | User Name: Nate | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{86B77B5A-B157-6386-37B0-DB2494DEEAFF}" = MozyHome Remote Backup
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.63
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.63
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.63
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C8A75512-2A33-443B-B64B-622320B86C58}" = SmartFTP Client
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TeraCopy_is1" = TeraCopy 2.01

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{251C3815-7A55-4607-A82D-C3B98F0FBAB8}" = Sony Vegas 7.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{37B03AA0-B125-4649-900C-F26E1081F163}" = Camtasia Studio 7
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}" = Sony Media Manager 2.2
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3
"AhaView" = AhaView
"Any Video Converter_is1" = Any Video Converter 3.0.7
"AVG9Uninstall" = AVG 9.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVDSmith Movie Backup_is1" = DVDSmith Movie Backup 1.0.5
"EVE" = EVE Online (remove only)
"FontCreator55_is1" = FontCreator 5.6
"Handbrake" = Handbrake 0.9.4
"HMA! Pro VPN" = HMA! Pro VPN 2.4.1
"Impulse" = Impulse
"JDownloader" = JDownloader
"Karen's Replicator" = Karen's Replicator
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pen Tablet Driver" = Pen Tablet
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.89
"Sins of a Solar Empire" = Sins of a Solar Empire
"SmartFTP Client 3.0 (x64) Setup Files" = SmartFTP Client Setup Files 3.0 (x64) (remove only)
"SmartFTP Client 4.0 (x64) Setup Files" = SmartFTP Client Setup Files 4.0 (x64) (remove only)
"Star Trek Online" = Star Trek Online
"StarCraft II" = StarCraft II
"Steam App 12840" = DiRT 2
"Steam App 16450" = F.E.A.R. 2: Project Origin
"Steam App 17330" = Crysis Warhead
"Steam App 21690" = Resident Evil 5
"Steam App 41500" = Torchlight
"Steam App 550" = Left 4 Dead 2
"Steam App 55000" = Flotilla
"Steam App 630" = Alien Swarm
"Steam App 9860" = The Chronicles of Riddick: Assault on Dark Athena
"Vector Magic" = Vector Magic
"VLC media player" = VLC media player 0.9.9
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/22/2010 12:40:27 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0xb9c Faulting application start time: 0x01cb71a336a107d0 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: 7d5bbfd0-dd96-11df-9879-001ec94ec4ca

Error - 10/22/2010 12:40:45 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0x1a54 Faulting application start time: 0x01cb71a341c470c0 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: 8876c450-dd96-11df-9879-001ec94ec4ca

Error - 10/22/2010 12:41:07 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0x16cc Faulting application start time: 0x01cb71a34ee5f3a0 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: 95a08490-dd96-11df-9879-001ec94ec4ca

Error - 10/22/2010 12:41:29 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0xde0 Faulting application start time: 0x01cb71a35bac5e30 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: a263e1e0-dd96-11df-9879-001ec94ec4ca

Error - 10/22/2010 12:41:50 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0x4c8 Faulting application start time: 0x01cb71a368692bd0 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: af2b5de0-dd96-11df-9879-001ec94ec4ca

Error - 10/22/2010 12:42:12 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0xac8 Faulting application start time: 0x01cb71a375327c90 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: bbf2b2d0-dd96-11df-9879-001ec94ec4ca

Error - 10/22/2010 12:42:33 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0x4a4 Faulting application start time: 0x01cb71a381f8c010 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: c8afce90-dd96-11df-9879-001ec94ec4ca

Error - 10/22/2010 12:42:55 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0x4a8 Faulting application start time: 0x01cb71a38eb8c200 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: d57834f0-dd96-11df-9879-001ec94ec4ca

Error - 10/22/2010 12:43:16 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0x19c0 Faulting application start time: 0x01cb71a39b817680 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: e239bd80-dd96-11df-9879-001ec94ec4ca

Error - 10/22/2010 12:43:37 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0xa88 Faulting application start time: 0x01cb71a3a8408e10 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: ef02e730-dd96-11df-9879-001ec94ec4ca

[ System Events ]
Error - 10/20/2010 1:33:52 AM | Computer Name = Nate-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 10/20/2010 3:31:06 AM | Computer Name = Nate-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk7\DR7.

Error - 10/20/2010 3:31:07 AM | Computer Name = Nate-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk7\DR7.

Error - 10/20/2010 3:47:34 AM | Computer Name = Nate-PC | Source = bowser | ID = 8003
Description =

Error - 10/20/2010 4:59:43 AM | Computer Name = Nate-PC | Source = bowser | ID = 8003
Description =

Error - 10/20/2010 5:34:44 AM | Computer Name = Nate-PC | Source = bowser | ID = 8003
Description =

Error - 10/20/2010 10:43:51 PM | Computer Name = Nate-PC | Source = HTTP | ID = 15011
Description =

Error - 10/20/2010 10:58:36 PM | Computer Name = Nate-PC | Source = Service Control Manager | ID = 7034
Description = The AVG9IDSAgent service terminated unexpectedly. It has done this
1 time(s).

Error - 10/20/2010 11:38:31 PM | Computer Name = Nate-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk7\DR7.

Error - 10/20/2010 11:38:31 PM | Computer Name = Nate-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk7\DR7.
< End of report >

 

[tovette]

Sorry about all the OTL posts... I was having posting issues lastnight- computer wasn't cooperating well- desktop kept crashing :\

 

[Broni]

No problem

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

=======================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
  O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
  O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
  O20 - AppInit_DLLs: (avgrssta.dll) - File not found
  O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
  O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
  O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  [2010/09/01 22:03:51 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Local\aychjqgws
  [2010/08/28 18:13:17 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\BCC01313A67C1778B376CD24543B0111
  @Alternate Data Stream - 480 bytes -> C:\ProgramData\TEMP:05EE1EEF
  
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[tovette]

Here is the latest logs.
OTL.txt
------------
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ not found.
File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:avgrssta.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Folder C:\Users\Nate\AppData\Local\aychjqgws\ not found.
Folder C:\Users\Nate\AppData\Roaming\BCC01313A67C1778B376CD24543B0111\ not found.
Unable to delete ADS C:\ProgramData\TEMP:05EE1EEF .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nate
->Temp folder emptied: 428767 bytes
->Temporary Internet Files folder emptied: 292268 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7114788 bytes
->Flash cache emptied: 923 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Nate
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.16.0 log created on 10232010_041523

Files\Folders moved on Reboot...
C:\Users\Nate\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
---------
Extras.txt
OTL Extras logfile created on: 10/21/2010 10:29:27 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\Nate\Documents\Saves
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 67.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.12 Gb Total Space | 432.63 Gb Free Space | 72.58% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 475.72 Gb Free Space | 51.07% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 139.68 Gb Free Space | 29.99% Space Free | Partition Type: NTFS
Drive F: | 4.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NATE-PC | User Name: Nate | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{86B77B5A-B157-6386-37B0-DB2494DEEAFF}" = MozyHome Remote Backup
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.63
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.63
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.63
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C8A75512-2A33-443B-B64B-622320B86C58}" = SmartFTP Client
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TeraCopy_is1" = TeraCopy 2.01

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{251C3815-7A55-4607-A82D-C3B98F0FBAB8}" = Sony Vegas 7.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{37B03AA0-B125-4649-900C-F26E1081F163}" = Camtasia Studio 7
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}" = Sony Media Manager 2.2
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3
"AhaView" = AhaView
"Any Video Converter_is1" = Any Video Converter 3.0.7
"AVG9Uninstall" = AVG 9.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVDSmith Movie Backup_is1" = DVDSmith Movie Backup 1.0.5
"EVE" = EVE Online (remove only)
"FontCreator55_is1" = FontCreator 5.6
"Handbrake" = Handbrake 0.9.4
"HMA! Pro VPN" = HMA! Pro VPN 2.4.1
"Impulse" = Impulse
"JDownloader" = JDownloader
"Karen's Replicator" = Karen's Replicator
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pen Tablet Driver" = Pen Tablet
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.89
"Sins of a Solar Empire" = Sins of a Solar Empire
"SmartFTP Client 3.0 (x64) Setup Files" = SmartFTP Client Setup Files 3.0 (x64) (remove only)
"SmartFTP Client 4.0 (x64) Setup Files" = SmartFTP Client Setup Files 4.0 (x64) (remove only)
"Star Trek Online" = Star Trek Online
"StarCraft II" = StarCraft II
"Steam App 12840" = DiRT 2
"Steam App 16450" = F.E.A.R. 2: Project Origin
"Steam App 17330" = Crysis Warhead
"Steam App 21690" = Resident Evil 5
"Steam App 41500" = Torchlight
"Steam App 550" = Left 4 Dead 2
"Steam App 55000" = Flotilla
"Steam App 630" = Alien Swarm
"Steam App 9860" = The Chronicles of Riddick: Assault on Dark Athena
"Vector Magic" = Vector Magic
"VLC media player" = VLC media player 0.9.9
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/22/2010 12:40:27 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0xb9c Faulting application start time: 0x01cb71a336a107d0 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: 7d5bbfd0-dd96-11df-9879-001ec94ec4ca

Error - 10/22/2010 12:40:45 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0x1a54 Faulting application start time: 0x01cb71a341c470c0 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: 8876c450-dd96-11df-9879-001ec94ec4ca

Error - 10/22/2010 12:41:07 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0x16cc Faulting application start time: 0x01cb71a34ee5f3a0 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: 95a08490-dd96-11df-9879-001ec94ec4ca

Error - 10/22/2010 12:41:29 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0xde0 Faulting application start time: 0x01cb71a35bac5e30 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: a263e1e0-dd96-11df-9879-001ec94ec4ca

Error - 10/22/2010 12:41:50 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0x4c8 Faulting application start time: 0x01cb71a368692bd0 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: af2b5de0-dd96-11df-9879-001ec94ec4ca

Error - 10/22/2010 12:42:12 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0xac8 Faulting application start time: 0x01cb71a375327c90 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: bbf2b2d0-dd96-11df-9879-001ec94ec4ca

Error - 10/22/2010 12:42:33 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0x4a4 Faulting application start time: 0x01cb71a381f8c010 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: c8afce90-dd96-11df-9879-001ec94ec4ca

Error - 10/22/2010 12:42:55 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0x4a8 Faulting application start time: 0x01cb71a38eb8c200 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: d57834f0-dd96-11df-9879-001ec94ec4ca

Error - 10/22/2010 12:43:16 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0x19c0 Faulting application start time: 0x01cb71a39b817680 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: e239bd80-dd96-11df-9879-001ec94ec4ca

Error - 10/22/2010 12:43:37 AM | Computer Name = Nate-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0xa88 Faulting application start time: 0x01cb71a3a8408e10 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: ef02e730-dd96-11df-9879-001ec94ec4ca

[ System Events ]
Error - 10/20/2010 1:33:52 AM | Computer Name = Nate-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 10/20/2010 3:31:06 AM | Computer Name = Nate-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk7\DR7.

Error - 10/20/2010 3:31:07 AM | Computer Name = Nate-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk7\DR7.

Error - 10/20/2010 3:47:34 AM | Computer Name = Nate-PC | Source = bowser | ID = 8003
Description =

Error - 10/20/2010 4:59:43 AM | Computer Name = Nate-PC | Source = bowser | ID = 8003
Description =

Error - 10/20/2010 5:34:44 AM | Computer Name = Nate-PC | Source = bowser | ID = 8003
Description =

Error - 10/20/2010 10:43:51 PM | Computer Name = Nate-PC | Source = HTTP | ID = 15011
Description =

Error - 10/20/2010 10:58:36 PM | Computer Name = Nate-PC | Source = Service Control Manager | ID = 7034
Description = The AVG9IDSAgent service terminated unexpectedly. It has done this
1 time(s).

Error - 10/20/2010 11:38:31 PM | Computer Name = Nate-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk7\DR7.

Error - 10/20/2010 11:38:31 PM | Computer Name = Nate-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk7\DR7.


< End of report >

 

[tovette]

Here's the checkup.txt
-----
Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG 9.0
Adobe After Effects CS3 Presets
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
AVG9 successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Adobe Reader 9.4.0
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

 

[Broni]

Looks good
Go on.

 

[tovette]

Uhh my explorer.exe is still crashing on me....

 

[Broni]

We'll get back to it, when we're done with cleaning process.
Eset scan please.

 

[tovette]

Eset scan...

C:\Users\Nate\DoctorWeb\Quarantine\iSetup.exe probably a variant of Win32/Genetik trojan
C:\Users\Nate\DoctorWeb\Quarantine\iSetup_0.exe probably a variant of Win32/Genetik trojan
C:\Windows\System32\hlp.dat Win32/Bamital.DZ trojan
C:\Windows\SysWOW64\hlp.dat Win32/Bamital.DZ trojan

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Services
  
  :Reg
  
  :Files
  C:\Windows\System32\hlp.dat 
  C:\Windows\SysWOW64\hlp.dat
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=====================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

 

[tovette]

I ran OTL and upon start up the exeplorer.exe immediately crashed only this time it took the mouse and the wallpaper with it. I have no means of accessing anything now. Also the boot sequence took way longer than anticipated and my external drive is no longer being read.

I'm wondering if I should reinstall the OS. At this point I don't really care about reinstalling my apps and my data is backed up on other drives.